8000 Fortinet Generator for Aerleon by ankenyr · Pull Request #393 · aerleon/aerleon · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Fortinet Generator for Aerleon #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 16 commits into from
May 24, 2025
Merged

Fortinet Generator for Aerleon #393

merged 16 commits into from
May 24, 2025

Conversation

ankenyr
Copy link
Collaborator
@ankenyr ankenyr commented May 13, 2025
edited by jtwb
Loading

This PR introduces a new generator for the Fortinet Fortigate platform.

Output from tests not asserting errors have been tested against a Fortinet VM.

The header for a fortinet policy must include the source and destination interface and may include the address family.
Two options have been introduced that modify logging: log_traffic_mode_all and log_traffic_start_session, which enable two different logging modes and must be used in conjunction with logging: true.

An example policy

filters:
- header:
    comment: this is a test acl
    targets:
      fortigate: test-filter port1 port2
  terms:
  - name: good-term-1
    source-address: FOO GOO
    destination-address: BAR
    source-port: HTTP
    destination-port: DNS
    protocol: tcp udp
    action: accept

Docs have been updated with the Fortinet generator's keywords.

This PR will resolve #62

jtwb
jtwb approved these changes May 14, 2025
View reviewed changes
Copy link
Member
@jtwb jtwb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks great. Left some comments but none urgent. Most pressing perhaps is whether filter is supported instead of action for Fortinent and if that case needs a test. In any case, looks shippable.

loulecrivain
loulecrivain reviewed May 15, 2025
View reviewed changes
Copy link
Contributor
@loulecrivain loulecrivain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like some changes to be done, mainly:

  • delete the filter name option from the target
  • add support for local-in-policy
  • being able to disable logging for some rules

And also add the plugin in the plugin supervisor. The rest is small fixes and suggestions.

ankenyr and others added 3 commits May 15, 2025 10:34
@ankenyr @jtwb
Update docs/reference/generators.md
e888d8f 
Co-authored-by: Jason Benterou <jason.benterou+github@gmail.com>
@ankenyr @jtwb
Update docs/reference/generators.md
5b6fd40 
Co-authored-by: Jason Benterou <jason.benterou+github@gmail.com>
@ankenyr @jtwb
Update aerleon/lib/fortigate.py
c0c5427 
Co-authored-by: Jason Benterou <jason.benterou+github@gmail.com>
@codecov Codecov
Copy link
codecov bot commented May 15, 2025

Codecov Report

Attention: Patch coverage is 95.64428% with 24 lines in your changes missing coverage. Please review.

Project coverage is 91.13%. Comparing base (759cafd) to head (c0c5427).
Report is 4 commits behind head on main.

Files with missing lines Patch % Lines
aerleon/lib/fortigate.py 92.40% 14 Missing and 10 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #393      +/-   ##
==========================================
+ Coverage   91.04%   91.13%   +0.08%     
==========================================
  Files         107      109       +2     
  Lines       22854    23413     +559     
  Branches     4323     4429     +106     
==========================================
+ Hits        20808    21338     +530     
- Misses       1324     1343      +19     
- Partials      722      732      +10
Flag Coverage Δ
tests 91.12% <95.64%> (+0.09%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

loulecrivain
loulecrivain reviewed May 21, 2025
View reviewed changes
jtwb
jtwb reviewed May 23, 2025
View reviewed changes
@ankenyr ankenyr merged commit 7f563e6 into main May 24, 2025
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtwb jtwb jtwb approved these changes

@loulecrivain loulecrivain loulecrivain left review comments

Assignees

@jtwb jtwb

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fortinet Suppor 3AA5 t
3 participants
@ankenyr @jtwb @loulecrivain
0