-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Firewall in Cluster HA #21
Comments
I'll need to add support for that. When i first created this FortiManager didn't support it well but it does now so it should be doable. I'll look into it soon. |
Hi, |
I'm not sure how much time it will take. There is also now a feature in FMG 7.2 which will make this tool redundant. https://docs.fortinet.com/document/fortimanager/7.2.0/new-features/673597/device-blueprints Unfortunately this doesn't support HA model or some existing features of ZTP tool such as populating dynamic address object mappings. When would you need an update for your project? |
Hi, |
I've done the initial implementation but with very limited testing at this point. You can get the build here https://tmorris-ftnt.github.io/ztptool-v1.0.15ha-preview-win.zip Are you able to run from the source code? this will just make it easier/quicker to fix anything if something doesn't quite work right. There is an example xlsx included in the build for an HA device. There are a few new columns you can add for an HA device now.
Notes: This should be the same as creating an HA model cluster as per https://docs.fortinet.com/document/fortimanager/7.0.3/administration-guide/334482/adding-a-model-fortigate-ha-cluster Currently the Priority is hard coded to 255 for the primary and 128 for the secondary... I'll make options for this in a future build. I've only tested it in FMG 7.0.3 and only to the point of creating the model device with the HA members as per the link above. Let me know if you have any issues with it. I'll try to do some more testing on this over the weekend. |
Hello, Thank you very much for this nice tool ❤️ |
sure, i've made a branch for it here (https://github.com/tmorris-ftnt/ztptool/tree/hamodel) |
So i might have found some bugs: |
Thanks for the feedback, the %s is a bit weird, its not supposed to be a replacement - when you do the action on the GUI the API call it has that %s -- i had just copied what it did and it worked so didn't look at it any more. you're right about the HA_SN needing to check if its actually filled in - i mentioned above that i need to fix this. In some more testing and research the 7.0 HA model device is a little troublesome - in FMG 7.2 this process has been completely changed. I think i will have to target 7.2 for this feature. Also planning to support template groups as well. |
In my expercience the API itself often gives a response 200 OK even if nothing really is ok ... so you think the %s should stay ? |
Yes, I believe its correct. I've checked another example and it has the same %s used in the URL. |
Okay, it does seem a little strange ... |
Hi, it does the same thing if you do it via the GUI. I think its just how FortiManager works. I'll hopefully get some time to test this more soon. |
Hello, |
Hi Kevin, are you able to successfully deploy the HA cluster when configuring it from the FortiManager GUI? I now have two of the same FortiGate units here now so I can test them. I was trying with VM's before but that introduced some extra complications. |
Hi, |
here is the example: |
Hi,
firstly I would like to thank you for this tool.
This tool works fine with a single Firewall. How can I make it work with the Firewall in the Cluster(HA)?
Thank you in advance,
The text was updated successfully, but these errors were encountered: