After the previous article : Ansible : Automated Fortigate blocklist ipsets, I’dl ike to share with you a small script collection I use to be sure I’ve the exact same configuration on all my fortigates firewall. Wrote with Ansible. I automatise some important configuration like system configuration, LDAP & admin creation, Objects names & groups or the backup :)
The Collection
Every ansible script are available on my github : https://github.com/alex-nogard/fortigate-ansible-collection
Fortigate System Template
Aim :
The objective is to create a system template, to have the exact same config on all firewalls. It’s really usefull to avoid mistakes :)
How it works :
1 / Configure the system global parameters : -> Console timeout -> Language -> Fortigate Alias
2 / Configure the Firewall DNS
3 / Configure the Firewall NTP Server
4 / Configure the Firewall SNMP
5 / Configure the SMTP part.
Command :
ansible-playbook global-template.yml
Fortigate backup
How it works ?
1 / The script will retrieve the full configuration of your firewall
2 / the full conf will be written in a .config file
Command :
ansible-playbook backupforti.yml
Fortigate Massive host import
How it works :
Prerequisite : create a 2 columns CSV, with a name column and IP column
1 / The script will read the CSV defined in the command line arg, and create all hosts
2 / The script will populate the created hosts in a group, defined in the command line arg
Command :
ansible-playbook massive-import.yml -e loadcsv=import.csv -e addgrp=test099
Dont forget to change the name & path of your CSV file, and the name of the group you’ld like to put the hosts.
Admin Access with LDAP
How it works ?
1 / The script will create a new ldap server, dont forget to modify your parameters
2 / The script will create a new group, linkt to LDAP server. Please put the CN of your group name
3 / Create the admin, linkt to the group previously created.
Command :
ansible-playbook admin-access-with-ldap.yml
I hope it will help you in your day to day work :) More scripts are coming soon ;)