From 6cb12eb6f6a13376b03025a7112ab8dede2cd0d1 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Jan 2025 12:23:30 +0100 Subject: [PATCH 1/7] bgp(router): Add Get-FGTRouterBGP For get BGP configuration (but it is not possible to filter... --- PowerFGT/Public/cmdb/router/bgp.ps1 | 70 +++++++++++++++++++++++++++++ 1 file changed, 70 insertions(+) create mode 100644 PowerFGT/Public/cmdb/router/bgp.ps1 diff --git a/PowerFGT/Public/cmdb/router/bgp.ps1 b/PowerFGT/Public/cmdb/router/bgp.ps1 new file mode 100644 index 000000000..d05928740 --- /dev/null +++ b/PowerFGT/Public/cmdb/router/bgp.ps1 @@ -0,0 +1,70 @@ +# +# Copyright 2019, Alexis La Goutte +# +# SPDX-License-Identifier: Apache-2.0 +# + +function Get-FGTRouterBGP { + + <# + .SYNOPSIS + Get list of all BGP + + .DESCRIPTION + Get list of all BGP (AS, router-id, neighbor, network...) + + .EXAMPLE + Get-FGTRouterBGP + + Get list of all route BGP object + + .EXAMPLE + Get-FGTRouterBGP -meta + + Get list of all route BGP object with metadata (q_...) like usage (q_ref) + + .EXAMPLE + Get-FGTRouterBGP -skip + + Get list of all route BGP object (but only relevant attributes) + + .EXAMPLE + Get-FGTRouterBGP -vdom vdomX + + Get list of all route BGP object on vdomX + #> + + [CmdletBinding(DefaultParameterSetName = "default")] + Param( + [switch]$meta, + [Parameter(Mandatory = $false)] + [switch]$skip, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('meta') ) { + $invokeParams.add( 'meta', $meta ) + } + if ( $PsBoundParameters.ContainsKey('skip') ) { + $invokeParams.add( 'skip', $skip ) + } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $response = Invoke-FGTRestMethod -uri 'api/v2/cmdb/router/bgp' -method 'GET' -connection $connection @invokeParams + $response.results + } + + End { + } +} From e5a9dad39732cad3c1f2cf1ce0e9d0bf079d3e20 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Jan 2025 18:04:01 +0100 Subject: [PATCH 2/7] BGP: Add Set-FGTRouterBGP for configure BGP you can configure AS, router_id and extra data (hashtable...) --- PowerFGT/Public/cmdb/router/bgp.ps1 | 75 +++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/PowerFGT/Public/cmdb/router/bgp.ps1 b/PowerFGT/Public/cmdb/router/bgp.ps1 index d05928740..ce78e827b 100644 --- a/PowerFGT/Public/cmdb/router/bgp.ps1 +++ b/PowerFGT/Public/cmdb/router/bgp.ps1 @@ -68,3 +68,78 @@ function Get-FGTRouterBGP { End { } } + +function Set-FGTRouterBGP { + + <# + .SYNOPSIS + Configure Router BGP Configuration + + .DESCRIPTION + Configure BGP configuration (as, router id...) + + .EXAMPLE + Set-FGTRouterBGP -as 65000 -router_id "192.0.2.1" + + Set BGP AS to 65000 and Router ID to 192.0.2.1 + + .EXAMPLE + $data = @{ "ebgp-multipath" = "enable" } + PS C> Set-FGTRouterBGP -data $data + + Change ebgp-multipath settings using -data parameter + + #> + + [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'medium')] + Param( + [Parameter (Mandatory = $false)] + [int]$as, + [Parameter (Mandatory = $false)] + [string]$router_id, + [Parameter (Mandatory = $false)] + [hashtable]$data, + [Parameter(Mandatory = $false)] + [String[]]$vdom, + [Parameter(Mandatory = $false)] + [psobject]$connection = $DefaultFGTConnection + ) + + Begin { + } + + Process { + + $invokeParams = @{ } + if ( $PsBoundParameters.ContainsKey('vdom') ) { + $invokeParams.add( 'vdom', $vdom ) + } + + $_bgp = new-Object -TypeName PSObject + + if ( $PsBoundParameters.ContainsKey('as') ) { + $_bgp | add-member -name "as" -membertype NoteProperty -Value $as + } + + if ( $PsBoundParameters.ContainsKey('router_id') ) { + $_bgp | add-member -name "router-id" -membertype NoteProperty -Value $router_id + } + + if ( $PsBoundParameters.ContainsKey('data') ) { + $data.GetEnumerator() | ForEach-Object { + $_bgp | Add-member -name $_.key -membertype NoteProperty -Value $_.value + } + } + + $uri = 'api/v2/cmdb/router/bgp' + + if ($PSCmdlet.ShouldProcess("BGP", 'Configure Router BGP')) { + Invoke-FGTRestMethod -uri $uri -method 'PUT' -body $_bgp -connection $connection @invokeParams | Out-Null + } + + Get-FGTRouterBGP -connection $connection @invokeParams + } + + End { + } +} \ No newline at end of file From 1abe8482249aa5945c91dff1d42a1f8edbfc4ef6 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Jan 2025 18:34:34 +0100 Subject: [PATCH 3/7] BGP(Tests): Add Tests for Get and Set --- Tests/integration/RouterBGP.Tests.ps1 | 84 +++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 Tests/integration/RouterBGP.Tests.ps1 diff --git a/Tests/integration/RouterBGP.Tests.ps1 b/Tests/integration/RouterBGP.Tests.ps1 new file mode 100644 index 000000000..ca5ca4590 --- /dev/null +++ b/Tests/integration/RouterBGP.Tests.ps1 @@ -0,0 +1,84 @@ +# +# Copyright 2020, Alexis La Goutte +# +# SPDX-License-Identifier: Apache-2.0 +# + +#include common configuration +. ../common.ps1 + + +BeforeAll { + Connect-FGT @invokeParams +} + +Describe "Get Router BGP" { + + + It "Get Router BGP Does not throw an error" { + { + Get-FGTRouterBGP + } | Should -Not -Throw + } + + It "Get ALL Router BGP" { + $rb = Get-FGTRouterBGP + $rb.count | Should -Not -Be $NULL + } + + It "Get ALL Router BGP with -skip" { + $rb = Get-FGTRouterBGP -skip + $rb.count | Should -Not -Be $NULL + } + +} + +Describe "Set Router BGP" { + + BeforeAll { + $script:bgp = Get-FGTRouterBGP + } + + It "Change AS" { + Set-FGTRouterBGP -as 65001 + $rb = Get-FGTRouterBGP + $rb.as | Should -Be "65001" + } + + It "Change router-id" { + Set-FGTRouterBGP -router_id "192.0.2.1" + $rb = Get-FGTRouterBGP + $rb.'router-id' | Should -Be "192.0.2.1" + } + + It "Change BGP via data (one field)" { + $data = @{ "keepalive-timer" = 30 } + Set-FGTRouterBGP -data $data + $rb = Get-FGTRouterBGP + $rb.'keepalive-timer' | Should -Be "30" + } + + It "Change BGP via data (two fields)" { + $data = @{ "holdtime-timer" = 120 ; "ebgp-multipath" = "enable" } + Set-FGTRouterBGP -data $data + $rb = Get-FGTRouterBGP + $rb.'holdtime-timer' | Should -Be "120" + $rb.'ebgp-multipath' | Should -Be "enable" + } + + AfterAll { + #convert Ps(Custom)Object to Hashtable + $hashtable = @{} + foreach ( $property in $bgp.psobject.properties.name ) { + if ($property -eq "router-id" -or $property -eq "as") { + continue + } + $hashtable[$property] = $bgp.$property + } + Set-FGTRouterBGP -router_id 0.0.0.0 -as 0 -data $hashtable + } +} + +AfterAll { + Disconnect-FGT -confirm:$false +} \ No newline at end of file From 837e6bc4ec7c0516d44a58f736e6dfad09df7aa7 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Jan 2025 18:43:04 +0100 Subject: [PATCH 4/7] README(.md): Add BGP chapiter/example --- README.md | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 937ed5166..638610b8e 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,7 @@ With this module (version 0.8.1) you can manage: - [Monitor](#monitor) (Get) - [Policy](#policy) (Add/Get/Remove) - [Proxy Address/Address Group/ Policy](#proxy) (Add/Get/Set/Remove) +- [Router BGP](#bgp) (Get/Set) - RoutePolicy (Get) - Service (Get) - Service Group (Get) @@ -878,7 +879,9 @@ or delete it `Remove-SystemZone`. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y ``` -### Static Route +### Routing + +#### Static Route You can create a new Static Route `Add-FGTRouterStatic`, retrieve its information `Get-FGTRouterStatic`, or delete it `Remove-FGTRouterStatic`. @@ -948,6 +951,50 @@ or delete it `Remove-FGTRouterStatic`. [Y] Yes [N] No [?] Help (default is "N"): y ``` +## Routing + +#### BGP + +You can retrieve BGP information `Get-FGTRouterBGP` or configure it `Get-FGTRouterBGP`. + +```powershell +# Get information about BGP + Get-FGTRouterBGP + + as : + router-id : + keepalive-timer : 60 + holdtime-timer : 180 + always-compare-med : disable + bestpath-as-path-ignore : disable + bestpath-cmp-confed-aspath : disable + bestpath-cmp-routerid : disable + bestpath-med-confed : disable + bestpath-med-missing-as-worst : disable + client-to-client-reflection : enable + dampening : disable + deterministic-med : disable + ebgp-multipath : enable + ibgp-multipath : disable + [...] + +# Configure BGP (AS and router-id) + Set-FGTRouterBGP -as 65001 -router_id 192.0.2.1 + + as : 65001 + router-id : 192.0.2.1 + [...] + +# for configure BGP extra value, you need to use -data (for example holdtime and ebgp-multipath) + $data = @{ "holdtime-timer" = 120 ; "ebgp-multipath" = "enable" } + Set-FGTRouterBGP -data $data + [...] + holdtime-timer : 120 + [...] + ebgp-multipath : enable + [...] +``` + ### Interface You can create a new interface (Vlan ...) `Add-FGTSystemInterface`, retrieve its information `Get-FGTSystemInterface`, @@ -1678,6 +1725,7 @@ Get-FGTMonitorVpnIPsec Get-FGTMonitorVpnSsl Get-FGTMonitorWebfilterCategories Get-FGTRouterPolicy +Get-FGTRouterBGP Get-FGTRouterStatic Get-FGTSystemAdmin Get-FGTSystemDHCPServer @@ -1730,6 +1778,7 @@ Set-FGTFirewallAddressGroup Set-FGTFirewallPolicy Set-FGTFirewallProxyAddressGroup Set-FGTFirewallVipGroup +Set-FGTRouterBGP Set-FGTSystemGlobal Set-FGTSystemInterface Set-FGTSystemSettings From 6269fe5c75c726fa8e7340a33acfe4b3e4fac805 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Jan 2025 18:43:45 +0100 Subject: [PATCH 5/7] connection(Tests): Add Multi connection for Get-FGTRouterBGP --- Tests/integration/Connection.Tests.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Tests/integration/Connection.Tests.ps1 b/Tests/integration/Connection.Tests.ps1 index aa550caa7..836aabcaf 100644 --- a/Tests/integration/Connection.Tests.ps1 +++ b/Tests/integration/Connection.Tests.ps1 @@ -193,6 +193,9 @@ Describe "Connect to a FortiGate (using multi connection)" { It "Use Multi connection for call Get Log Settings" { { Get-FGTLogSetting -type syslogd -connection $fgt } | Should -Not -Throw } + It "Use Multi connection for call Get Router BGP" { + { Get-FGTRouterBGP -connection $fgt } | Should -Not -Throw + } It "Use Multi connection for call Get Router Policy" { { Get-FGTRouterPolicy -connection $fgt } | Should -Not -Throw } From 5cf65343cd349a80d59dc8e2743288f69b0431ee Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sat, 4 Jan 2025 20:23:25 +0100 Subject: [PATCH 6/7] BGP(Tests): Fix tests with PS5 --- Tests/integration/RouterBGP.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Tests/integration/RouterBGP.Tests.ps1 b/Tests/integration/RouterBGP.Tests.ps1 index ca5ca4590..41c981a58 100644 --- a/Tests/integration/RouterBGP.Tests.ps1 +++ b/Tests/integration/RouterBGP.Tests.ps1 @@ -23,12 +23,12 @@ Describe "Get Router BGP" { It "Get ALL Router BGP" { $rb = Get-FGTRouterBGP - $rb.count | Should -Not -Be $NULL + @($rb).count | Should -Not -Be $NULL } It "Get ALL Router BGP with -skip" { $rb = Get-FGTRouterBGP -skip - $rb.count | Should -Not -Be $NULL + @($rb).count | Should -Not -Be $NULL } } From 345d25e35a851507337104248f7ca9a0b5aa458f Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Sun, 5 Jan 2025 09:42:57 +0100 Subject: [PATCH 7/7] BGP: fix typo after review --- PowerFGT/Public/cmdb/router/bgp.ps1 | 8 ++++---- README.md | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/PowerFGT/Public/cmdb/router/bgp.ps1 b/PowerFGT/Public/cmdb/router/bgp.ps1 index ce78e827b..40b2d7591 100644 --- a/PowerFGT/Public/cmdb/router/bgp.ps1 +++ b/PowerFGT/Public/cmdb/router/bgp.ps1 @@ -16,22 +16,22 @@ function Get-FGTRouterBGP { .EXAMPLE Get-FGTRouterBGP - Get list of all route BGP object + Get list of all router BGP object .EXAMPLE Get-FGTRouterBGP -meta - Get list of all route BGP object with metadata (q_...) like usage (q_ref) + Get list of all router BGP object with metadata (q_...) like usage (q_ref) .EXAMPLE Get-FGTRouterBGP -skip - Get list of all route BGP object (but only relevant attributes) + Get list of all router BGP object (but only relevant attributes) .EXAMPLE Get-FGTRouterBGP -vdom vdomX - Get list of all route BGP object on vdomX + Get list of all router BGP object on vdomX #> [CmdletBinding(DefaultParameterSetName = "default")] diff --git a/README.md b/README.md index 638610b8e..25910c558 100644 --- a/README.md +++ b/README.md @@ -955,10 +955,10 @@ or delete it `Remove-FGTRouterStatic`. #### BGP -You can retrieve BGP information `Get-FGTRouterBGP` or configure it `Get-FGTRouterBGP`. +You can retrieve BGP information `Get-FGTRouterBGP` or configure it `Set-FGTRouterBGP`. ```powershell -# Get information about BGP +# Get information about Router BGP Get-FGTRouterBGP as :