From f8be95c8d0d36c4a4c63afb47167777ab6a947cd Mon Sep 17 00:00:00 2001 From: Steven Polley Date: Tue, 23 Apr 2024 22:11:00 -0600 Subject: [PATCH] add fortinet integration example --- hypd/examples/fortigate/hypdconfig.json | 7 +++++ hypd/examples/fortigate/openfortigate.sh | 33 ++++++++++++++++++++++++ 2 files changed, 40 insertions(+) create mode 100644 hypd/examples/fortigate/hypdconfig.json create mode 100755 hypd/examples/fortigate/openfortigate.sh diff --git a/hypd/examples/fortigate/hypdconfig.json b/hypd/examples/fortigate/hypdconfig.json new file mode 100644 index 0000000..afd9506 --- /dev/null +++ b/hypd/examples/fortigate/hypdconfig.json @@ -0,0 +1,7 @@ +{ + "networkInterface": "enp0s3", + "preSharedKeyDirectory": "./secrets/", + "successAction": "./examples/fortigate/openfortigate.sh %s", + "timeoutSeconds": 0, + "timeoutAction": "" +} diff --git a/hypd/examples/fortigate/openfortigate.sh b/hypd/examples/fortigate/openfortigate.sh new file mode 100755 index 0000000..c90d2a9 --- /dev/null +++ b/hypd/examples/fortigate/openfortigate.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +# Make sure you have environment variables set for FORTIGATE_MGMT_URL, FORTIGATE_API_TOKEN and FORTIGATE_ADDRESS_OBJECT_GROUP +# Examples: +export FORTIGATE_MGMT_URL="https://69.4.20.10:8443" +export FORTIGATE_API_KEY="5fkwkkzgQ4s31bdH60qsxxfN093zgt" +export FORTIGATE_ADDRESS_OBJECT_GROUP="hyp-allowed-clients" + + +if [ $# -lt 1 ]; then + echo "Usage: $0 " + exit 1 +fi + +echo $FORTIGATE_MGMT_URL +echo $1 + +# Create the address object +curl "$FORTIGATE_MGMT_URL/api/v2/cmdb/firewall/address?datasource=1" \ + -X "POST" \ + -H "Authorization: Bearer $FORTIGATE_API_KEY" \ + -H "Content-Type: application/json" \ + --data-raw "{\"name\":\"hyp_$1\",\"subnet\":\"$1/32\",\"color\":\"0\"}" \ + --insecure # LOL - remove this if you want, but I want this to be easy for noobs + + +# Add to address object group +curl "$FORTIGATE_MGMT_URL/api/v2/cmdb/firewall/addrgrp/$FORTIGATE_ADDRESS_OBJECT_GROUP/member" \ + -X "POST" \ + -H "Authorization: Bearer $FORTIGATE_API_KEY" \ + -H "Content-Type: application/json" \ + --data-raw "{\"name\":\"hyp_$1\"}" \ + --insecure # And here too \ No newline at end of file