Feature request - VPN extraction

Question

Feature request - VPN extraction

rhumbert54 opened this issue 2 years ago · 4 comments

Hi,

Is your feature request related to a problem? Please describe.
There is no relation to a problem. It's just a suggestion to take more information

Describe the solution you'd like
add 2 Chapters
1/ VPN SSL (it is activate ? listen port ? IP access filtering ? dns and suffix ? authentication timeout and certificate)
2/ VPN IPSEC (phase 1 and phase 2 resume per tunnel)

Describe alternatives you've considered
A simple export from vpn ipsec phase1-interface and phase2-interface (mode tunnel is depreciate) and grep to delete ENC psk and only specify if psk or certificate
A simple export from vpn ssl settings and grep to delete some information

Best regards
Renaud HUMBERT

Answer 1 · 2022-12-16T20:46:53.000Z

Hi Renaud,

For VPN SSL, do you have the list of parameter do you want ? (from cli conf)
it will be not i on next release because i need to add Get function for VPN SSL on PowerFGT

for VPN IPsec, it will be more easy (Get function are already available) and i will be also possible to display PSK (i will make an option for this)

from your feedback, we need to display this

phase1-interface

        set interface xxx
        set ip-version x
        set ike-version x
        set local-gw xxx
        set keylife xxx
        set authmethod xxx
        set mode xxx
        set peertype any
        set mode-cfg xxx
        set proposal xxx
        set localid xxx
        set dpd xxx
        set dhgrp xxx
        set xauthtype xxx
        set nattraversal xxx
        set rekey xxx
        set remote-gw xx

phase2-interface

        set phase1name xxx
        set proposal xxx
        set dhgrp xxx
        set replay xxx
        set keepalive xxx
        set auto-negotiate xxx
        set keylife-type xxx
        set src-addr-type xxx
        set dst-addr-type xxx
        set keylifeseconds xxx
        set src-name xxx
        set dst-name xxx
	set src-subnet xxx
	set dst-subnet xxx

Answer 2 · 2023-01-13T14:43:44.000Z

Hi Alexis, I think this parameters are interesting : Idle-timeout Auth-timeout Force-two-factor-auth Tunnel-ip-pools Dns-suffix Dns-server1 Dns-server2 Port Source-address Cordialement, Renaud HUMBERT Support Technique Client TSR [picto mail] ***@***.******@***.***> [picto tel] 0383988930 [picto map] Agence et Datacenters de Nancy ***@***.*** ***@***.*** [NSE 7] ***@***.*** ***@***.*** ***@***.***<https://www.adista.fr/communique-presse/adista-signe-laccord-dacquisition-de-waycom/> ***@***.***<https://www.adista.fr/> ***@***.***<https://twitter.com/adistafrance> ***@***.***<https://www.youtube.com/user/adistafrance> ***@***.***<https://fr.linkedin.com/company/adista-rmi> ***@***.***<https://www.facebook.com/adistafrance> De : Alexis La Goutte ***@***.***> Envoyé : vendredi 16 décembre 2022 21:47 À : AsBuiltReport/AsBuiltReport.Fortinet.FortiGate ***@***.***> Cc : Renaud HUMBERT ***@***.***>; Author ***@***.***> Objet : Re: [AsBuiltReport/AsBuiltReport.Fortinet.FortiGate] Feature request - VPN extraction (Issue #21) ATTENTION : Ce courriel provient de l'extérieur du groupe ADISTA. Ne cliquez pas sur les liens ou n'ouvrez pas les pièces jointes à moins de connaître l'expéditeur et de savoir que le contenu est sûr.

…

________________________________ Hi Renaud, For VPN SSL, do you have the list of parameter do you want ? (from cli conf) it will be not i on next release because i need to add Get function for VPN SSL on PowerFGT for VPN IPsec, it will be more easy (Get function are already available) and i will be also possible to display PSK (i will make an option for this) from your feedback, we need to display this phase1-interface set interface xxx set ip-version x set ike-version x set local-gw xxx set keylife xxx set authmethod xxx set mode xxx set peertype any set mode-cfg xxx set proposal xxx set localid xxx set dpd xxx set dhgrp xxx set xauthtype xxx set nattraversal xxx set rekey xxx set remote-gw xx phase2-interface set phase1name xxx set proposal xxx set dhgrp xxx set replay xxx set keepalive xxx set auto-negotiate xxx set keylife-type xxx set src-addr-type xxx set dst-addr-type xxx set keylifeseconds xxx set src-name xxx set dst-name xxx set src-subnet xxx set dst-subnet xxx - Reply to this email directly, view it on GitHub<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAsBuiltReport%2FAsBuiltReport.Fortinet.FortiGate%2Fissues%2F21%23issuecomment-1355586388&data=05%7C01%7Crhumbert%40adista.fr%7C133d83ad389649758ead08dadfa6b0e2%7C61b7c6667f1f45b5b4aefe7373641f03%7C0%7C0%7C638068204283908627%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=RfHlxPk8kFOm4eRAB7TA5jHDH%2Fq7nwCeZFeSZJgxkpA%3D&reserved=0>, or unsubscribe<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FA2MNOMKA7RSSQWMVB6Y3EB3WNTIMPANCNFSM6AAAAAASCJY2QM&data=05%7C01%7Crhumbert%40adista.fr%7C133d83ad389649758ead08dadfa6b0e2%7C61b7c6667f1f45b5b4aefe7373641f03%7C0%7C0%7C638068204283908627%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=43%2FTI9Qbibz3FjyNl8w69LTp0Vyy%2FdwD0LJ9QTiUQvc%3D&reserved=0>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>

Answer 3 · 2023-05-03T05:04:58.000Z

Would it be possible to get a updated release with this feature #26 in it?

Answer 4 · 2023-05-03T06:11:46.000Z

Would it be possible to get a updated release with this feature #26 in it?

Hi @RantMaster, i want to add more feature before (VPN SSL and enhance User Part) but i hope for very soon !