A collection of useful scripts to make your life with FortiGates easier.

Convert configuration file to csv

A little python script to convert FortiGate configuration files to csv. It is hosted on GitHub: https://github.com/maaaaz/fgpoliciestocsv. An example output is shown below.

$ python fgpoliciestocsv.py -i fortigate.csv
id;srcintf;dstintf;srcaddr;dstaddr;action;schedule;service:logtraffic-app;webcache;nat
1;internal;wan1;all;all;accept;always;ANY;disable;enable;enable

It can be used to review firewall policies together with a customer or to manipulate a large policy rule set. If I want to append a new UTM profile (IDS, Application Control, ...) to multiple policies matching a certain criteria, I use this procedure:

1. Download the FortiGate configuration file.
2. Convert it to CSV with fgpoliciestocsv.
3. Load and filter it in Excel according to my criteria.
4. Copy the policy ID's to a temporary file on an Linux machine (policy_ids.txt)
5. Append the missing configuration with a bash one-liner (shown below).
6. Copy script output to FortiGate CLI.

for policyid in $(cat policy_ids.txt); 
    do echo "edit $policyid \n
             set webfilter-profile newprofile\n
             next";
    done

This generates output in the form below:

edit 1
        set webfilter-profile newprofile
next
edit 2
        set webfilter-profile newprofile
next
edit 3
        set webfilter-profile newprofile
next
...