Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
ede_pfau wrote:
Check out AutoDoc for Fortigate (www.autodoc.ch) from Boll Engineering. Used it a couple of times. It does a decent job if you need a report for a revision/an audit. Personally I find it quite bloated though, a report can easily have 80+ pages.
Autodoc supports upto fortios v4.0 only. Anyone aware of any other open source software or knows a good way to document firewall policies, address objects etc?
Nope, not true. FortiOS up to v5.2.3 is supported by Autodoc version 9.55 (http://www.autodoc.ch).
I agreed AutoDoc is the way to go but like ede point out it's bloated imho. What reports are you trying to achieve?
PCNSE
NSE
StrongSwan
my senior wants me to type out all our clients fgt devices config into an excel sheet. Feels like some vendetta. How do i deal with him and the task?
Sounds impractical and unnecessary to me. A config can easily have 4000+ lines for one medium sized FGT. What would an XL sheet provide that an Autodoc report won't? Or the config file itself? There are just too many features to list them all and keep an overview of all FGTs in use. You might tell him that is my opinion from supporting and maintaining dozens of FGTs from small to big over 10 years.
What you can do to keep control is to collect configs periodically and keep a history of diffs (easy because the files are text files). For important constructs (VIPs, VPNs details and such) you should take notes, maybe in XL or rather in a Wiki.
Just my .02 $.
ede_pfau wrote:Sounds impractical and unnecessary to me. A config can easily have 4000+ lines for one medium sized FGT. What would an XL sheet provide that an Autodoc report won't? Or the config file itself? There are just too many features to list them all and keep an overview of all FGTs in use. You might tell him that is my opinion from supporting and maintaining dozens of FGTs from small to big over 10 years.
What you can do to keep control is to collect configs periodically and keep a history of diffs (easy because the files are text files). For important constructs (VIPs, VPNs details and such) you should take notes, maybe in XL or rather in a Wiki.
Just my .02 $.
My thoughts exactly. I couldn't believe the man expects to manually type all address objects, policies etc into an excel sheet. The config file has a datetime stamp which is more than enough for all backup needs. A best solution is a bat script which backups all fgts everyday in the eve.
As for autodoc the management simply won't be thrilled with the lic fees. Totally out of question.
Thanks for all the response.
Check out Solarwinds Kiwi CatTools. It's free for a number of devices. I think 20 devices. I have the paid version since I'm over that. Works for all of my network devices including Dell and Cisco. I think there is a bug in FortiOS 5.2.5. I'm working through that right now. My other FortiGate devices are running 5.0.7 and 5.2.4 and CatTools backs them up every night and sends me a report.
This bug is fixed in Cattools version 3.11.
Andrew
And to add; revision controls is included in the last fortiOS. if you need to achieve a finer details of reports and/or management controls, you have other decent options like fortimanager or skybox.
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.