diff --git a/node-definitions/fortinet/README.md b/node-definitions/fortinet/README.md index fefd4d9..8b81096 100644 --- a/node-definitions/fortinet/README.md +++ b/node-definitions/fortinet/README.md @@ -1,4 +1,3 @@ # Fortinet Node Definitions Here you will find collections of Fortinet node definitions. - diff --git a/node-definitions/fortinet/fortigate/README.md b/node-definitions/fortinet/fortigate/README.md index 601613b..fdf234b 100644 --- a/node-definitions/fortinet/fortigate/README.md +++ b/node-definitions/fortinet/fortigate/README.md @@ -6,8 +6,66 @@ This directory contains a node definition for the Fortinet FortiGate appliance. Images can be downloaded from https://support.fortinet.com/ with a proper account and entitlement. -### Description +### Default definition -This node definition provides for a Fortinet FortiGate node with four default ethernet interfaces and the ability to add up to 16. The node requires 1 vCPUs and 1,024 MB of RAM. +By default, a user named “admin” exists. -This node provides a serial console. +|Name|Value| +|-----|-----| +|Username|`admin`| +|Password|(None)| +|CPU|1| +|Memory|2GB| +|Data Disk Size|32GB| +|Interface|4| +|Serial Port|1| + +The following is an example of the first login for version 7.6.6. + +```sh +FortiGate-VM64-KVM login: admin +Password: (ENTER) +Verifying password... + +You are forced to change your password. Please input a new password. +According to the password policy enforced on this device, please change your password! +New password must conform to the following policy: +minimum-length=12 upper-case-letter=1 lower-case-letter=1 number=1 non-alphanumeric=1 + +New Password: +Confirm Password: +Verifying password... +Welcome! + +FortiGate-VM64-KVM # +``` + +### Configuration Example + +This node definition supports initial configuration via Cloud-Init. Set the initial configuration to “`openstack/latest/user_data`”. + +![fortigate_config](fortigate_config.png) + +To add an additional “cisco” user, configure it as follows. This has been verified to work on FortiGate 7.0 to 7.6. + +``` +config system global + set alias "FortiGate-VM64-KVM" + set hostname "FortiGate-VM64-KVM" +end +config system interface + edit "port1" + set mode dhcp + set allowaccess ping https ssh http + next +end +config system password-policy + set status disable +end +config system admin + edit "cisco" + set accprofile "super_admin" + set password "cisco" + next +end +``` diff --git a/node-definitions/fortinet/fortigate/fortigate.yaml b/node-definitions/fortinet/fortigate/fortigate.yaml index 672602a..74e0f9b 100644 --- a/node-definitions/fortinet/fortigate/fortigate.yaml +++ b/node-definitions/fortinet/fortigate/fortigate.yaml @@ -1,74 +1,91 @@ id: fortigate boot: - timeout: 60 + timeout: 300 completed: - - FortiGate-VM64-KVM login + - Restarting system + uses_regex: false +sim: + linux_native: + libvirt_domain_driver: kvm + driver: server + disk_driver: virtio + ram: 2048 + cpus: 1 + cpu_limit: 100 + nic_driver: virtio + data_volume: 32 + enable_rng: true + enable_tpm: false +general: + nature: firewall + description: FortiGate Next Generation Firewall + read_only: false configuration: generator: driver: null provisioning: files: - - name: meta-data - content: '' - editable: true + - editable: true + name: openstack/latest/user_data + content: |- + config system global + set alias "FortiGate-VM64-KVM" + set hostname "FortiGate-VM64-KVM" + end + - editable: true + name: openstack/content/0000 media_type: iso - volume_name: disk + volume_name: CDROM device: interfaces: - default_count: 4 - has_loopback_zero: false - physical: - - port1 - - port2 - - port3 - - port4 - - port5 - - port6 - - port7 - - port8 - - port9 - - port10 - - port11 - - port12 - - port13 - - port14 - - port15 - - port16 serial_ports: 1 -general: - description: FortiGate Next Generation Firewall - nature: firewall - read_only: true + physical: + - p1 + - p2 + - p3 + - p4 + - p5 + - p6 + - p7 + - p8 + - p9 + - p10 + - p11 + - p12 + - p13 + - p14 + - p15 + - p16 + has_loopback_zero: false + default_count: 4 +ui: + label_prefix: fortigate- + icon: firewall + label: FortiGate + visible: true + group: Others + description: |- + FortiGate Next Generation Firewall + + 2,048 MB DRAM, 1 vCPU + + Username/Password: + admin/(None) inherited: image: - boot_disk_size: false + ram: true cpus: true data_volume: true - ram: true - node: boot_disk_size: false + cpu_limit: true + node: + ram: true cpus: true data_volume: true - ram: true + boot_disk_size: false + cpu_limit: true pyats: - os: linux + os: fortinet + use_in_testbed: true + config_extract_command: show full-configuration schema_version: 0.0.1 -sim: - linux_native: - cpus: 1 - data_volume: 32 - disk_driver: virtio - driver: server - libvirt_domain_driver: kvm - nic_driver: virtio - ram: 1024 -ui: - description: |- - FortiGate Next Generation Firewall - - 1,024 MB DRAM, 1 vCPU - group: Others - icon: firewall - label: FortiGate - label_prefix: fortigate- - visible: true diff --git a/node-definitions/fortinet/fortigate/fortigate_config.png b/node-definitions/fortinet/fortigate/fortigate_config.png new file mode 100644 index 0000000..518f7a3 Binary files /dev/null and b/node-definitions/fortinet/fortigate/fortigate_config.png differ diff --git a/virl-base-images/fortinet/fortigate/fortigate-6.4.1.yaml b/virl-base-images/fortinet/fortigate/fortigate-6.4.1.yaml deleted file mode 100644 index e319658..0000000 --- a/virl-base-images/fortinet/fortigate/fortigate-6.4.1.yaml +++ /dev/null @@ -1,9 +0,0 @@ -id: fortigate-6.4.1 -node_definition_id: fortigate -description: '' -label: FortiGate 6.4.1 -disk_image: fortios.qcow2 -read_only: false -disk_subfolder: fortigate-6.4.1 -schema_version: 0.0.1 - diff --git a/virl-base-images/fortinet/fortigate/fortigate-7.6.6.yaml b/virl-base-images/fortinet/fortigate/fortigate-7.6.6.yaml new file mode 100755 index 0000000..d94cda5 --- /dev/null +++ b/virl-base-images/fortinet/fortigate/fortigate-7.6.6.yaml @@ -0,0 +1,7 @@ +id: fortigate-7-6-6 +node_definition_id: fortigate +description: FortiGate 7.6.6 +label: FortiGate 7.6.6 +disk_image: fortios-7.6.6.qcow2 +read_only: false +schema_version: 0.0.1