Created
March 6, 2018 19:33
-
-
Save bunlongheng/9a3c739356bf059d59164bdb747c6fd5 to your computer and use it in GitHub Desktop.
Fortinet Model API between the portal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace App\Models; | |
use App\CURL; | |
use Redirect; | |
use Session; | |
//SSC.cfg | |
$GLOBALS['FG_API'] = 'http://172.18.58.25/jsonrpc'; | |
$GLOBALS['PKG_NAME'] = 'CARWASH_PKG_VPN'; | |
$GLOBALS['DEVICE'] = 'FGV16V0000131282'; | |
$GLOBALS['ATOM'] = 'CARWASH'; | |
$GLOBALS['VDOM'] = 'root'; | |
$GLOBALS['USERNAME'] = 'jsonapi'; | |
$GLOBALS['PASSWORD'] = ''; | |
$GLOBALS['INGRESS_PORT'] = '5000'; | |
$GLOBALS['INGRESS_INTERFACE'] = 'port2'; | |
$GLOBALS['INGRESS_REMOTE_IP'] = '10.0.1.1'; | |
$GLOBALS['EGRESS_PORT'] = '5001'; | |
$GLOBALS['EGRESS_INTERFACE'] = 'port3'; | |
$GLOBALS['EGRESS_REMOTE_IP'] = '10.0.2.1'; | |
class Fortinet { | |
/*======================================= | |
= Response Check = | |
=======================================*/ | |
public static function responseCheck($response) { | |
if ($response['result'][0]['status']['code'] != 0 && $response['result'][0]['status']['code'] != -2 ) { | |
return $response['result'][0]['status']['message']; | |
} | |
} | |
/*============================= | |
= login = | |
===============================*/ | |
public static function login() { | |
$body = ' | |
{ | |
"id": 1, | |
"method": "exec", | |
"params": [ | |
{ | |
"data": [ | |
{"passwd": "'.$GLOBALS['PASSWORD'].'", | |
"user": "'.$GLOBALS['USERNAME'].'" | |
} | |
], | |
"url": "sys/login/user" | |
} | |
], | |
"session": "", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
Session::forget('session'); | |
Session::put('session',$response['session']); | |
return $response['session']; | |
} | |
/*=============================== | |
= Session = | |
===============================*/ | |
public static function getSession() { | |
// if(Session::has('session')) { | |
// $session = Session::get('session'); | |
// } else { | |
// $session = Fortinet::login(); | |
// } | |
$session = Fortinet::login(); | |
return $session; | |
} | |
/*========================================== | |
= createIngressVxLan = | |
==========================================*/ | |
public static function createIngressVxLan($hnsId, $ingressVxLanName) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"dstport": "'.$GLOBALS['INGRESS_PORT'].'", | |
"interface": "'.$GLOBALS['INGRESS_INTERFACE'].'", | |
"name": "'.$ingressVxLanName.'", | |
"remote-ip": "'.$GLOBALS['INGRESS_REMOTE_IP'].'", | |
"vni":'.$hnsId.' | |
}, | |
"url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/vdom/'.$GLOBALS['VDOM'].'/system/vxlan" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*========================================= | |
= createEgressVxLan = | |
=========================================*/ | |
public static function createEgressVxLan($hnsId, $egressVxLanName) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"dstport": "'.$GLOBALS['EGRESS_PORT'].'", | |
"interface": "'.$GLOBALS['EGRESS_INTERFACE'].'", | |
"name": "'.$egressVxLanName.'", | |
"remote-ip": "'.$GLOBALS['EGRESS_REMOTE_IP'].'", | |
"vni":'.$hnsId.' | |
}, | |
"url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/vdom/'.$GLOBALS['VDOM'].'/system/vxlan" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*==================================== | |
= createSwitch = | |
====================================*/ | |
public static function createSwitch($ingressVxLanName,$egressVxLanName,$switchName) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"intra-switch-policy": "explicit", | |
"member": [ | |
"'.$ingressVxLanName.'", | |
"'.$egressVxLanName.'" | |
], | |
"name": "'.$switchName.'", | |
"vdom": "'.$GLOBALS['VDOM'].'" | |
}, | |
"url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/global/system/switch-interface" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*==================================== | |
= createDevice = | |
====================================*/ | |
public static function installDevice() { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "exec", | |
"params": [ | |
{ | |
"data": { | |
"adom": "'.$GLOBALS['ATOM'].'", | |
"dev_rev_comments": "Synchronizing the device configuration", | |
"flags": [ | |
"none" | |
], | |
"scope": [ | |
{ | |
"name": "'.$GLOBALS['DEVICE'].'", | |
"vdom": "'.$GLOBALS['VDOM'].'" | |
} | |
] | |
}, | |
"url": "/securityconsole/install/device" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
public static function createDynamicIngressInterface($ingressVxLanName) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"default-mapping": "disable", | |
"dynamic_mapping": [ | |
{ | |
"_scope": [ | |
{ | |
"name": "'.$GLOBALS['DEVICE'].'", | |
"vdom": "'.$GLOBALS['VDOM'].'" | |
} | |
], | |
"local-intf": [ | |
"'.$ingressVxLanName.'" | |
] | |
} | |
], | |
"name": "'.$ingressVxLanName.'", | |
"single-intf": "enable" | |
}, | |
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/obj/dynamic/interface" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*==================================================== | |
= createDynamicEgressInterface = | |
====================================================*/ | |
public static function createDynamicEgressInterface($egressVxLanName) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"default-mapping": "disable", | |
"dynamic_mapping": [ | |
{ | |
"_scope": [ | |
{ | |
"name": "'.$GLOBALS['DEVICE'].'", | |
"vdom": "'.$GLOBALS['VDOM'].'" | |
} | |
], | |
"local-intf": [ | |
"'.$egressVxLanName.'" | |
] | |
} | |
], | |
"name": "'.$egressVxLanName.'", | |
"single-intf": "enable" | |
}, | |
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/obj/dynamic/interface" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*================================================= | |
= getPolicyDetailBaseOnName = | |
=================================================*/ | |
public static function getPolicyDetailBaseOnName($policyName) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/'.$GLOBALS['PKG_NAME'].'/firewall/policy", | |
"filter": [ "name", "==", "'.$policyName.'" ], | |
"fields": [ "name", "policyid", "webfilter-profile", "dnsfilter-profile"] | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*============================================ | |
= updatePolicyFirewall = | |
============================================*/ | |
public static function updatePolicyFirewall($policyId) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"webfilter-profile": ["carwash-high"], | |
"dnsfilter-profile": ["dns-filter-ss"] | |
}, | |
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/pkg/'.$GLOBALS['PKG_NAME'].'/firewall/policy/'.$policyId.'" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*============================================ | |
= createPolicyFirewall = | |
============================================*/ | |
public static function createPolicyFirewall($hnsId,$ingressVxLanName,$egressVxLanName,$security_level) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "add", | |
"params": [ | |
{ | |
"data": { | |
"action": "accept", | |
"av-profile": [ | |
"carwash-av" | |
], | |
"dnsfilter-profile": [ | |
"dns-filter-ss" | |
], | |
"profile-protocol-options": [ "carwash-protocol" ], | |
"dstaddr": [ | |
"all" | |
], | |
"dstintf": [ | |
"'.$egressVxLanName.'" | |
], | |
"logtraffic": "all", | |
"name": "carwash-policy-'.$hnsId.'", | |
"schedule": [ | |
"always" | |
], | |
"service": [ | |
"ALL" | |
], | |
"srcaddr": [ | |
"all" | |
], | |
"srcintf": [ | |
"'.$ingressVxLanName.'" | |
], | |
"utm-status": "enable", | |
"webfilter-profile": [ | |
"carwash-'.$security_level.'" | |
] | |
}, | |
"url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/pkg/'.$GLOBALS['PKG_NAME'].'/firewall/policy" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*====================================== | |
= installPackage = | |
======================================*/ | |
public static function installPackage() { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "exec", | |
"params": [ | |
{ | |
"data": { | |
"adom": "'.$GLOBALS['ATOM'].'", | |
"flags": [ | |
"none" | |
], | |
"pkg": "'.$GLOBALS['PKG_NAME'].'", | |
"scope": [ | |
{ | |
"name": "'.$GLOBALS['DEVICE'].'", | |
"vdom": "'.$GLOBALS['VDOM'].'" | |
} | |
] | |
}, | |
"url": "/securityconsole/install/package" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
return $response; | |
} | |
/*=============================== | |
= Monitor = | |
===============================*/ | |
public static function monitor($taskId) { | |
$session = Fortinet::getSession(); | |
$body = ' | |
{ | |
"id": 1, | |
"method": "get", | |
"params": [ | |
{ | |
"url": "/task/task/'.$taskId.'" | |
} | |
], | |
"session": "'.$session.'", | |
"verbose": 1 | |
}'; | |
$response = CURL::post($GLOBALS['FG_API'],$body); | |
Fortinet::responseCheck($response); | |
$lineCount = count($response['result'][0]['data']['line']); | |
$totalPercent = ($response['result'][0]['data']['tot_percent'])/$lineCount; | |
return $totalPercent; | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment