Sometimes you need to document your firewall rules. To do this, I wrote a perl-script to create a CSV file.
Importing CSV into a spreadsheet is a good way for all users which prefer Apple Numbers, OpenOffice or LibreOffice. Microsoft Excel cannot import CSV with mulitline cells. So I appended the script to output HTML too. You can import HTML into Excel or you can use the HTML output directly.
This script does not only show the policies, it also displays the details of the objects used by the policy.
This script is written in Perl. On Linux and MacOS perl is already available. On Windows you need to install ⇒Perl first to make it work.
To get CSV output:
fortigate-extract.pl --config <fortigate-config.conf> --csv [--debug]
To get the HTML output:
fortigate-extract.pl --config <fortigate-config.conf> --html [--debug]
While CSV and HTML give you formatted output, which does not contain every parameter configured, you can output to TXT. The TXT version shows you every configured detail of the policy.
fortigate-extract.pl --config <fortigate-config.conf> --txt [--debug]
If your config does not contain any VDOMs, you get the output in a file like this:
<hostname>.csv
If your file contains VDOMS, the VDOM name is appended to the hostname.
<hostname>_<vdom>.csv
Config files not containing a firewall policy do not create an output file at all.
This perl script does run without modification or additional installation on Mac and on Linux. Windows users need to install ActivePerl.
Download the script:
| 2018.06.06 | Text Output, recursive entries for address and services |
| 2018.06.03 | log information, background color html output |
| 2018.06.02 | html output, Text::CSV no longer required |
| 2018.05.29 | output to txt or csv |
| 2018.05.26 | inital release |