In the previous post, I demonstrated how to get the fortigate configuration using Ansible with fortios module. In this post, I will show you how to get the backup config using Ansible with RestAPI via uri module.Continue reading “Backup FortiOS config with Ansible – with RestAPI”
- fortios_config is based on pyFG which is not updated for 2 years
- If you have non-ascii characters in Fortigate, you should not use it
- Compare the result and your manual backup. Know what is omitted.
In NSO, service is defined in YANG model. And once YANG model is defined and compiled, it will then be encoded to XML. There are few variations to define encode, such as “template only” and “python and template”. As name suggests, template is the most basic pattern, and it directly map the YANG model to XML. While with python some arbitrary operation can be configured based on YANG model before passing any values for XML encode.Continue reading “Cisco NSO – Create Service”
Late last year, Cisco posted “Get NSO for Free!” and since NSO is available for Lab/PoC use for developers. This post is to introduce how to install NSO on Ubuntu16.04, and brief introduction of what it can do.Continue reading “Cisco NSO introduction – vendor agnostic network management”
Basically you don’t need license to access APIs on the network devices directly, because it’s on base license.
However, if you search “Cisco API” online, or when you follow Cisco Devnet contents, it is confusing because a lot of contents are made around ACI/APIC/DNA. And DNA subscription is mandatory for some devices(e.g. Catalyst9k) now, and it sometimes misleads the customer that DNA subscription is required to use any kind of APIs on Cisco boxes.Continue reading “What license is required to use Cisco API?”
In this post, I’m going to configure Google Cloud Function as an interface among Fortigate, Slack and Github. Once all deploy completed, all the configuration changes on Fortigate will be automatically notified to Slack, and it will be uploaded to Github for version control.Continue reading “Fortigate Config version management”
After Github opened its free repository function to free users, I’m using Github private repository to store lots of my applications config file. I usually don’t use version management because they usually never changes after initial deployment. However, especially while I write blog post I need to make changes just to check the functionality. And sometimes I forgot to rollback config and need to check manually on the device.
In this post, I show you how to integrate Fortigate config backup script and Github API. And in the next post I will deploy them in CloudFunction so that it can be invoked by Fortigate automation stitch.Continue reading “Fortigate config management in Github”
Previously I wrote a post how to backup the Fortigate config using session based authentication. As per the API reference, this is considered legacy, and other authentication method –API token, is preferred. In this post, I demonstrate how to use FortiOS RestAPI with API token. And I will introduce how to parse current configuration.
I used FortiOS 6.0.4 to deploy this, and it is most likely not working with other version(especially 5.x).
The flow is as follows:
- Create access profile for API user
- Create API user in Fortigate
- Generate API token for API user
- Send request and get the backup config
Whenever changes are made in configuration, Fortigate posts notification at Slack channel.
Fortigate automation is composed of three elements:
- automation trigger … available trigger -HA Failover, Config change, Log, IOC, High CPU, Conserve mode
- automation action … available action -Email, IP Ban, AWS lambda, Webhook
- automation stitch … Combination of trigger and action
I used to use AWS quite often previously, and I created cost notification using python on AWS lambda and slack API. These few months though, I am not using AWS much, but GCP due to personal reasons. Hence I created (almost) same notification using Google Cloud Function and slack API.