Dears,
I need a method or an script to create firewall object configuration means that we receive multiple IP addresses to be blocked on daily basis on multiple locations, currently first we are creating a configuration on editor and add each IP in it then we are applying it on firewall in this process there is a chance of mistake and we also faced an issue.
For example i have a list of 100 IP addresses in Excel and i want a script that generate configuration for me so that i can apply it on firewall without any hesitation.
kindly share if anyone have an idea or solution.
Thanks & Regards,
Khurram Khan
I'm not the best script boy, but this is for example how you can do it, it's dirty - if you want to do it pretty you should write a program which does that via the JSON API and so on, but maybe it helps:
import csv
with open('test.csv', 'r') as csvfile, open('addrobjects.txt', 'w') as addrobjects:
addrlist = csv.reader(csvfile, delimiter=';')
addrobjects.write("config firewall address\n")
for addr in addrlist:
addrobjects.write('edit "' + addr[0] + '"\n')
addrobjects.write('set subnet ' + addr[1] + ' 255.255.255.255\n')
addrobjects.write('next\n')
addrobjects.write("end\n")
Your CSV needs to look like this:
ADDR-SPAM1;1.2.3.4
ADDR-SPAM2;4.5.6.7
This is the file which is generated:
config firewall address
edit "ADDR-SPAM1"
set subnet 1.2.3.4 255.255.255.255
next
edit "ADDR-SPAM2"
set subnet 4.5.6.7 255.255.255.255
next
end
So you can just copy paste it in a SSH session, or upload it via the web GUI
HTH
Some time ago I've published my python script iplist2forti.py for creating white/black lists here:
http://beneicke-edv.de/support/tools/
The header is 'Using external blacklists' and the description is in English. Feel free to use it for your work. Feedback welcome.
It's capable to 'digest' 1000s of addresses, pouring them into address groups and those into address super-groups. All because there are limits to the size of an address group. I've used it successfully to import hosts.deny lists into a FG-310B. 4000 addresses took about 45 minutes to import (due to limited CPU power).
One obstacle is that after importing addresses, you cannot tell which addresses are already defined on the FGT. For blacklists, the script generates a 'delete' batch command file in addition to the import batch command file. So you would import one list, and just before importing the updated list you first delete the original list entries.
I'm a bash guy so we do something similar to the following;
http://socpuppet.blogspot.com/2017/03/how-to-extract-ms-azure-dc-and-batch-of.html
If you have a text file with single entry or even CSV it would be very easy to script it in bash with a few clean up via sed and|or awk.
We also run iplist that we extract from logs from security devices ( tippingpt, feye,etc.... ) and do the same for a major black listing operations.
Ken
PCNSE
NSE
StrongSwan
I created this powershell script to create one from a CSV.
$inputCSV = "c:\Servers.csv"
$outputFile = "c:\Addresses.txt"
Add-Content -PassThru $outputFile -Value "config firewall address"
Import-Csv $inputCSV | ForEach-Object {
$Name = $_.Assetname
$IP = $_.IPAddress
Add-Content -Path $outputFile -Value "edit $Name"
Add-Content -Path $outputFile -Value "set subnet $IP 255.255.255.255"
Add-Content -Path $outputFile -Value "next"
}
Add-Content -PassThru $outputFile -Value "end"
Feed it your CSV with Assetname and IPAddress as columns, and you're golden.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.