Comments (14)
Log file:
2021-08-01 07:53:43 INFO DirectFire.Converter.main: converter starting
2021-08-01 07:53:43 INFO DirectFire.Converter.main: source format is fortigate
2021-08-01 07:53:43 INFO DirectFire.Converter.main: loading source configuration from fg.conf
2021-08-01 07:53:43 INFO DirectFire.Converter.main: running configuration parser
2021-08-01 07:53:43 INFO DirectFire.Converter.parse: loading parser module for fortigate
2021-08-01 07:53:43 INFO DirectFire.Converter.parse: loaded parser module for fortigate
2021-08-01 07:53:43 INFO DirectFire.Converter.parse: starting parse of source configuration
2021-08-01 07:53:43 INFO DirectFire.Converter.parsers.fortigate: parser module started
2021-08-01 07:53:43 INFO DirectFire.Converter.parsers.fortigate: parse system
2021-08-01 07:53:43 INFO DirectFire.Converter.parsers.fortigate: parse interfaces - not yet supported
2021-08-01 07:53:43 INFO DirectFire.Converter.parsers.fortigate: parse zones - not yet supported
2021-08-01 07:53:43 INFO DirectFire.Converter.parsers.fortigate: parse static routes
2021-08-01 07:53:43 ERROR Traceback with variables (most recent call last):
File "converter.py", line 230, in main
.
. # Run configuration parser
.
. logger.info("DirectFire.Converter.main: running configuration parser")
.
> parsed_data = parse(
. src_format=src_format, src_config=src_config, routing_info=routing_info
. )
.
. logger.info("DirectFire.Converter.main: configuration parser finished")
.
src_format = 'fortigate'
dst_format = 'ciscoasa'
routing_info = None
config_file = <_io.TextIOWrapper name='fg.conf' mode='r' encoding='UTF-8'>
src_config = '#config-version=FGT4HD-6.2.8-FW-build1232-210426:opmode=0:vdom=0:user=user\n#conf_file_ver=361464447715519\n#buildno=1232\n#global_vdom=1\nconfig system global\n set admin-sport 8443\n set admintimeout 4> File "converter.py", line 127, in parse
.
. logger.info("DirectFire.Converter.parse: loaded parser module for " + src_format)
.
. logger.info("DirectFire.Converter.parse: starting parse of source configuration")
.
> parsed_data = parse(src_config, routing_info)
.
. logger.info("DirectFire.Converter.parse: completed parse of source configuration")
.
. return parsed_data
.
src_format = 'fortigate'
src_config = '#config-version=FGT4HD-6.2.8-FW-build1232-210426:opmode=0:vdom=0:user=user\n#conf_file_ver=361464447715519\n#buildno=1232\n#global_vdom=1\nconfig system global\n set admin-sport 8443\n set admintimeout 4> routing_info = None
parse = <function parse at 0x7f03f72cc940>
File "/home/user/DirectFire_Converter/DirectFire/Converter/parsers/fortigate.py", line 118, in parse
. + common.common_regex.ipv4_mask
. + ")\n",
. route_config,
. )
.
> route["network"] = re_match.group(1)
. route["mask"] = re_match.group(2)
.
. re_match = re.search(
. "set gateway ([0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3}[.][0-9]{1,3})\n",
. route_config,
src_config = '#config-version=FGT4HD-6.2.8-FW-build1232-210426:opmode=0:vdom=0:user=user\n#conf_file_ver=361464447715519\n#buildno=1232\n#global_vdom=1\nconfig system global\n set admin-sport 8443\n set admintimeout 4
routing_info = None
data = {'system': {'hostname': 'FG-HOSTNAME'}, 'interfaces': {}, 'zones': {}, 'routes': [], 'routes6': [], 'network_objects': {}, 'network6_objects': {}, 'network_groups': {}, 'network6_groups': {}, 'service_objects': {}, 's> re_match = None
routes_block = 'config router static\n edit 1\n set gateway X.X.X.XX\n set distance 100\n set device "port15"\n next\n edit 3\n set device "VPNtoLenoir"\n set comment "VPN: VPNto> route_match = <re.Match object; span=(21, 126), match=' edit 1\n set gateway X.X.X.X\n >
route_config = ' edit 1\n set gateway X.X.X.X\n set distance 100\n set device "port15"\n next'
route = {}
builtins.AttributeError: 'NoneType' object has no attribute 'group'
from directfire_converter.
Hi @mattynealo,
Looking through the log, have you changed the IP in your routing to X.X.X.X before running your config through the converter? Or have you just replaced this in the log?
Can you share the full 'config router static' section of the config please? Or output of command 'show router static' on the fortigate.
Thanks,
Glenn
from directfire_converter.
from directfire_converter.
See Below:
PUBLIC_IP is a real public address
each X1, X2 is a VPN site
PUBLIC_IP_SECOND_WAN is the real IP for redundant provider
config router static
edit 1
set gateway PUBLIC_IP
set distance 100
set device "port15"
next
edit 3
set device "VPNtoX1"
set comment "VPN: VPNtoX1 (Created by VPN wizard)"
set dstaddr "VPNtoX1_remote"
next
edit 5
set device "VPNX2"
set comment "VPN: VPNX2 (Created by VPN wizard)"
set dstaddr "VPNX2_remote"
next
edit 7
set device "VPNtoX3"
set comment "VPN: VPNtoX3 (Created by VPN wizard)"
set dstaddr "VPNtoX3_remote"
next
edit 11
set gateway PUBLIC_IP_SECOND_WAN
set distance 200
set device "port16"
next
edit 6
set device "X4"
set comment "VPN: X4 (Created by VPN wizard)"
set dstaddr "X4_remote"
next
edit 9
set distance 254
set comment "VPN: X5 (Created by VPN wizard)"
set blackhole enable
set dstaddr "X5_remote"
next
edit 10
set device "VPNtoX6"
set comment "VPN: VPN_ToX6 (Created by VPN wizard)"
set dstaddr "VPN_ToX6_remote"
next
edit 12
set distance 254
set comment "VPN: VPN_ToX6 (Created by VPN wizard)"
set blackhole enable
set dstaddr "VPN_ToX6_remote"
next
edit 13
set device "VPNToX7"
set comment "VPN: VPNX7 (Created by VPN wizard)"
set dstaddr "VPNX7_remote"
next
edit 14
set distance 254
set comment "VPN: VPNX7 (Created by VPN wizard)"
set blackhole enable
set dstaddr "VPNX7_remote"
next
edit 15
set dst 10.56.0.0 255.255.0.0
set gateway 192.168.255.1
set distance 2
set device "port14"
next
edit 18
set dst 10.2.5.0 255.255.255.0
set gateway 10.1.100.1
set distance 1
set device "Internal"
next
edit 21
set status disable
set dst 10.10.200.0 255.255.255.0
set gateway 1.1.1.1
set device "port6"
next
edit 22
set status disable
set dst 10.1.101.0 255.255.255.0
set gateway 1.1.1.1
set device "port6"
set comment "testing with 101 subnet"
next
edit 19
set dst 10.212.134.0 255.255.255.0
set distance 2
set device "ssl.root"
next
end
from directfire_converter.
Hi @mattynealo,
Thanks for sharing your config.
I have made some updates to the FortiGate parser module which hopefully resolves. Can you pull the latest from git and try again?
Glenn
from directfire_converter.
Thanks Glenn,
Looks like it still has errors on the GeoBlocks I removed Moldova which was in the first log and then it errored at the next which was Russia. see log below:
2021-08-04 09:06:53 INFO DirectFire.Converter.main: converter starting
2021-08-04 09:06:53 INFO DirectFire.Converter.main: source format is fortigate
2021-08-04 09:06:53 INFO DirectFire.Converter.main: loading source configuration from fg.conf
2021-08-04 09:06:53 INFO DirectFire.Converter.main: running configuration parser
2021-08-04 09:06:53 INFO DirectFire.Converter.parse: loading parser module for fortigate
2021-08-04 09:06:53 INFO DirectFire.Converter.parse: loaded parser module for fortigate
2021-08-04 09:06:53 INFO DirectFire.Converter.parse: starting parse of source configuration
2021-08-04 09:06:53 INFO DirectFire.Converter.parsers.fortigate: parser module started
2021-08-04 09:06:53 INFO DirectFire.Converter.parsers.fortigate: parse system
2021-08-04 09:06:53 INFO DirectFire.Converter.parsers.fortigate: parse interfaces - not yet supported
2021-08-04 09:06:53 INFO DirectFire.Converter.parsers.fortigate: parse zones - not yet supported
2021-08-04 09:06:53 INFO DirectFire.Converter.parsers.fortigate: parse IPv4 network objects
2021-08-04 09:06:53 ERROR Traceback with variables (most recent call last):
File "converter.py", line 230, in main
.
. # Run configuration parser
.
. logger.info("DirectFire.Converter.main: running configuration parser")
.
> parsed_data = parse(
. src_format=src_format, src_config=src_config, routing_info=routing_info
. )
.
. logger.info("DirectFire.Converter.main: configuration parser finished")
.
src_format = 'fortigate'
dst_format = 'ciscoasa'
routing_info = None
config_file = <_io.TextIOWrapper name='fg.conf' mode='r' encoding='UTF-8'>
src_config = '#config-version=FGT4HD-6.2.8-FW-build1232-210426:opmode=0:vdom=0:user=ntmneal\n#conf_file_ver=361464447715519\n#buildno=1232\n#global_vdom=1\nconfig system global\n set admin-sport 8443\n set admintimeout 4> File "converter.py", line 127, in parse
.
. logger.info("DirectFire.Converter.parse: loaded parser module for " + src_format)
.
. logger.info("DirectFire.Converter.parse: starting parse of source configuration")
.
> parsed_data = parse(src_config, routing_info)
.
. logger.info("DirectFire.Converter.parse: completed parse of source configuration")
.
. return parsed_data
.
src_format = 'fortigate'
src_config = '#config-version=FGT4HD-6.2.8-FW-build1232-210426:opmode=0:vdom=0:user=ntmneal\n#conf_file_ver=361464447715519\n#buildno=1232\n#global_vdom=1\nconfig system global\n set admin-sport 8443\n set admintimeout 4> routing_info = None
parse = <function parse at 0x7f375cd4c940>
File "/home/ntmneal/DirectFire_Converter/DirectFire/Converter/parsers/fortigate.py", line 136, in parse
. network_object,
. )
.
. data["network_objects"][network_object_name][
. "country_code"
> ] = re_match.group(1)
.
. elif network_object_type == "ipmask":
.
. re_match = re.search(
. "set subnet ("
src_config = '#config-version=FGT4HD-6.2.8-FW-build1232-210426:opmode=0:vdom=0:user=ntmneal\n#conf_file_ver=361464447715519\n#buildno=1232\n#global_vdom=1\nconfig system global\n set admin-sport 8443\n set admintimeout 4
routing_info = None
data = {'system': {'hostname': 'ACY-FGT400D_1'}, 'interfaces': {}, 'zones': {}, 'routes': [], 'routes6': [], 'network_objects': {'FABRIC_DEVICE': {'type': 'network', 'network': '0.0.0.0', 'mask': '0.0.0.0'}, 'FIREWALL_AUTH_PORT re_match = None
network_objects_block = 'config firewall address\n edit "FABRIC_DEVICE"\n set uuid 6f9b82ae-bc94-51e9-108c-26a1844c4012\n set comment "IPv4 addresses of Fabric Devices."\n next\n edit "FIREWALL_AUTH_PORT> network_object_match = <re.Match object; span=(3720, 3852), match=' edit "Russia"\n set uuid 7c9f9252-4553>
network_object = ' edit "Russia"\n set uuid 7c9f9252-4553-51e7-6971-0430e0d72e7d\n set type geography\n set country "RU"\n next'
network_object_name = 'Russia'
network_object_type = 'geography'
network_object_network = '185.129.148.19'
network_object_mask = '255.255.255.255'
builtins.AttributeError: 'NoneType' object has no attribute 'group'
from directfire_converter.
I have permission to upload the whole config
from directfire_converter.
Thanks @mattynealo, will have a look into this.
I've downloaded your config and removed it from your comment as it's potentially sensitive.
Glenn
from directfire_converter.
@glennake Thank you so much, Is there a way I can contribute to this project?
from directfire_converter.
Hi @mattynealo,
I've made a few fixes and additions which mean the tool will process your config without erroring now if you can pull the latest. I have not checked for accuracy so please make sure you do before using any configs from it, and let me know of any issues you find.
Always happy for additional contributors, if you can work in Python feel free to fork and improve any existing modules, or add your own for new vendors. Then raise a pull request for your changes to be reviewed for merge.
Thanks,
Glenn
from directfire_converter.
@glennake I am not a programmer... I was asking if I could buy you a beer or financially contribute for your time.
from directfire_converter.
THis is great so far, Looks like it stops right after the groups and network objects, but doesn't convert any of the rules.
from directfire_converter.
Also is it suppose to output to a file? If so I can't seem to find it.
from directfire_converter.
@mattynealo really appreciate the offer, thank you. It's fine though, you don't have to.
FortiGate parsing support is detailed here, I've just added service objects and service groups. Will add policies as soon as I can.
Glenn
from directfire_converter.
Related Issues (16)
- Cisco Asa parser HOT 1
- Error from cisco ASA to fortigate HOT 3
- Juniper Netscreen to Fortigate HOT 4
- ASA to SRX HOT 1
- Ssg to srx policies HOT 2
- ASA to FortiGate HOT 1
- Small fortigate parsing issues
- Output Folder is empty after convert
- Juniper SSG to SRX policy conversion HOT 1
- Conversion from netscreen not working
- Watchguard error HOT 6
- builtins.ImportError: cannot import name 'prints_tb' HOT 4
- AttributeError: 'NoneType' object has no attribute 'group' HOT 1
- NameError: name 'logging' is not defined HOT 2
- Some issues which I needed fixing to get a working result HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from directfire_converter.