Some issues which I needed fixing to get a working result #9
Description
Thanks for your work, this perfectly suits my needs. Hope you'll finish it ;-)
I had to make a few minor (crude) adjustments for it to process my asa code:
- Asa code missed another possibility for a rule object.
- Fortigate generator must not start with policy '0' since this will in fact create policy '1' when no policies exist
- 'description' should be 'comment' and should be contained in parathensis
- There was some bad mapping to certain host types
- I gave all policies a name since this is mandatory anyway when changing afterwards in the GUI
You'll see for yourself below.
Hope this information is of use to you.
diff mod/DirectFire/Converter/parsers/ciscoasa.py original/DirectFire/Converter/parsers/ciscoasa.py
601d600
< elif network_object[1] == "host": # is a host
603,622d601
< network_object_name = network_object[2]
<
< if network_object_name not in data["network_objects"]:
<
< data["network_objects"][network_object_name] = {}
< data["network_objects"][network_object_name][
< "type"
< ] = "host"
< data["network_objects"][network_object_name][
< "host"
< ] = network_object[2]
< data["network_objects"][network_object_name][
< "description"
< ] = ""
<
< ## add network object to the group
<
< data["network_groups"][network_group_name]["members"].append(
< network_object_name
< )
diff mod/Converter/generators/fortigate.py original/DirectFire/Converter/generators/fortigate.py
403,404c403
< dst_config.append(cfglvl1 + "edit " + str(policy_id + 1)) # must start at 1
< dst_config.append(cfglvl2 + "set name PID_" + str(policy_id + 1)) # must start at 1
dst_config.append(cfglvl1 + "edit " + str(policy_id))
406,413c405,409
< if "".join(list(map(str, attributes["src_interfaces"]))):
< dst_config.append(
< cfglvl2
< + "set srcintf "
< + " ".join(list(map(str, attributes["src_interfaces"])))
< )
< else:
< dst_config.append(cfglvl2 + "set srcintf ANY")
dst_config.append( cfglvl2 + "set srcintf " + " ".join(list(map(str, attributes["src_interfaces"]))) )
415,422c411,415
< if "".join(list(map(str, attributes["dst_interfaces"]))):
< dst_config.append(
< cfglvl2
< + "set dstintf "
< + " ".join(list(map(str, attributes["dst_interfaces"])))
< )
< else:
< dst_config.append(cfglvl2 + "set dstintf ANY")
dst_config.append( cfglvl2 + "set dstintf " + " ".join(list(map(str, attributes["dst_interfaces"]))) )
431c424
< # cfglvl2
# cfglvl2
435,479d427
< if attributes["src_addresses"][0]["name"] == "any":
< dst_config.append(cfglvl2 + "set srcaddr all")
< else:
< dst_config.append(
< cfglvl2
< + "set srcaddr "
< + " " + attributes["src_addresses"][0]["name"]
< )
<
< if attributes["dst_addresses"][0]["name"] == "any":
< dst_config.append(cfglvl2 + "set dstaddr all")
< else:
< dst_config.append(
< cfglvl2
< + "set dstaddr "
< + " " + attributes["dst_addresses"][0]["name"]
< )
<
< if attributes["action"] == "allow":
< dst_config.append(cfglvl2 + "set action accept")
< else:
< dst_config.append(cfglvl2 + "set action deny")
<
< dst_config.append(
< cfglvl2
< + "set schedule always "
< )
<
< if attributes["src_services"][0]["name"] == "any":
< dst_config.append(cfglvl2 + "set service ALL")
< else:
< dst_config.append(cfglvl2 + "set service "
< + " " + attributes["src_services"][0]["name"]
< )
<
< dst_config.append(
< cfglvl2
< + "set logtraffic all"
< )
<
< # set action accept
< # set schedule "always"
< # set service "ALL_ICMP"
< # set logtraffic all
< # set comments " (Copy of CUST2BACKUP)"
482c430
< dst_config.append(cfglvl2 + 'set comments "' + attributes["description"] + '"')
dst_config.append(cfglvl2 + "set description " + attributes["description"])