search

AsBuiltReport / AsBuiltReport.Fortinet.FortiGate

Repository for AsBuiltReport Fortinet FortiGate module
MIT License
36 stars 9 forks source link

Feature request - VPN extraction #21

Closed rhumbert54 closed 1 year ago

rhumbert54 commented 1 year ago

Hi,

Is your feature request related to a problem? Please describe. There is no relation to a problem. It's just a suggestion to take more information

Describe the solution you'd like add 2 Chapters 1/ VPN SSL (it is activate ? listen port ? IP access filtering ? dns and suffix ? authentication timeout and certificate) 2/ VPN IPSEC (phase 1 and phase 2 resume per tunnel)

Describe alternatives you've considered A simple export from vpn ipsec phase1-interface and phase2-interface (mode tunnel is depreciate) and grep to delete ENC psk and only specify if psk or certificate A simple export from vpn ssl settings and grep to delete some information

Best regards Renaud HUMBERT

alagoutte commented 1 year ago

Hi Renaud,

For VPN SSL, do you have the list of parameter do you want ? (from cli conf) it will be not i on next release because i need to add Get function for VPN SSL on PowerFGT

for VPN IPsec, it will be more easy (Get function are already available) and i will be also possible to display PSK (i will make an option for this)

from your feedback, we need to display this

phase1-interface

        set interface xxx
        set ip-version x
        set ike-version x
        set local-gw xxx
        set keylife xxx
        set authmethod xxx
        set mode xxx
        set peertype any
        set mode-cfg xxx
        set proposal xxx
        set localid xxx
        set dpd xxx
        set dhgrp xxx
        set xauthtype xxx
        set nattraversal xxx
        set rekey xxx
        set remote-gw xx

phase2-interface

        set phase1name xxx
        set proposal xxx
        set dhgrp xxx
        set replay xxx
        set keepalive xxx
        set auto-negotiate xxx
        set keylife-type xxx
        set src-addr-type xxx
        set dst-addr-type xxx
        set keylifeseconds xxx
        set src-name xxx
        set dst-name xxx
    set src-subnet xxx
    set dst-subnet xxx
rhumbert54 commented 1 year ago

Hi Alexis,

I think this parameters are interesting : Idle-timeout Auth-timeout Force-two-factor-auth Tunnel-ip-pools Dns-suffix Dns-server1 Dns-server2 Port Source-address

Cordialement, Renaud HUMBERT Support Technique Client TSR [picto mail] @.**@.> [picto tel] 0383988930 [picto map] Agence et Datacenters de Nancy @. @. [NSE 7] @. @. @.***https://www.adista.fr/communique-presse/adista-signe-laccord-dacquisition-de-waycom/

@.https://www.adista.fr/ @.https://twitter.com/adistafrance @.https://www.youtube.com/user/adistafrance @.https://fr.linkedin.com/company/adista-rmi @.***https://www.facebook.com/adistafrance

De : Alexis La Goutte @.> Envoyé : vendredi 16 décembre 2022 21:47 À : AsBuiltReport/AsBuiltReport.Fortinet.FortiGate @.> Cc : Renaud HUMBERT @.>; Author @.> Objet : Re: [AsBuiltReport/AsBuiltReport.Fortinet.FortiGate] Feature request - VPN extraction (Issue #21)

ATTENTION : Ce courriel provient de l'extérieur du groupe ADISTA. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaître l'expéditeur et de savoir que le contenu est sûr.

Hi Renaud,

For VPN SSL, do you have the list of parameter do you want ? (from cli conf) it will be not i on next release because i need to add Get function for VPN SSL on PowerFGT

for VPN IPsec, it will be more easy (Get function are already available) and i will be also possible to display PSK (i will make an option for this)

from your feedback, we need to display this

phase1-interface

   set interface xxx

    set ip-version x

    set ike-version x

    set local-gw xxx

    set keylife xxx

    set authmethod xxx

    set mode xxx

    set peertype any

    set mode-cfg xxx

    set proposal xxx

    set localid xxx

    set dpd xxx

    set dhgrp xxx

    set xauthtype xxx

    set nattraversal xxx

    set rekey xxx

    set remote-gw xx

phase2-interface

   set phase1name xxx

    set proposal xxx

    set dhgrp xxx

    set replay xxx

    set keepalive xxx

    set auto-negotiate xxx

    set keylife-type xxx

    set src-addr-type xxx

    set dst-addr-type xxx

    set keylifeseconds xxx

    set src-name xxx

    set dst-name xxx

    set src-subnet xxx

    set dst-subnet xxx

- Reply to this email directly, view it on GitHubhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAsBuiltReport%2FAsBuiltReport.Fortinet.FortiGate%2Fissues%2F21%23issuecomment-1355586388&data=05%7C01%7Crhumbert%40adista.fr%7C133d83ad389649758ead08dadfa6b0e2%7C61b7c6667f1f45b5b4aefe7373641f03%7C0%7C0%7C638068204283908627%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RfHlxPk8kFOm4eRAB7TA5jHDH%2Fq7nwCeZFeSZJgxkpA%3D&reserved=0, or unsubscribehttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FA2MNOMKA7RSSQWMVB6Y3EB3WNTIMPANCNFSM6AAAAAASCJY2QM&data=05%7C01%7Crhumbert%40adista.fr%7C133d83ad389649758ead08dadfa6b0e2%7C61b7c6667f1f45b5b4aefe7373641f03%7C0%7C0%7C638068204283908627%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=43%2FTI9Qbibz3FjyNl8w69LTp0Vyy%2FdwD0LJ9QTiUQvc%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.**@.>>

RantMaster commented 1 year ago

Would it be possible to get a updated release with this feature #26 in it?

alagoutte commented 1 year ago

Would it be possible to get a updated release with this feature #26 in it?

Hi @RantMaster, i want to add more feature before (VPN SSL and enhance User Part) but i hope for very soon !