Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Offline Policy Viewer
I recently converted from the NetScreen line of firewalls to a FortiGate. One of my few issues with working with FortiOS at the command line was the inability to look at policies in a from->to format that was available in ScreenOS. The Fortinet sales folks kind of looked at me funny when I mentioned it. I' ve since written a script that will work on an offline configuration file. It' s available on GitHub at http://bit.ly/1kB2wV0
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Haven' t looked at your script yet, but fortigate are a directly related cousin to a screen imho. It also has the ability to filter policies for reveiw from a host of option
from/to/protocol/etc.......
via webGUI if I might add
I don' t see any weakeness with reveiw fwpolicies and by order or sorting imho.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ken,
This is strictly a convenience script for showing policies from an offline configuration in a CLI format similar to what was available in ScreenOS CLI.
I concur that the web based GUI is phenomenal in its ability to sort, parse, and filter policies. The script is for the times where it' s just quicker to query the policy configuration in a terminal window or if you' re in a position where the GUI is not available and you have a copy of the configuration.
It was something I needed and decided to share publicly for others who might also need or want it, or even help improve it.
Cheers
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So is it python 2.6 or 2.7 ( based on your notes ) ?
Also can you post a sample on your utlities page show the command syntax?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It requires >= 2.6 but if you' re not using 2.7 you will need to install the new container class (that was added in 2.7) manually with easy_install or pip. It may or may not work with other versions, YMMV.
Usage syntax is provided by the script directly when you run it without any arguments.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Very nice! Thank you.
BTW, OrderedDict was backported to python 2.7. You only need to insert the line
" from collections import OrderedDict"
and comment out the " from ordereddict..." statement.
For me personally the script doesn' t work as I' m not using VDOMs and W7 doesn' t display ANSI screen codes. Very easy to fix so don' t bother. If I find time I' m tempted to change the flags output which is spaghetti...nonetheless, nice work!
(am I glad at least ONE other knows python AND uses it!)
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I' ve updated the code to account for the newer collections library, vdoms, and multi-select interfaces.