How to create DHCP server and a policy in the Fortigate

-
Here is an example script that demonstrates how to use the  fortigate-api  package to create a DHCP server and a policy in the Fortigate   from fortigate_api import FortigateAPI # Create a FortigateAPI object fgt = FortigateAPI(host="host", username="username", password="password") # Create a DHCP server data = {     "default-gateway": "192.168.255.1",     "netmask": "255.255.255.0",     "interface": "vlan.123",     "ip-range": [         {"start-ip": "192.168.255.2", "end-ip": "192.168.255.254",}     ], } fgt.dhcp_server.create(data) # Create a policy in the Fortigate data = dict(     name="POLICY",     status="enable",     action="accept",     srcintf=[{"name": "any"}],     dstintf=[{"name": "any"}],     srcaddr=[{"name": "all"}],     dstaddr=[{"name&quo
Post a Comment

Python Script to take the Backup of Multiple device in a Network

- 


from netmiko import ConnectHandler
Sw_1 = {
    'device_type': 'cisco_ios',
    'host':   '192.168.6.10',
    'username': 'admin',
    'password': 'Admin@123',
    'port': 22,          # optional, defaults to 22
    'secret': 'secret',     # optional, defaults to ''
}
Sw_2 = {
    'device_type': 'cisco_ios',
    'host':   '192.168.6.20',
    'username': 'admin',
    'password': 'Admin@123',
    'port': 22,          # optional, defaults to 22
    'secret': 'secret',     # optional, defaults to ''
}
Sw_3 = {
    'device_type': 'cisco_ios',
    'host':   '192.168.6.30',
    'username': 'admin',
    'password': 'Admin@123',
    'port': 22,          # optional, defaults to 22
    'secret': 'secret',     # optional, defaults to ''
}
Sw_4 = {
    'device_type': 'cisco_ios',
    'host':   '192.168.6.40',
    'username': 'admin',
    'password': 'Admin@123',
    'port': 22,          # optional, defaults to 22
    'secret': 'secret',     # optional, defaults to ''
}
Sw_5 = {
    'device_type': 'cisco_ios',
    'host':   '192.168.6.50',
    'username': 'admin',
    'password': 'Admin@123',
    'port': 22,          # optional, defaults to 22
    'secret': 'secret',     # optional, defaults to ''
}
net_connect = ConnectHandler(**Sw_1)
output=net_connect.send_command('sh run')
Sw_1 = open("sw_1.txt", "w") 
Sw_1.write(output)
Sw_1.close()
net_connect.disconnect()

net_connect = ConnectHandler(**Sw_2)
output=net_connect.send_command('sh run')
Sw_2 = open("sw_2.txt", "w") 
Sw_2.write(output)
Sw_2.close()
net_connect.disconnect()

net_connect = ConnectHandler(**Sw_3)
output=net_connect.send_command('sh run')
Sw_3 = open("sw_3.txt", "w") 
Sw_3.write(output)
Sw_3.close()
net_connect.disconnect()


net_connect = ConnectHandler(**Sw_4)
output=net_connect.send_command('sh run')
Sw_4 = open("sw_4.txt", "w") 
Sw_4.write(output)
Sw_4.close()
net_connect.disconnect()


net_connect = ConnectHandler(**Sw_5)
output=net_connect.send_command('sh run')
Sw_5 = open("sw_5.txt", "w") 
Sw_5.write(output)
Sw_5.close()
net_connect.disconnect()

Here's the Output of the Program given below:-

Output File Name

Here's the backup of one of the switches mentioned in the program:

Building configuration...

Current configuration : 3189 bytes

!

! Last configuration change at 13:52:25 UTC Mon Nov 20 2023

!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service compress-config

!

hostname SW-1

!

boot-start-marker

boot-end-marker

!

!

enable password Nipun@123

!

username admin privilege 15 password 0 Admin@123

no aaa new-model

!

!

!

!

!

!

!

!

ip domain-name nipun

ip cef

no ipv6 cef

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface GigabitEthernet0/0

 negotiation auto

!

interface GigabitEthernet0/1

 negotiation auto

!

interface GigabitEthernet0/2

 negotiation auto

!

interface GigabitEthernet0/3

 negotiation auto

!

interface GigabitEthernet1/0

 negotiation auto

!

interface GigabitEthernet1/1

 negotiation auto

!

interface GigabitEthernet1/2

 negotiation auto

!

interface GigabitEthernet1/3

 negotiation auto

!

interface Vlan1

 ip address 192.168.6.10 255.255.255.0

!

ip forward-protocol nd

!

ip http server

ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.6.128

ip ssh version 2

ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr

ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr

!

!

control-plane

!

banner exec ^C

**************************************************************************

* IOSv is strictly limited to use for evaluation, demonstration and IOS  *

* education. IOSv is provided as-is and is not supported by Cisco's      *

* Technical Advisory Center. Any use or disclosure, in whole or in part, *

* of the IOSv Software or Documentation to any third party for any       *

* purposes is expressly prohibited except as otherwise authorized by     *

* Cisco in writing.                                                      *

**************************************************************************^C

banner incoming ^C

**************************************************************************

* IOSv is strictly limited to use for evaluation, demonstration and IOS  *

* education. IOSv is provided as-is and is not supported by Cisco's      *

* Technical Advisory Center. Any use or disclosure, in whole or in part, *

* of the IOSv Software or Documentation to any third party for any       *

* purposes is expressly prohibited except as otherwise authorized by     *

* Cisco in writing.                                                      *

**************************************************************************^C

banner login ^C

**************************************************************************

* IOSv is strictly limited to use for evaluation, demonstration and IOS  *

* education. IOSv is provided as-is and is not supported by Cisco's      *

* Technical Advisory Center. Any use or disclosure, in whole or in part, *

* of the IOSv Software or Documentation to any third party for any       *

* purposes is expressly prohibited except as otherwise authorized by     *

* Cisco in writing.                                                      *

**************************************************************************^C

!

line con 0

line aux 0

line vty 0 4

 password nipun@123

 login local

 transport input ssh

!

end


Comments

Post a Comment

Popular posts from this blog

How to Configure VXLAN in FortiGate Firewall

-
Image
How to Configure VXLAN in FortiGate Firewall A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls with L3 connectivity in between. Ø Under Each Firewall we have one Cisco Switch with two VLAN configured i.e.;3500 & 3600 Ø Uplink for switches has been configured with 802.1Q trunk which is connected to FortiGate Firewall. Ø Each switch has two PCs connected one in VLAN 3500 & other one in 3600 VLAN. Ø We have configured VLAN and VXLAN on both the FortiGate Firewall. Ø In this topology PCs in the same VLAN will be able to communicate with each other through a L3 link using VXLAN technology and they will be encapsulated such that both the PCs will think that they are within the L2 domain.           FortiGate Firewall Configuration VXLAN Configuration: - FGT-1: config system vxlan     edit "vxlan3500"         set interface "port
Read more

Higher Availability in FortiGate and VRRP in Cisco

-
Image
  Higher Availability in FortiGate and VRRP in Cisco A brief explanation of the given topology: - Ø On top of all, there are two FortiGate Firewalls one Active other one as Standby. Ø With the Higher Availability (HA) configured for handling the Failover of active Firewall. Ø There are two CORE switches with VRRP Configuration: CORE-1 as Master and CORE-2 as Slave. Ø Between two CORE-1 and CORE-2, two links in the Port Channel have been configured. Ø SVIs and static default route toward the Firewall has been configured for LAN users. Ø Also, the DHCP server has been configured for DATA and VOICE VLANs. Ø Two Layer 2 switches with uplinks as trunk and VLANs. FortiGate Firewall Configuration HA Configuration in FortiGate Firewall: - Here I have kept by default priority i.e.; 128 for “ ACTIVE-FIREWALL ” whose role is primary and I have set 100 for the “ STANDBY-FIREWALL ” whose role is secondary.   By default, the selection process of HA in FortiGat
Read more