srl-labs
add fortigate node
I renamed the kind to fortinet_forios to keep it consisten with the naming scheme
you can try the beta build
sudo docker run --rm -v $(pwd):/workspace ghcr.io/oras-project/oras:v1.1.0 pull ghcr.io/srl-labs/clab-oci:14aac630
running this cmd will download the containerlab binary in your PWD
ADD1 as @steiler found, the registration part is missing -- example https://github.com/srl-labs/containerlab/blob/main/nodes/checkpoint_cloudguard/checkpoint_cloudguard.go#L21
ADD1 as @steiler found, the registration part is missing -- example https://github.com/srl-labs/containerlab/blob/main/nodes/checkpoint_cloudguard/checkpoint_cloudguard.go#L21
This is where it would need to go. https://github.com/srl-labs/containerlab/blob/main/clab/register.go Add the import and call Register
@robotwalk thanks, I am a bit behind with some other tasks, just pinging you to tell I have not forgotten about this one
Hi @robotwalk I have tried to launch the image built with https://github.com/hellt/vrnetlab/pull/174 and it boots fine after I did a8ad97a
But, I wonder what should I expect from this basic boot? It seems ssh doesn't respond, but telnet works.
How people usually consume fortios?
ADD1:
Dumping some resources I used:
- https://support.fortinet.com/Download/VMImages.aspx
- https://yurisk.info/2021/02/28/fortigate-vm-evaluation-license-15-days-limitations/
- https://docs.fortinet.com/document/fortigate-private-cloud/7.4.0/vmware-esxi-administration-guide/961760/downloading-the-fortigate-vm-deployment-package
- https://docs.fortinet.com/document/fortigate-private-cloud/7.0.0/vmware-esxi-administration-guide/615472/configuring-port-1
Hi @robotwalk I have tried to launch the image built with hellt/vrnetlab#174 and it boots fine after I did a8ad97a
But, I wonder what should I expect from this basic boot? It seems ssh doesn't respond, but telnet works.
How people usually consume fortios?
ADD1:
Dumping some resources I used:
- https://support.fortinet.com/Download/VMImages.aspx
- https://yurisk.info/2021/02/28/fortigate-vm-evaluation-license-15-days-limitations/
- https://docs.fortinet.com/document/fortigate-private-cloud/7.4.0/vmware-esxi-administration-guide/961760/downloading-the-fortigate-vm-deployment-package
- https://docs.fortinet.com/document/fortigate-private-cloud/7.0.0/vmware-esxi-administration-guide/615472/configuring-port-1
You are right. Will add the configuration to enable ssh on port1
Edit: What do you mean with ssh is not working. I can login with ssh
$ ssh -l admin 172.17.0.2
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.
ED25519 key fingerprint is SHA256:MOP/G/FdbV+1423Fv97HyBIeEkR5+RNQtuJs5IGjat4.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.17.0.2' (ED25519) to the list of known hosts.
[email protected]'s password:
vr-fortinet # show system interface config system interface edit "port1" set vdom "root"
set mode dhcp
set allowaccess ping https ssh fgfm
set type physical
set snmp-index 1
next
But this is just with the image started withoul containerlabs.
Will evaluate this further
It's all good. The DHCP assigned address is assigned by qemu so no need for explicit config
So I just build containerlabs with the current code and ran the lab-examples/fortigate/fortinet.clab.yml topology
./bin/containerlab deploy -t lab-examples/fortigate/fortinet.clab.yml
Getting healthy
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b716ac700587 vrnetlab/vr-fortios:v7.0.0 "/launch.py --userna…" 2 minutes ago Up 2 minutes (healthy) 22/tcp, 80/tcp, 443/tcp, 830/tcp, 3443/tcp, 5000/tcp, 10000-10099/tcp, 161/udp clab-fortigate-forti2
8db36ce45d42 vrnetlab/vr-fortios:v7.0.0 "/launch.py --userna…" 2 minutes ago Up 2 minutes (healthy) 22/tcp, 80/tcp, 443/tcp, 830/tcp, 3443/tcp, 5000/tcp, 10000-10099/tcp, 161/udp clab-fortigate-forti1
Get ips
$ docker ps -q | xargs -n1 docker inspect | grep -i ipaddress
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.20.20.2",
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.20.20.3",
SSH into
$ ssh -l admin 172.20.20.2
The authenticity of host '172.20.20.2 (172.20.20.2)' can't be established.
ED25519 key fingerprint is SHA256:+KSIszKGsTyvgqOPU2nxSp/QW4AgRmyOxCabYsrV1Dc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.20.20.2' (ED25519) to the list of known hosts.
[email protected]'s password:
forti2 #
$ ssh -l admin 172.20.20.3
The authenticity of host '172.20.20.3 (172.20.20.3)' can't be established.
ED25519 key fingerprint is SHA256:0CiIyNO93oVwewQJXdHtyHuNNayXMeR1gpCmWmvLenE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.20.20.3' (ED25519) to the list of known hosts.
[email protected]'s password:
forti1 #
SSH is enabled by default
forti2 # show system interface
config system interface
edit "port1"
set vdom "root"
set mode dhcp
set allowaccess ping https ssh fgfm
set type physical
set snmp-index 1
next
edit "port2"
set vdom "root"
set type physical
set snmp-index 2
next
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 3
next
edit "fortilink"
set vdom "root"
set fortilink enable
set ip 10.255.1.1 255.255.255.0
The second interface is also there and so is the linkt between the two nodes
btw: this graph feature is just awesome
Codecov Report
Attention: Patch coverage is 88.23529% with 4 lines in your changes are missing coverage. Please review.
Project coverage is 53.85%. Comparing base (
e269a28) to head (3653c31). Report is 2 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #1917 +/- ##
==========================================
+ Coverage 53.53% 53.85% +0.31%
==========================================
Files 155 156 +1
Lines 11347 11382 +35
==========================================
+ Hits 6075 6130 +55
+ Misses 4413 4391 -22
- Partials 859 861 +2
| Files | Coverage Δ | |
|---|---|---|
| clab/register.go | 100.00% <100.00%> (ø) |
|
| nodes/fortinet_fortigate/fortigate.go | 87.87% <87.87%> (ø) |
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}