The FortiGate Configuration Structure
Structure
The FortiGate configuration used in fotoobo uses a generic structure independent of the VDOM mode your FortiGate uses. The structure is saved in JSON format and used as a native Python object. This way you can access every configuration leaf by giving it’s path.
Every configuration data structure has a global part where non VDOM relevant configuration is stored. All VDOM configuration is in the vdom part of the data structure. If you use a FortiGate without VDOMs the vdom part is always root.
VDOM Mode
The VDOM mode used is determined by analyzing the first comment line in the configuration. There
we’ll find the string vdom= which indicates the mode:
vdom=0: VDOM mode disabledvdom=1: VDOM mode enabled
Meta information
Every configuration data structure may also hold some meta information for the FortiGate. E.g. its model or version number. This meta information may be used in filters.
Examples
The following examples are not realistic as they only show parts of a configuration which is not able to run. But you should get it.
A FortiGate without VDOM mode enabled
The FortiGate configuration …
#config-version=FGVM64-6.4.5-FW-build1828-210217:opmode=0:vdom=0:user=myuser
#conf_file_ver=1111
#buildno=1828
#global_vdom=1
config system global
set admintimeout 60
set hostname "my-fortigate"
end
config router static
edit 1
set gateway 10.0.0.1
set device "port1"
next
end
… would be converted into …
{
"vdom": {
"root": {
"router": {
"static": [
{
"gateway": "10.0.0.1",
"device": "port1",
"id": 1
}
]
}
}
},
"global": {
"system": {
"global": {
"admintimeout": "60",
"hostname": "my-fortigate"
}
}
}
}
A FortiGate with VDOM mode enabled
The FortiGate configuration …
#config-version=FGVM64-6.4.5-FW-build1828-210217:opmode=0:vdom=1:user=myuser
#conf_file_ver=1111
#buildno=1828
#global_vdom=1
config vdom
edit root
next
edit myvdom
next
end
config global
config system global
set admintimeout 60
set hostname "my-fortigate"
end
config vdom
edit myvdom
config router static
edit 1
set gateway 10.0.0.1
set device "port1"
next
end
end
… would be converted to …
{
"vdom": {
"myvdom": {
"router": {
"static": [
{
"gateway": "10.0.0.1",
"device": "port1",
"id": 1
}
]
}
},
"root": {
}
},
"global": {
"system": {
"global": {
"admintimeout": "60",
"hostname": "my-fortigate"
}
}
}
}