FortiPower / PowerFGT

PowerShell module to manage Fortinet (FortiGate) Firewall
Apache License 2.0
107 stars 36 forks source link

Set-FGTFirewallPolicy change -status enable / disable #268

Closed gitTerracide closed 1 month ago

gitTerracide commented 1 month ago

Hi :)

Thank you for this amazing work. It's so great.

I am trying to enable/disable firewall policy - to no avail. Is this not catered for or am I missing something? Would appreciate any insights please. Thanks in advance!

Get-FGTFirewallPolicy -name Public-NAT-443_443-Nginx | Set-FGTFirewallPolicy -status enable
C:\> Get-FGTFirewallPolicy -name Public-NAT-443_443-Nginx | Set-FGTFirewallPolicy -status enable
Set-FGTFirewallPolicy : Cannot validate argument on parameter 'policy'. Element specified does not contain a policyid property.
At line:1 char:86
+ ... -name Public-NAT-443_443-Nginx | Set-FGTFirewallPolicy -status enable
+                                                                    ~~~~~~
     + CategoryInfo          : InvalidData: (:) [Set-FGTFirewallPolicy], ParameterBindingValidationException
     + FullyQualifiedErrorId : ParameterArgumentValidationError,Set-FGTFirewallPolicy
PS C:\> Set-FGTFirewallPolicy -policyid 29 -status disable
Set-FGTFirewallPolicy : Cannot validate argument on parameter 'policy'. Element specified does not contain a policyid property.
At line:1 char:44
+ Set-FGTFirewallPolicy -policyid 29 -status disable
+                                            ~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Set-FGTFirewallPolicy], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Set-FGTFirewallPolicy
alagoutte commented 1 month ago

Hi @gitTerracide

You can look help :-) (or doc) ! -status parameter is (powershell) bool

help set-fgtfirewallpolicy -example
[...]
 -------------------------- EXAMPLE 4 --------------------------

    PS > $MyFGTPolicy = Get-FGTFirewallPolicy -name MyFGTPolicy
    PS C:\>$MyFGTPolicy | Set-FGTFirewallPolicy -status:$false

    Change MyFGTPolicy to set status disable
[...]

You need to use for enable policy status

Get-FGTFirewallPolicy -name Public-NAT-443_443-Nginx | Set-FGTFirewallPolicy -status

and for disable policy status

Get-FGTFirewallPolicy -name Public-NAT-443_443-Nginx | Set-FGTFirewallPolicy -status:$false
gitTerracide commented 1 month ago

Ahh thank you so much @alagoutte! really appreciate your answer and your assistance. This powershell capability is truly amazing. Wish I had found it sooner! :)