FortiGate Objects

FortiGate objects are a type of data utilized within the FortiGate ecosystem to define and manage various aspects of network configurations and security policies. They encompass a broad range of elements such as network interfaces, VLANs, antivirus profiles, address objects, and more. FortiGate objects are integral to the operation of firewall policies and Zero Trust Network Access (ZTNA), ensuring that the sources and destinations of network traffic are accurately defined and controlled.

Address objects in particular are a critical component of FortiGate objects, providing the ability to specify network traffic parameters based on IPv4 addresses, IP ranges, Fully Qualified Domain Names (FQDNs), geographic locations, and dynamic external sources. These address objects are highly flexible and can be grouped for simplified management, significantly enhancing the efficiency of network security administration.

The FortiGate objects tool extends the functionality of these data elements by enabling the creation of Internet Service Database (ISDB) objects with regional information, merging IP definitions into the ISDB, and incorporating well-known MAC address lists. Additional capabilities such as GeoIP matching and synchronization of group address objects from FortiManager streamline the management of network security configurations across devices.

Within an Administrative Domain (ADOM), FortiGate objects are managed by a unique database, allowing for dynamic mapping and instant reflection of changes in the policy table within the Graphical User Interface (GUI). This ensures that network administrators can efficiently manage addresses, services, and security profiles, such as intrusion protection, antivirus signatures, and web filtering profiles, to maintain a robust security posture.

How to Export FortiGate Objects to a CSV File

Exporting Using a Script

The script, written in Python by danwalkeruk, facilitates the conversion of FortiGate objects into a CSV file format. This script is particularly useful for users who require a CSV file of their FortiGate objects for purposes such as documentation or analysis. It's important to note that the script is licensed under the GPL-3.0 license, ensuring that it adheres to the principles of free software.

Manual Export Process

You can manually export Firewall Objects by first saving the FortiGate configuration file in an unencrypted format. This approach requires accessing the system's configuration and carefully extracting the relevant "config firewall address" section, which contains the object details that you wish to export.

Once you have identified the necessary section within the configuration file, use a text editor to copy and paste this specific part into a new text file. After copying the required information, you must save this new file, which now serves as a source file for the objects you intend to export.

Finally, to complete the export process, import the newly created text file as a script into FortiGate. This can be accomplished by navigating to the System => Config => Advanced submenu within the FortiGate user interface. By following these steps, the Firewall Objects are exported and can be utilized as needed.

Streamline Your Data Management with Sourcetable

Forget the cumbersome process of exporting FortiGate objects to CSV and then importing them into a separate spreadsheet program. With Sourcetable, you can efficiently synchronize your live data directly from FortiGate into a user-friendly spreadsheet interface. This seamless integration not only saves time but also ensures that your data is always up-to-date, providing real-time insights for better automation and informed business decisions.

Sourcetable's compatibility with a wide range of apps and databases means you're not just limited to FortiGate objects. You can centralize all your data sources into one platform for a comprehensive overview. The intuitive spreadsheet format of Sourcetable allows for easy querying and manipulation of data, making it an indispensable tool for those who value efficiency and accuracy in their business intelligence practices.

Common Use Cases

• F

  
  Use case 1: Migrating Firewall Objects, Addresses, and Groups from a Fortigate 310 B to a Fortigate 240 D
• F

  
  Use case 2: Importing configuration as a script via System => Config => Advanced submenu
• F

  
  Use case 3: Troubleshooting and verifying numerous IPv4 policies
• F

  
  Use case 4: Enhancing visibility of IPv4 policies for better management

Frequently Asked Questions

Can I export IPv4 policies from FortiGate to a CSV file directly?

No, FortiGate cannot directly export IPv4 policies to a CSV file. You need to use FortiManager or the fgpoliciestocsv.py script.

How do I export the firewall policy list from FortiGate using the FortiManager?

To export the firewall policy list, go to Policy & Objects > Firewall Policy in FortiManager, click Export in the toolbar, and select CSV or JSON. The file will then be automatically downloaded.

Is there a script available for exporting FortiGate IPv4 policies to CSV?

Yes, the fgpoliciestocsv.py script can be used to extract IPv4 policies to a CSV file. The script can be downloaded from https://github.com/maaaaz/fgpoliciestocsv and run on a Unix or Linux based OS.

What versions of FortiGate support using the export command to extract policies to CSV?

The export command is available on FortiGate version 7.0.2 and above.

Can the export command on FortiGate export all details of the policy, including byte counts?

Yes, the export command can export all policy details, including byte counts.