Skip to content

Instantly share code, notes, and snippets.

@bunlongheng

bunlongheng/Fortinet.php

Created March 6, 2018 19:33
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bunlongheng/9a3c739356bf059d59164bdb747c6fd5 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bunlongheng/9a3c739356bf059d59164bdb747c6fd5 to your computer and use it in GitHub Desktop.
Download ZIP
Fortinet Model API between the portal
Raw
Fortinet.php
<?php
namespace App\Models;
use App\CURL;
use Redirect;
use Session;
//SSC.cfg
$GLOBALS['FG_API'] = 'http://172.18.58.25/jsonrpc';
$GLOBALS['PKG_NAME'] = 'CARWASH_PKG_VPN';
$GLOBALS['DEVICE'] = 'FGV16V0000131282';
$GLOBALS['ATOM'] = 'CARWASH';
$GLOBALS['VDOM'] = 'root';
$GLOBALS['USERNAME'] = 'jsonapi';
$GLOBALS['PASSWORD'] = '';
$GLOBALS['INGRESS_PORT'] = '5000';
$GLOBALS['INGRESS_INTERFACE'] = 'port2';
$GLOBALS['INGRESS_REMOTE_IP'] = '10.0.1.1';
$GLOBALS['EGRESS_PORT'] = '5001';
$GLOBALS['EGRESS_INTERFACE'] = 'port3';
$GLOBALS['EGRESS_REMOTE_IP'] = '10.0.2.1';
class Fortinet {
/*=======================================
= Response Check =
=======================================*/
public static function responseCheck($response) {
if ($response['result'][0]['status']['code'] != 0 && $response['result'][0]['status']['code'] != -2 ) {
return $response['result'][0]['status']['message'];
}
}
/*=============================
= login =
===============================*/
public static function login() {
$body = '
{
"id": 1,
"method": "exec",
"params": [
{
"data": [
{"passwd": "'.$GLOBALS['PASSWORD'].'",
"user": "'.$GLOBALS['USERNAME'].'"
}
],
"url": "sys/login/user"
}
],
"session": "",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
Session::forget('session');
Session::put('session',$response['session']);
return $response['session'];
}
/*===============================
= Session =
===============================*/
public static function getSession() {
// if(Session::has('session')) {
// $session = Session::get('session');
// } else {
// $session = Fortinet::login();
// }
$session = Fortinet::login();
return $session;
}
/*==========================================
= createIngressVxLan =
==========================================*/
public static function createIngressVxLan($hnsId, $ingressVxLanName) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"dstport": "'.$GLOBALS['INGRESS_PORT'].'",
"interface": "'.$GLOBALS['INGRESS_INTERFACE'].'",
"name": "'.$ingressVxLanName.'",
"remote-ip": "'.$GLOBALS['INGRESS_REMOTE_IP'].'",
"vni":'.$hnsId.'
},
"url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/vdom/'.$GLOBALS['VDOM'].'/system/vxlan"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*=========================================
= createEgressVxLan =
=========================================*/
public static function createEgressVxLan($hnsId, $egressVxLanName) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"dstport": "'.$GLOBALS['EGRESS_PORT'].'",
"interface": "'.$GLOBALS['EGRESS_INTERFACE'].'",
"name": "'.$egressVxLanName.'",
"remote-ip": "'.$GLOBALS['EGRESS_REMOTE_IP'].'",
"vni":'.$hnsId.'
},
"url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/vdom/'.$GLOBALS['VDOM'].'/system/vxlan"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*====================================
= createSwitch =
====================================*/
public static function createSwitch($ingressVxLanName,$egressVxLanName,$switchName) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"intra-switch-policy": "explicit",
"member": [
"'.$ingressVxLanName.'",
"'.$egressVxLanName.'"
],
"name": "'.$switchName.'",
"vdom": "'.$GLOBALS['VDOM'].'"
},
"url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/global/system/switch-interface"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*====================================
= createDevice =
====================================*/
public static function installDevice() {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "exec",
"params": [
{
"data": {
"adom": "'.$GLOBALS['ATOM'].'",
"dev_rev_comments": "Synchronizing the device configuration",
"flags": [
"none"
],
"scope": [
{
"name": "'.$GLOBALS['DEVICE'].'",
"vdom": "'.$GLOBALS['VDOM'].'"
}
]
},
"url": "/securityconsole/install/device"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
public static function createDynamicIngressInterface($ingressVxLanName) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"default-mapping": "disable",
"dynamic_mapping": [
{
"_scope": [
{
"name": "'.$GLOBALS['DEVICE'].'",
"vdom": "'.$GLOBALS['VDOM'].'"
}
],
"local-intf": [
"'.$ingressVxLanName.'"
]
}
],
"name": "'.$ingressVxLanName.'",
"single-intf": "enable"
},
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/obj/dynamic/interface"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*====================================================
= createDynamicEgressInterface =
====================================================*/
public static function createDynamicEgressInterface($egressVxLanName) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"default-mapping": "disable",
"dynamic_mapping": [
{
"_scope": [
{
"name": "'.$GLOBALS['DEVICE'].'",
"vdom": "'.$GLOBALS['VDOM'].'"
}
],
"local-intf": [
"'.$egressVxLanName.'"
]
}
],
"name": "'.$egressVxLanName.'",
"single-intf": "enable"
},
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/obj/dynamic/interface"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*=================================================
= getPolicyDetailBaseOnName =
=================================================*/
public static function getPolicyDetailBaseOnName($policyName) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/'.$GLOBALS['PKG_NAME'].'/firewall/policy",
"filter": [ "name", "==", "'.$policyName.'" ],
"fields": [ "name", "policyid", "webfilter-profile", "dnsfilter-profile"]
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*============================================
= updatePolicyFirewall =
============================================*/
public static function updatePolicyFirewall($policyId) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"webfilter-profile": ["carwash-high"],
"dnsfilter-profile": ["dns-filter-ss"]
},
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/pkg/'.$GLOBALS['PKG_NAME'].'/firewall/policy/'.$policyId.'"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*============================================
= createPolicyFirewall =
============================================*/
public static function createPolicyFirewall($hnsId,$ingressVxLanName,$egressVxLanName,$security_level) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"action": "accept",
"av-profile": [
"carwash-av"
],
"dnsfilter-profile": [
"dns-filter-ss"
],
"profile-protocol-options": [ "carwash-protocol" ],
"dstaddr": [
"all"
],
"dstintf": [
"'.$egressVxLanName.'"
],
"logtraffic": "all",
"name": "carwash-policy-'.$hnsId.'",
"schedule": [
"always"
],
"service": [
"ALL"
],
"srcaddr": [
"all"
],
"srcintf": [
"'.$ingressVxLanName.'"
],
"utm-status": "enable",
"webfilter-profile": [
"carwash-'.$security_level.'"
]
},
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/pkg/'.$GLOBALS['PKG_NAME'].'/firewall/policy"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*======================================
= installPackage =
======================================*/
public static function installPackage() {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "exec",
"params": [
{
"data": {
"adom": "'.$GLOBALS['ATOM'].'",
"flags": [
"none"
],
"pkg": "'.$GLOBALS['PKG_NAME'].'",
"scope": [
{
"name": "'.$GLOBALS['DEVICE'].'",
"vdom": "'.$GLOBALS['VDOM'].'"
}
]
},
"url": "/securityconsole/install/package"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
return $response;
}
/*===============================
= Monitor =
===============================*/
public static function monitor($taskId) {
$session = Fortinet::getSession();
$body = '
{
"id": 1,
"method": "get",
"params": [
{
"url": "/task/task/'.$taskId.'"
}
],
"session": "'.$session.'",
"verbose": 1
}';
$response = CURL::post($GLOBALS['FG_API'],$body);
Fortinet::responseCheck($response);
$lineCount = count($response['result'][0]['data']['line']);
$totalPercent = ($response['result'][0]['data']['tot_percent'])/$lineCount;
return $totalPercent;
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment