The goals of the project are:
- to convert FortiOS configuration to JSON file.
- to check FortiOS configuration for well-known misconfigurations.
It's supposed to use advanced JSON viewer for exploring converted configuration.
I'd like to advise you powerful JSON viewer that can be installed as browser extension: JSON Discovery
- Install as Python package:
pip3 install git+https://github.com/mdraevich/fortios_config_analyzer
- Execute to convert FortiOS configuration to JSON file (the converted file will be opened in default browser automatically):
python3 -m confanalyzer -f <path_to_fg_config>
- Add option
-aif you wanna check FortiOS configuration against well-known misconfigurations:
python3 -m confanalyzer -f <path_to_fg_config> -a
JSON Discovery extension uses Jora queries to extract useful information from JSON file. Here is a list of useful Jora queries for FortiOS configuration analysis:
| # | File | Description |
|---|---|---|
| 1 | click | Show all security profiles which are used in IPv4 firewall policies (per-VDOM) |
| 2 | click | Show configuration for all security profiles (per-VDOM) |
| 3 | click | Show inspection mode for all IPv4 firewall policies (per-VDOM) |
| 4 | click | Show interface,vdom, ip/mask, allowaccess attributes for all interfaces |
| 5 | click | Show IPv4 & IPv6 firewall policies filtered by interface (per-VDOM) |
| 6 | click | Show security profiles for every IPv4 firewall policy |
| 7 | click | Show interface, vdom, ip/mask, master_interface, vlanid attributes for all interfaces |
| 8 | click | Show configuration for routing protocols (static, RIP, OSPF, BGP) per-VDOM |
| 9 | click | Show profile group configuration and usage in IPv4 & IPv6 firewall policies |
| 10 | click | Show firewall DoS-policies filtered by interface (per-VDOM) |
- Automatic testing of Jora queries
- Clean up project
- License status