Wednesday, April 7, 2021

ansible and napalm to get your fortios configuration

 With naplam-fortios you have numerous means to login and do certain commands within fortios. The supported command are listed at the following link below

https://napalm.readthedocs.io/en/reunification/support/index.html#getters-support-matrix


Here's a simple play to gather the fortios config;



- name: fgtconfig
 hosts:  firewall1
 connection: local  
 gather_facts: no   vars_prompt:
  - name: password
   prompt: "password please"
  - name: admin
   prompt: "username please"
   private: no tasks:                   
  - name: getConfigDevice      
   napalm_get_facts:          
    username: "{{ admin }}"        
    dev_os: 'fortios'        
    password: "{{ password }}"      
    filter: 'config'        
   register: result          - name: print results       
   debug: msg="{{ result }}"


Here's an example for gather fwpolicies which is great if you want to do audits.


tasks:
  - name: get fwpolices from device
   napalm_get_facts:
    username: "{{ admin }}"
    dev_os: 'fortios'
    password: "{{ password }}"
    filter: 'firewall_policies'
   register: resultfwpol  - name: print results
   debug: msg="{{ resultfwpol }}"


A sample output;



A fgt collection play



- name: fgtcollections
 hosts: fgt1
 connection: local  
 gather_facts: no   vars_prompt:
  - name: password
   prompt: "password please"
  - name: admin
   prompt: "username please"
   private: no tasks:                   
  - name: get facts from device      
   napalm_get_facts:          
    username: "{{ admin }}"        
    dev_os: 'fortios'        
    password: "{{ password }}"      
    filter: 'config'        
   register: result          - name: print results       
   debug: msg="{{ result }}"      tasks:
  - name: get fwpolices from device
   napalm_get_facts:
    username: "{{ admin }}"
    dev_os: 'fortios'
    password: "{{ password }}"
    filter: 'firewall_policies'
   register: resultfwpol  - name: print results
   debug: msg="{{ resultfwpol }}"  tasks:
  - name: get interface_counters from device
   napalm_get_facts:
    username: "{{ admin }}"
    dev_os: 'fortios'
    password: "{{ password }}"
    filter: 'interfaces_counters'
   register: counters  - name: print results
   debug: msg="{{ counters }}"


You can do a host of items if supported in the  napalm module but napalm is limited. 


The fortios API is a better approach since it's documented very well and has a host of options for add/delete/change of configurations pieces.


YMMV







NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o

        /  \
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)