PowerFGT: a PowerShell module for FortiGate

alagoutte · ‎05-17-2019

Hi,

I have been working for several months on a PowerShell module that uses the FortiGate REST API.

This module is available on psgallery(.com) : https://www.powershellgallery.com/packages/PowerFGT

Actually, we support to connect to HTTPS or HTTP

and use the following feature :

[ul]

Address (Add/Get/Copy/Set/Remove object type ipmask/subnet)

AddressGroup (Add/Get/Copy/Set/Remove and Add/Remove Member)

DNS (Get)

HA (Get)

Interface (Get)

IP Pool (Get)

Local User (Get)

Policy (Add/Get/Remove)

RoutePolicy (Get)

Service (Get)

Service Group (Get)

Static Route (Get)

System Global (Get)

VDOM (Get)

Virtual IP (Get/Add/Remove object type static-nat)

Virtual WAN Link/SD-WAN (Get)

VPN IPsec Phase 1/Phase 2 Interface (Get)

Zone (Get)[/ul]

it is very easy to use (and install)

Launch PowerShell command line and launch following command for install

Install-Module PowerFGT

for load the module

Import-Module PowerFGT

Connect to your firewall

Connect-FGT 192.0.2.1

You get a prompt to ask credential

for example to get all address use

Get-FGTFirewallAddress

You can get the list of command available via

Get-Command -Module PowerFGT

and for get help (and example about a command for example Add-FGTFirewallAddress)

Get-Help Add-FGTFirewallAddress -Full

More documentation, example is available on https://github.com/FortiPower/PowerFGT and you can also report issue/enhance !

alagoutte · ‎01-14-2020

A new release of PowerFGT (0.40 is available on PSGallery => https://www.powershellgallery.com/packages/PowerFGT/

[ul]

Enhance Filtering (using directly API) (#58, #62)

Add Add/Set/Remove (and member) Address Group (#57)

Add Add/Set/Remove Virtual IP (VIP) (#54)

Add Add/Remove (and member) Firewall Policy (#65, #68)

Add Deploy-FGTVm for deploy FortiGate vapp (#34)

Add Timeout setting for Connect-FGT (and Invoke-FGTRestMethod) (#56)[/ul]

Documentation is available https://fortipower.github.io/PowerFGT/

Bug Report / Enhance : https://github.com/FortiPower/PowerFGT

View solution in original post

Iescudero · ‎05-28-2019

Hello!!

Thank you!! it seems great!

thedude78 · ‎07-08-2019

Going to check this out. I was looking at building some scripts of my own to use the api, but the functionality might already exist here.

Thanks

alagoutte · ‎01-14-2020

A new release of PowerFGT (0.40 is available on PSGallery => https://www.powershellgallery.com/packages/PowerFGT/

[ul]

Enhance Filtering (using directly API) (#58, #62)

Add Add/Set/Remove (and member) Address Group (#57)

Add Add/Set/Remove Virtual IP (VIP) (#54)

Add Add/Remove (and member) Firewall Policy (#65, #68)

Add Deploy-FGTVm for deploy FortiGate vapp (#34)

Add Timeout setting for Connect-FGT (and Invoke-FGTRestMethod) (#56)[/ul]

Documentation is available https://fortipower.github.io/PowerFGT/

Bug Report / Enhance : https://github.com/FortiPower/PowerFGT

poundy · ‎01-14-2020

thanks for posting here too ! ;)

alagoutte · ‎12-21-2020

I'm proud to announce #PowerFGT 0.5.0 is available for download !! https://www.powershellgal...com/packages/PowerFGT/ What is it ?! it is a major release with more than 25 new cmdlets and Tests ! more than 300 Tests (Tested with macOS/Linux/Windows with FortiGate OS 6.0, 6.2 and 6.4) What New

[ul]

Add Get-FGTSystemSettings

Add FQDN and IP Range type for Address Object

Allow to add unnamed Policy

Add version connection info

Use ShouldProcess for confirm

Enhance support of FortiOS 6.4.x

Add (Firewall) Proxy Address/Group/Policy

Add (System) Zone (Add/Set/Remove)

Add (Firewall) Virtual IP (VIP) Group

Fix protocol parameter for Virtual IP

Add Pester Tests and update to Pester v5[/ul]

Thanks to all contributors (Cédric, Arthur, Brett...) For the download => https://www.powershellgal...ackages/PowerFGT/0.5.0 For the release note => https://github.com/FortiP...GT/releases/tag/v0.5.0 For the documentation => [link]https://fortipower.github.io/PowerFGT/[/link]

olavoskarsen · ‎06-04-2021

How to list user groups?

alagoutte · ‎06-06-2021

olavoskarsen wrote:
How to list user groups?

Hi, there is no yet Get for this but you can use

(Invoke-FGTRestMethod -uri api/v2/cmdb/user/group

For example :

(Invoke-FGTRestMethod -uri api/v2/cmdb/user/group).results | Format-Table

name q_origin_key id group-type authtimeout auth-concurrent-override auth-concurrent-value http-d
                                                                                                                 igest-
                                                                                                                 realm
---- ------------ -- ---------- ----------- ------------------------ --------------------- ------
RADIUS_Demo RADIUS_Demo 1 firewall 0 disable 0
SSO_Guest_Users SSO_Guest_Users 16777215 fsso-service 0 disable 0

olavoskarsen · ‎06-07-2021

Thank you alagoutte

PowerFGT is a grate tool.

is it possible to get lists users and groups?

Which users are members of which groups?

Like this?

alagoutte · ‎06-07-2021

olavoskarsen wrote:
Thank you alagoutte
PowerFGT is a grate tool.
is it possible to get lists users and groups?

Which users are members of which groups?
Like this?

Hi,

You don't have the info on the user API call, you need to make a loop for search on group member