Giter VIP home page Giter VIP logo

Comments (15)

poundy avatar poundy commented on June 16, 2024

for the second question, it's possible to do the following but requires breaking out the input names with a foreach - many PS modules will handle this internally (I'd prefer SET- than this though :) )

(Get-FGTFirewallAddressgroup -connection $FG -vdom root | where name -like "MySpecialGroup").member.name|%{ Get-FGTFirewallAddress -vdom root -connection $FG -name $_}

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

Hi @poundy

Welcome on PowerFGT !

I'm busy by some other module actually...

For first question, there is already Add-FGTAddress cmdlet for add address and i will be not not too complicated to add member on addressgroup, do you need some other stuff ?

for second question, it is planned to have a better filtering stuff (using direclty API)
it will "fix your where name -like "MySpecialGroup"
There is some other stuff ?

from powerfgt.

poundy avatar poundy commented on June 16, 2024

The whole Quartet please :)
VIP
VIPGRP
ADDRESS
ADDRESSGRP

I'm often in "append" mode - so much so that I wrote a PowerShell text substitution script to create my standard named members, append them to a group, and add a policy. Oh yeah, I need the whole Quintuple, policies too please :)

here's example of one of the "shell" substitution tables I use

config firewall address
    edit "H_%vmIPAddress%"
        set associated-interface port1
        set subnet %vmIPAddress% 255.255.255.255
        set comment "%ClientCode% Svr"
    next
    edit "S_%ClientCode%_%ClientSite%"
        set associated-interface wan1
        set subnet %clientSiteIPAddress% 255.255.255.255
        set comment "%ClientCode% %ClientSite% Office"
    next
end
config firewall addrgrp
    edit "EIP_%ClientCode%_Sites"
        append member "S_%ClientCode%_%ClientSite%"
        set comment "%ClientCode% Sites"
    next
    edit "%ClientCode%_Servers"
        append member "H_%vmIPAddress%"
        set comment "%ClientCode% Servers"
    next
    edit _IP_Hosts
        append member "%ClientCode%_Servers"
    next

end

config firewall policy
    edit %PolicyNum%
        set name "%ClientCode%_Printing"
        set srcintf port1
        set dstintf wan1
        set srcaddr "%ClientCode%_Servers"
        set dstaddr "EIP_%ClientCode%_Sites"
        set action accept
        set schedule always
        set service "Port_Printing-9100-9130" "Port_Printing-11160-11190"
        set nat enable
        set ippool enable
        set poolname "Outbound NAT default"
        set fsso disable
        set comment "%ClientCode% printing to Client Sites"
    next
end

from powerfgt.

poundy avatar poundy commented on June 16, 2024

What I have done with this above powershell is what I'd prefer to directly do via PowerFGT if possible - take minimal input and then add all the components together. That's what I see that any programmatic driven access to the device should strive to do - make it simple to do the simple and repeatable tasks that you need to do frequently so you get a return on improving the process. Infrequently performed tasks are in my view less important to me to expose programmatically, because I am likely to have developed a detailed implementation plan around that and not going to worry about a few CLI commands versus a single powershell command instead. But the big things, I want to cut out manual errors and streamline the job and PS is the go to.

So in the above example I'd want to do an Add-FGTFirewallAddress followed by Get-FGTFirewallAddressGrp | {something to add-member}. Therein lies one of the complexities in multi-value elements like Member...

I'm no powershell architect, but a process like Get-FGTFirewallAddressGroup | Append-FGTMember $SavedNewAddress might work?

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

Hi poundy,

What I have done with this above powershell is what I'd prefer to directly do via PowerFGT if possible - take minimal input and then add all the components together. That's what I see that any programmatic driven access to the device should strive to do - make it simple to do the simple and repeatable tasks that you need to do frequently so you get a return on improving the process. Infrequently performed tasks are in my view less important to me to expose programmatically, because I am likely to have developed a detailed implementation plan around that and not going to worry about a few CLI commands versus a single powershell command instead. But the big things, I want to cut out manual errors and streamline the job and PS is the go to.

Yes it is my idea too but need time for make this...

So in the above example I'd want to do an Add-FGTFirewallAddress followed by Get-FGTFirewallAddressGrp | {something to add-member}. Therein lies one of the complexities in multi-value elements like Member...

Yes, it will be possible

I'm no powershell architect, but a process like Get-FGTFirewallAddressGroup | Append-FGTMember $SavedNewAddress might work?
there is no Append verb on PowerShell ;-) but it will be possible

and I'm not against a little help (i can explain how to make this with API

from powerfgt.

poundy avatar poundy commented on June 16, 2024

OK, sleeves rolled up... not sure how helpful I'll be, but I'll take a stab. I've looked at the code a bit, and think I'll look at VIPs first, to support ADD/SET. I however think i might need some hand holding in actually converting from a code change into something I can test/use, so any guidance there would be massively appreciated :) I have a server that is in use by others that has 0.3.0 currently installed, and ideally would be able to coexist on that (but understand that may not be possible). Then I'll start breaking into the code more and replicating the approach *-FGTFirewallAddress etc does.

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

i start to work on VIP and addrgrp, i will push a PR soon (next day)

from powerfgt.

poundy avatar poundy commented on June 16, 2024

Abort!
;-)
NP I will get back to figuring out a dev/test process that works for me :)

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

Hi @poundy,

I push a first PR with Add/Remove Virtual IP (#54), can you try ? if need you can send me a e-mail (my mail is on top of ps1 file)

from powerfgt.

poundy avatar poundy commented on June 16, 2024

I have seen your two PRs but haven't had a chance to deal with it yet or figure out how best for me to test things :) Other priorities right now :(

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

Hi @poundy

No problem, need more work (on filtering stuff) and i hope release a version for end of year...

For VIP, do you need to can configure port ?
I think the VIPGRP will be wait next release...

For add / Change / Remove policy, it will see (need some work for support all case and option..) but for basic policy, we can use Invoke-FGTRestMethod

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

I working to add (and remove) policy rule (#65) and it will be release a new release with VIP and AddressGroup Add/remove/Set support

I hope, it will be available for end of year

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

Hello, PowerFGT 0.4.0 is available !

here's example of one of the "shell" substitution tables I use

config firewall address
    edit "H_%vmIPAddress%"
        set associated-interface port1
        set subnet %vmIPAddress% 255.255.255.255
        set comment "%ClientCode% Svr"
    next
    edit "S_%ClientCode%_%ClientSite%"
        set associated-interface wan1
        set subnet %clientSiteIPAddress% 255.255.255.255
        set comment "%ClientCode% %ClientSite% Office"
    next
end

Look Add-FGTFirewallAddress (Already exist with 0.3.0 !)

config firewall addrgrp
edit "EIP_%ClientCode%Sites"
append member "S
%ClientCode%_%ClientSite%"
set comment "%ClientCode% Sites"
next
edit "%ClientCode%Servers"
append member "H
%vmIPAddress%"
set comment "%ClientCode% Servers"
next
edit _IP_Hosts
append member "%ClientCode%_Servers"
next

Look Add-FGTFirewallAddressGroup and Add-FGTFirewallAddressMember

end

config firewall policy
edit %PolicyNum%
set name "%ClientCode%_Printing"
set srcintf port1
set dstintf wan1
set srcaddr "%ClientCode%Servers"
set dstaddr "EIP
%ClientCode%_Sites"
set action accept
set schedule always
set service "Port_Printing-9100-9130" "Port_Printing-11160-11190"
set nat enable
set ippool enable
set poolname "Outbound NAT default"
set fsso disable
set comment "%ClientCode% printing to Client Sites"
next
end

Look Add-FGTFirewallPolicy

from powerfgt.

poundy avatar poundy commented on June 16, 2024

Thanks for the update ! Sorry I didn't get a chance to assist in the testing - I was struggling to get time to do anything firewall in my day-job before the holidays, and now I'm on leave so there's even less time ;-)

Am still yet to find a good guide to set up a decent dev environment to allow editing of this project, but that's a separate issue to this :)

from powerfgt.

alagoutte avatar alagoutte commented on June 16, 2024

Hi @poundy

No problem ! Good holiday ! (it will also take day off too)

for dev env, it is "easy" fork this projet and git clone your repo after go on the PowerFGT folder and use import-module ./PowerFGT (you can use -force)
I will may be add a note on README about this

from powerfgt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.