netbox-sync icon indicating copy to clipboard operation
netbox-sync copied to clipboard
verified publisher icon bb-Ricardo

New Source Integration : Fortimanager

Open PierreLouisLetoquart opened this issue 1 year ago • 1 comments

Hi there !

Context

I’m currently working (for the "IT team" in a company) on extending our netbox-sync tool instance, which we use primarily for syncing data related to VMware, to also handle firewall data from FortiManager into Netbox.

I've included a pseudo-algorithm at the end of this post that outlines the approach I’ve started implementing for the firewall sync process.

I would really appreciate any insights or suggestions on how to best integrate FortiManager as a data source within netbox-sync. If anyone has prior experience with a similar implementation or knows of any existing resources (or implementations) that I should look into, I’d love to hear about it!

Additionally, if anyone is interested in collaborating on this, please let me know! I haven't created a fork or repository just yet, but I’m open to discussions on the best ways to add this source to the project and would love to hear your thoughts!

Pseudo-Algo

1. Initialize Environment

  • Load environment variables for FortiManager and Netbox credentials.
  • Setup logging for status tracking and error reporting.
  • Initialize clients for both FortiManager and Netbox.

2. Fetch Firewalls from FortiManager

  • Fetch all firewalls from FortiManager.
  • If fetching fails, log the error and halt execution.
  • For each firewall:
    • Fetch associated firewall interfaces from FortiManager.
    • Filter the interfaces:
      • Keep only valid interfaces (non-empty, non-default IP addresses).
      • Skip interfaces with invalid IPs.
  • Collect firewalls and their valid interfaces. (this will be the source of truth)

3. Check Firewalls in Netbox

  • For each firewall fetched from FortiManager:
    • Check if the firewall already exists in Netbox by name and role (firewall).
    • If not:
      • Retrieve or create the device type in Netbox based on the firewall's platform.
      • Retrieve or create the primary IP address for the firewall.
      • Add the firewall to Netbox with the following details:
        • Name, serial number, status, role, device type, and primary IP.
      • Add all valid interfaces to the firewall in Netbox.
        • ... process for each interfaces...

4. Parallel Processing (not necessary, but faster...)

  • Use parallel processing (ThreadPool) for:
    • Fetching firewalls and interfaces from FortiManager.
    • Verifying and creating firewalls in Netbox to speed up the process.

5. Error Handling

  • Same as current flow with logging etc.

6. Execution Flow

  • Fetch data from FortiManager.
  • Process the data to synchronize firewalls and interfaces with Netbox.

PierreLouisLetoquart avatar Oct 16 '24 16:10 PierreLouisLetoquart

Hi @PierreLouisLetoquart,

this sounds like an interesting idea.

A few ideas which come to my mind:

  • find a developer/contractor who is knowledgeable in python and willing to implement the feature
  • a test environment where you can test different versions and configurations is also quite important
  • who will maintain the source if bugs or feature requests occur?

bb-Ricardo avatar Oct 21 '24 11:10 bb-Ricardo

If I could ever get the time, I thought of that as well to continue adding sources as well as cloud based sources like Digital Ocean, etc. The premise is all the same, just implementation of each type of source.

ekrichbaum avatar Nov 08 '24 13:11 ekrichbaum

That would be great,

Also thought of polishing/reworking the internal API to make it easier to implement new sources.

bb-Ricardo avatar Nov 20 '24 22:11 bb-Ricardo

Just seeing what https://github.com/bl4ko/netbox-ssot does and you should use this project to sync from Fortimanager.

bb-Ricardo avatar Nov 22 '24 11:11 bb-Ricardo