Skip to content

Commit

Permalink
Merge pull request #69 from AsBuiltReport/dev
Browse files Browse the repository at this point in the history 
Update to 0.3.0
  • Loading branch information
@tpcarman
tpcarman authored Mar 2, 2024
2 parents cc25d45 + ccf87b9 commit 766e0fd
Show file tree
Hide file tree
Showing 12 changed files with 598 additions and 798 deletions.
2 changes: 1 addition & 1 deletion .github/PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,4 @@
- [ ] My code follows the code style of this project.
- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
- [ ] I have read the [**CONTRIBUTING**](/CONTRIBUTING.md) document.
- [ ] I have read the [**CONTRIBUTING**](https://www.asbuiltreport.com/about/contributing/) document.
4 changes: 3 additions & 1 deletion AsBuiltReport.Fortinet.FortiGate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,15 @@
},
"Options": {
"Port": 443,
"VDOM": ""
"VDOM": "",
"PolicyLayout": "all"
},
"InfoLevel": {
"_comment_": "0 = Disabled, 1 = Enabled / Summary, 2 = Adv Summary",
"FortiCare": 1,
"System": 1,
"Route": 1,
"SDWAN": 1,
"Firewall": 1,
"User": 2,
"VPNIPsec": 2,
Expand Down
4 changes: 2 additions & 2 deletions AsBuiltReport.Fortinet.FortiGate.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
RootModule = 'AsBuiltReport.Fortinet.FortiGate.psm1'

# Version number of this module.
ModuleVersion = '0.2.2'
ModuleVersion = '0.3.0'

# Supported PSEditions
# CompatiblePSEditions = @()
Expand Down Expand Up @@ -58,7 +58,7 @@ RequiredModules = @(
},
@{
ModuleName = 'PowerFGT';
ModuleVersion = '0.7.0'
ModuleVersion = '0.8.0'
}

)
Expand Down
15 changes: 15 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,20 @@
# :arrows_clockwise: Fortinet FortiGate As Built Report Changelog

## [0.3.0] - 2024-02-29

### Added
- Add Policy summary (number of policy, comments, nat...) [67](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/67)
- Add SD-WAN Chapiter (Configuration, Members, Rules...) [#59](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/59)
- Add Firewall Address/AddressGroup/IP Pool/Virtual reference [#56](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/56)

### Changed
- Enhance Policy layout (normal, interface pair, sequence grouping) [66](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/66)
- Route(Static): Enhance display when using Blackhole, ISDB... [#58](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/58)
- Route(monitor): fix when there is Blackhole on Route Monitor [#57](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/57)

### Fixed
- Fix forticare: don't check BranchUpdateVersion [64](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/64)

## [0.2.2] - 2023-10-03

- Interface(System): Fix if when no interface is specified [#53](https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate/pull/53)
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,7 @@ The **Options** schema allows certain options within the report to be toggled on
|-----------------|--------------|---------|-------------|
| Port | TCP Port | 443 | Used to specify the admin HTTPS port of FortiGate
| VDOM | VDOM Name | | Used to specify the VDOM (Virtual Domain)
| PolicyLayout | Policy Layout | all | Use to display Policy Layout (normal, interfacepair, sequencegroup, all)

<!-- ********** Add/Remove the number of InfoLevels as required ********** -->
### InfoLevel
Expand Down
Binary file modified Samples/Fortinet FortiGate As Built Report.docx
View file
Binary file not shown.
759 changes: 18 additions & 741 deletions Samples/Fortinet FortiGate As Built Report.html
View file

Large diffs are not rendered by default.

327 changes: 295 additions & 32 deletions Src/Private/Get-AbrFgtFirewall.ps1
View file

Large diffs are not rendered by default.

36 changes: 18 additions & 18 deletions Src/Private/Get-AbrFgtFortiCare.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -143,25 +143,25 @@ function Get-AbrFgtForticare {
}
}
#>
$BranchUpdateVersion = [version]"$(($firmware.available | Where-Object { $_.major -eq $CurrentVersion.Major -and $_.minor -eq $CurrentVersion.Minor } | Select-Object -First 1).major).$(($firmware.available | Where-Object { $_.major -eq $CurrentVersion.Major -and $_.minor -eq $CurrentVersion.Minor } | Select-Object -First 1).minor).$(($firmware.available | Where-Object { $_.major -eq $CurrentVersion.Major -and $_.minor -eq $CurrentVersion.Minor } | Select-Object -First 1).patch)"
if (($CurrentVersion -lt $FullUpdateVersion) -and ($BranchUpdateVersion -ne $FullUpdateVersion)) {
$upgradePath = "v$($CurrentVersion.Major).$($CurrentVersion.Minor).$($CurrentVersion.Build)"
$major = $CurrentVersion.Major
$minor = $CurrentVersion.Minor
$patch = $CurrentVersion.Build
Do {
$nextFirmware = $firmware_upgrade_paths | Where-Object { $_.from.major -eq $major -and $_.from.minor -eq $minor -and $_.from.patch -eq $patch } | Select-Object -First 1
$major = $nextFirmware.to.major
$minor = $nextFirmware.to.minor
$patch = $nextFirmware.to.patch
$upgradePath = $upgradePath + " -> v$($major).$($minor).$($patch)"
}Until($major -eq $FullUpdateVersion.Major -and $minor -eq $FullUpdateVersion.Minor -and $patch -eq $FullUpdateVersion.Build)
$tab_upgradePath = [pscustomobject]@{
"Installed" = $($FortiOS.version)
"Update" = $($FullUpdate.version)
"Upgrade Path" = $upgradePath
}
#$BranchUpdateVersion = [version]"$(($firmware.available | Where-Object { $_.major -eq $CurrentVersion.Major -and $_.minor -eq $CurrentVersion.Minor } | Select-Object -First 1).major).$(($firmware.available | Where-Object { $_.major -eq $CurrentVersion.Major -and $_.minor -eq $CurrentVersion.Minor } | Select-Object -First 1).minor).$(($firmware.available | Where-Object { $_.major -eq $CurrentVersion.Major -and $_.minor -eq $CurrentVersion.Minor } | Select-Object -First 1).patch)"
#if (($CurrentVersion -lt $FullUpdateVersion)) {
$upgradePath = "v$($CurrentVersion.Major).$($CurrentVersion.Minor).$($CurrentVersion.Build)"
$major = $CurrentVersion.Major
$minor = $CurrentVersion.Minor
$patch = $CurrentVersion.Build
Do {
$nextFirmware = $firmware_upgrade_paths | Where-Object { $_.from.major -eq $major -and $_.from.minor -eq $minor -and $_.from.patch -eq $patch } | Select-Object -First 1
$major = $nextFirmware.to.major
$minor = $nextFirmware.to.minor
$patch = $nextFirmware.to.patch
$upgradePath = $upgradePath + " -> v$($major).$($minor).$($patch)"
}Until($major -eq $FullUpdateVersion.Major -and $minor -eq $FullUpdateVersion.Minor -and $patch -eq $FullUpdateVersion.Build)
$tab_upgradePath = [pscustomobject]@{
"Installed" = $($FortiOS.version)
"Update" = $($FullUpdate.version)
"Upgrade Path" = $upgradePath
}
#}
}
}
else {
Expand Down
35 changes: 32 additions & 3 deletions Src/Private/Get-AbrFgtRoute.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,20 @@ function Get-AbrFgtRoute {
$OutObj = @()

foreach ($route in $MonitorRouterIPv4) {

#when there is blackhole, interface is set to Null
if ("Null" -eq $route.interface) {
$interface = "Blackhole"
}
else {
$interface = $route.interface
}

$OutObj += [pscustomobject]@{
"Type" = $route.type
"IP/Mask" = $route.ip_mask
"Gateway" = $route.gateway
"Interface" = $route.interface
"Interface" = $interface
"Distance/Metric/Priority" = "$($route.distance) / $($route.metric) / $($route.priority)"
}
}
Expand All @@ -91,11 +100,31 @@ function Get-AbrFgtRoute {
$OutObj = @()

foreach ($static in $statics) {

#if using Address object on static route Destination, display the named object
if ($static.dstaddr) {
$dst = $static.dstaddr
}
#if using Internet Service (ISDB)...
elseif ($static.'internet-service') {
#TODO: add Lookup, only display the id...
$dst = $static.'internet-service'
} else {
$dst = $static.dst
}

#when Blackhole is enable, display blackhole for interface
if ($static.blackhole -eq "enable") {
$interface = "Blackhole"
} else {
$interface = $static.device
}

$OutObj += [pscustomobject]@{
"Status" = $static.status
"Destination" = $static.dst
"Destination" = $dst
"Gateway" = $static.gateway
"Interface" = $static.device
"Interface" = $interface
"Distance/Weight/Priority" = "$($static.distance) / $($static.weight) / $($static.priority)"
}
}
Expand Down
209 changes: 209 additions & 0 deletions Src/Private/Get-AbrFgtSDWAN.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,209 @@

function Get-AbrFgtSDWAN {
<#
.SYNOPSIS
Used by As Built Report to returns SD-WAN settings.
.DESCRIPTION
Documents the configuration of Fortinet FortiGate in Word/HTML/Text formats using PScribo.
.NOTES
Version: 0.3.0
Author: Alexis La Goutte
Twitter: @alagoutte
Github: alagoutte
Credits: Iain Brighton (@iainbrighton) - PScribo module
.LINK
https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate
#>
[CmdletBinding()]
param (

)

begin {
Write-PScriboMessage "Discovering SD-WAN settings information from $System."
}

process {

$sdwan = Get-fgtSystemSDWAN

if ($sdwan) {
Section -Style Heading2 'SD-WAN' {
Paragraph "The following section details SD-WAN settings configured on FortiGate."
BlankLine



if ($sdwan -and $InfoLevel.SDWAN -ge 1) {
Section -Style Heading3 'Summary' {
Paragraph "The following section provides a summary of SD-WAN settings."
BlankLine
$OutObj = [pscustomobject]@{
"Zone" = @($sdwan.zone).count
"Member" = @($sdwan.members).count
"Health Check" = @($sdwan.'health-check').count
"Rules" = @($sdwan.'service').count
}

$TableParams = @{
Name = "Summary"
List = $true
ColumnWidths = 50, 50
}

if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}

$OutObj | Table @TableParams
}

Section -Style Heading3 'Configuration' {
Paragraph "The following section provides configuration of SD-WAN settings."
BlankLine
$OutObj = [pscustomobject]@{
"Status" = $sdwan.'status'
"Load Balance Mode" = $sdwan.'load-balance-mode'
"Neighbor Hold Down" = $sdwan.'neighbor-hold-down'
"Fail Detect" = $sdwan.'fail-detect'
}

$TableParams = @{
Name = "Configuration"
List = $true
ColumnWidths = 50, 50
}

if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}

$OutObj | Table @TableParams
}

Section -Style Heading3 'SD-WAN Zone' {
$OutObj = @()

foreach ($zone in $sdwan.zone) {
$OutObj += [pscustomobject]@{
"Name" = $zone.name
"Service SLA" = $zone.'service-sla-tie-break'
}
}

$TableParams = @{
Name = "SD-WAN Zone"
List = $false
ColumnWidths = 50, 50
}

if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}

$OutObj | Table @TableParams
}

if ($sdwan.members) {
Section -Style Heading3 'SD-WAN Members' {
$OutObj = @()

foreach ($member in $sdwan.members) {
$OutObj += [pscustomobject]@{
"Num" = $member.'seq-num'
"Interface" = $member.interface
"Zone" = $member.zone
"Gateway" = $member.gateway
"Status" = $member.status
"Comment" = $member.comment
}
}

$TableParams = @{
Name = "SD-WAN Members"
List = $false
ColumnWidths = 10, 15, 20, 20, 10, 25
}

if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}

$OutObj | Table @TableParams
}
}

if ($sdwan.'health-check') {
Section -Style Heading3 'SD-WAN Health Check' {
$OutObj = @()

foreach ($hc in $sdwan.'health-check') {


$OutObj += [pscustomobject]@{
"Name" = $hc.name
"Detect Mode" = $hc.'detect-mode'
"Protocol" = $hc.protocol
"Server" = $hc.server -replace ('"', '')
"Update Static Route" = $hc.'update-static-route'
"Members" = $hc.members.'seq-num'
}
}

$TableParams = @{
Name = "SD-WAN Health Check"
List = $false
ColumnWidths = 14, 20, 20, 20, 15, 11
}

if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}

$OutObj | Table @TableParams
}
}

if ($sdwan.service) {
Section -Style Heading3 'SD-WAN Rule' {
$OutObj = @()

foreach ($service in $sdwan.service) {

$OutObj += [pscustomobject]@{
"Name" = $service.name
"Source" = $service.src.name
"Destination" = $service.dst.name
"Mode" = $service.mode
"Health Check" = $service.'health-check'.name
"Priority Members" = $service.'priority-members'.'seq-num'
"Status" = $service.status
}
}

$TableParams = @{
Name = "SD-WAN Rule"
List = $false
ColumnWidths = 14, 20, 15, 15, 15, 11, 10
}

if ($Report.ShowTableCaptions) {
$TableParams['Caption'] = "- $($TableParams.Name)"
}

$OutObj | Table @TableParams
}

}

}
}
}
}

end {

}

}
4 changes: 4 additions & 0 deletions Src/Public/Invoke-AsBuiltReport.Fortinet.FortiGate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ function Invoke-AsBuiltReport.Fortinet.FortiGate {
Get-AbrFgtRoute
}

if ($InfoLevel.SDWAN.PSObject.Properties.Value -ne 0) {
Get-AbrFgtSDWAN
}

if ($InfoLevel.Firewall.PSObject.Properties.Value -ne 0) {
Get-AbrFgtFirewall
}
Expand Down

0 comments on commit 766e0fd

Please sign in to comment.