menu with pre configured query for admin #302

Ced-g-77 · 2025-03-12T13:55:05Z

Ced-g-77
Mar 12, 2025

Hello,
Thanks for the work, this script can be useful.
I tried to add menu to have quick access, this share of idea is for information (in french):

# Script powershell de consultation d'information Fortigate

# Cgs 12/03/2025

# Source https://github.com/FortiPower/PowerFGT

 

function Show-Menu

{

    param (

        [string]$Title = 'Menu PowerFGT'

    )

    Clear-Host

    Write-Host "================ $Title ================"

   

    Write-Host "1: Installation module PowerFGT"

    Write-Host "2: Connexion PowerFGT"

    Write-Host "3: Affichage aide module PowerFGT"

    Write-Host "4: Affichage des stratégies firewall"

    Write-Host "5: Affichage des adresses firewall"

    Write-Host "6: Affichage des interfaces"

    Write-Host "7: Informations API"

    Write-Host "8: Journaux avec choix de filtre"

    Write-Host "9: Journaux avec filtre"

    Write-Host "10: Deconnexion PowerFGT"

    Write-Host "Q: Quitter."

    return

}

 

function Saisie-Connect-FGT

{

$Ip_fgt = Read-Host ("Adresse Ip Fortigate ?")

# Import the module

Import-Module PowerFGT

return $Ip_fgt

}

 

Show-Menu

 

$selection = Read-Host "Choisir l'option"

 

 

  switch ($selection)

{

     '1' {

# Automated installation (Powershell 5 or later):

    Install-Module PowerFGT

}

     '2' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green " Connexion PowerFGT"

Write-host "-----------------------------------------------------------"

Write-host ""

 

$Ip_fgt = Saisie-Connect-FGT

# Connect to the FortiGate Firewall

Connect-FGT $Ip_fgt

}

 

     '3' {

# Get commands in the module

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage aide module PowerFGT"

Write-host "-----------------------------------------------------------"

Write-host ""

 

$(Get-Command -Module PowerFGT).Name

}

 

     '4' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage des stratégies firewall"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Get-FGTFirewallPolicy | Select-Object name,policyid | Sort-Object policyid

}

 

 

     '5' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage des adresses firewall"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Get-FGTFirewallAddress | Format-Table

}

 

 

     '6' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage des interfaces"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Get-FGTSystemInterface | Format-Table

}

 

     '7' {

 

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Informations API"

Write-host "-----------------------------------------------------------"

Write-host ""

$schema_list = Read-Host ("Afficher le schéma Api (o/n)")

 

if ($schema_list -eq "o")

{

 

$schema_api = Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/?action=schema"

foreach ($line in $schema_api.results)

{

$path = $line.path

$name = $line.name

Write-Host "Path : $path / Name : $name"

}

}

 

$path_api = Read-Host ("Saisir le path ? (exemple : system)")

$nom_api = Read-Host ("Saisir le nom ? (exemple : global)")

(Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/$path_api/$nom_api").results

}

 

     '8' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Journaux"

Write-host "-----------------------------------------------------------"

Write-host ""

 

#Write-host "10 connexions en cours"

#Get-FGTLogTraffic -type memory -subtype forward -rows 10 | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

 

Write-host "Liste des informations filtrables :"

Write-host "

 

action      

app         

appcat      

applist     

apprisk     

countapp    

date        

dstcountry  

dstintf     

dstintfrole 

dstip       

dstport     

duration    

level       

mastersrcmac

osname

policyid    

policyname  

policytype  

proto       

rcvdbyte    

rcvdpkt     

sentbyte    

sentpkt     

service     

sessionid   

srccountry  

srcintf     

srcintfrole 

srcip       

srcmac

srcname

srcport     

subtype     

time        

trandisp    

unauthuser

unauthusersource

utmaction   

vd          

 

     

"

$filtre = Read-Host "Choisissez un filtre"

$information = Read-Host "Choisissez une information à filtrer"

 

 

Write-Host "Afficher les 100 derniers journaux "

Write-host "-----"

Write-host -ForegroundColor Cyan "Affichage des informations par groupe : "

Write-host "-----"

 

$resultat = @()

# Affichage des 100 derniers journaux (groupe)

Get-FGTLogTraffic -type memory -subtype forward -rows 100 | select-object $filtre | Group-Object -Property $filtre -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true}

# Affichage des 100 derniers journaux avec le filtre

Get-FGTLogTraffic -type memory -subtype forward -rows 100 | where-Object $filtre -eq $information | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac |  ft * -wrap -AutoSize

Write-host "-----"

 

 

}

     '9' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Recherche de journaux préconfigurés"

Write-host "-----------------------------------------------------------"

Write-host ""

 

    Write-Host "1: 1000 derniers forward deny"

    Write-Host "2: 1000 derniers forward deny avec un port TCP de destination"

    Write-Host "3: 1000 derniers forward deny avec une adresse IP source"

    Write-Host "4: 1000 derniers forward deny avec une adresse mac source"

    Write-Host "5: 1000 derniers forward deny avec une adresse IP de destination"

 

 

$selection_journal = Read-Host "Choisir l'option"

 

if ($selection_journal -eq 1)

{

Write-host "Recherche 1000 derniers forward deny regroupés"

 

$(Get-FGTLogTraffic -type memory -subtype forward -rows 1000).srcintf |  Group-Object  -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true}

 

Write-host "------------------------"

Write-host "Affichage des entrées"

Write-host "------------------------"

 

Get-FGTLogTraffic -type memory -subtype forward -rows 1000  | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

#Get-FGTLogTraffic -type fortianalyzer -subtype forward  -rows 1000 -since 7d  | Select-Object date,time,level,vd,app,apprisk,osname,srcname,srcip,srcport,dstip,dstport,action,policyname,service,unauthuser | Where-Object action -eq deny | ft *

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arréter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000  | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 5}

}

}

 

elseif ($selection_journal -eq 2)

{

Write-host "Recherche 1000 derniers forward deny par port de destination regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object action -eq deny).dstport | group -NoElement

 

$prt_dest = Read-host "Port de Destination"

Write-host "------------------------"

Write-host "Affichage des entrées avec le port de destination $prt_dest "

Write-host "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstport $prt_dest | Where-Object action -eq deny  | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arréter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstport $prt_dest | Where-Object action -eq deny  | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 5}

}

}

 

elseif ($selection_journal -eq 3)

{

Write-host "Recherche 1000 derniers forward deny par adresse source regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object action -eq deny).srcip | group -NoElement

 

$src_ip = Read-host "Adresse IP source"

Write-host "------------------------"

Write-host "Affichage des entrées avec l'adresse source $src_ip"

Write-host "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -srcip $src_ip  | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arréter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -srcip $src_ip  | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 5}

}

}

 

elseif ($selection_journal -eq 4)

{

Write-host "Recherche 1000 derniers forward par adresse source mac regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object action -eq deny).srcmac | group -NoElement

 

$srcmac = Read-host "Adresse source mac"

Write-host "------------------------"

Write-host "Affichage des entrées avec l'adresse source mac $srcmac"

Write-host "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 | Where-Object action -eq deny | Where-Object srcmac -eq $srcmac | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arréter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 | Where-Object action -eq deny | Where-Object srcmac -eq $srcmac | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 5}

}

}

 

elseif ($selection_journal -eq 5)

{

Write-host "Recherche 1000 derniers forward deny par adresse de destination regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object action -eq deny).dstip | group -NoElement

$dest_ip = Read-host "Adresse IP destination"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstip $dest_ip  | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arréter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstip $dest_ip  | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 5}

}

}

 

 

 

else

{

Write-host "Aucune option"

}

 

 

}

 

 

     '10' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Deconnexion PowerFGT"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Disconnect-FGT

}

     'q' {

     exit

     }

 

}

alagoutte · 2025-03-12T14:08:54Z

alagoutte
Mar 12, 2025
Maintainer

Bonjour @Cocoking77

Interresing idea

I think, you need to edit for fix synthase (you can use ``` for add code)

2 replies

Ced-g-77 Mar 13, 2025
Author

J'ai mis quelques idées de filtres, bonne journée.
Cédric

alagoutte Mar 13, 2025
Maintainer

Top !

Ced-g-77 · 2025-03-12T14:16:53Z

Ced-g-77
Mar 12, 2025
Author

Thanks for the tips, during my changes you did it quicker .
Regards,
Cédric

0 replies

Ced-g-77 · 2025-07-08T10:24:28Z

Ced-g-77
Jul 8, 2025
Author

Fyi, I added an export fonction into a file for a preconfigured report with your powerfgt script, if you want to use it, this is the code :

# Script powershell de consultation d'information Fortigate

# Cgs 12/03/2025

# Source https://github.com/FortiPower/PowerFGT

 

param($param_fgt_serveur , $param_fgt_option)

 

if ($param_fgt_serveur)

{

$nom_fichier_fgt="$param_fgt_serveur-fgt-$(Get-Date -Format 'yyyy-MM-dd').txt"

}

 

function Show-Menu

{

    param (

        [string]$Title = 'Menu PowerFGT'

    )

    Clear-Host

    Write-Host "================ $Title ================"

   

    Write-Host "1: Installation module PowerFGT"

    Write-Host "2: Connexion PowerFGT"

    Write-Host "3: Affichage aide module PowerFGT"

    Write-Host "4: Affichage des stratégies firewall"

    Write-Host "5: Affichage des adresses firewall"

    Write-Host "6: Affichage des interfaces"

    Write-Host "7: Informations API Interractives"

    Write-Host "7-1: Informations API directes"

    Write-Host "7-2: Export informations vers fichier"

    Write-Host "8: Journaux avec choix de filtre"

    Write-Host "9: Journaux avec filtre Ip, port, service"

    Write-Host "10: Deconnexion PowerFGT"

    Write-Host "Q: Quitter."

    Write-Host "Utilisation avec parametrres : .\Script_Fortigate.ps1 -param_fgt_serveur <valeur>  -param_fgt_option <valeur>"

}

 

function Choix-Menu

{

$selection = Read-Host "Choisir l'option"

return $selection

}

 

function Saisie-Connect-FGT

{

    param (

        [string]$Ip_fgt

    )

# Import the module

Import-Module PowerFGT

# Connect to the FortiGate Firewall

#$result_connect = Connect-FGT $Ip_fgt -SkipCertificateCheck

$result_connect = Connect-FGT $Ip_fgt 


return $Ip_fgt

}

 

function Ecriture-titre-chemin

{

    param (

        [string]$chemin

    )

echo "" | Out-File -Append -FilePath $nom_fichier_fgt

echo "####################################" | Out-File -Append -FilePath $nom_fichier_fgt

echo $chemin | Out-File -Append -FilePath $nom_fichier_fgt

echo "####################################" | Out-File -Append -FilePath $nom_fichier_fgt

echo "" | Out-File -Append -FilePath $nom_fichier_fgt

}

 

function Interrogation_api

{

    param (

        [string]$chemin,

        [string]$nom_fichier_fgt

    )

Ecriture-titre-chemin $chemin

((Invoke-FGTRestMethod -method "get" -uri $chemin).results) | Out-File -Append -FilePath $nom_fichier_fgt

 

return $chemin

}

 

# Utilisation de paramètres

 

 

if ($param_fgt_serveur)

 

{

# Import the module

Import-Module PowerFGT

# Connect to the FortiGate Firewall

$Ip_fgt = $param_fgt_serveur

$selection = $param_fgt_option

 

try

{

Get-FGTLogTraffic -type memory -subtype forward -rows 1 | Format-Table

}

catch

{

#$result_connect = Connect-FGT $Ip_fgt -SkipCertificateCheck

$result_connect = Connect-FGT $Ip_fgt

write-host $result_connect.server  

}

 

}

 

else

{

# Récupération de la saisie dans la fonction Saisie-Connect-FGT

Show-Menu

$selection = Choix-Menu

}

 

 

  switch ($selection)

{

     '1' {

# Automated installation (Powershell 5 or later):

    Install-Module PowerFGT

}

     '2' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green " Connexion PowerFGT"

Write-host "-----------------------------------------------------------"

Write-host ""

 

$Ip_fgt = Read-host "Saisir l'adresse du Fortigate "

$nom_fichier_fgt="$Ip_fgt-fgt-$(Get-Date -Format 'yyyy-MM-dd').txt"

Saisie-Connect-FGT -Ip_fgt $Ip_fgt

 

}

 

 

 

     '3' {

# Get commands in the module

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage aide module PowerFGT"

Write-host "-----------------------------------------------------------"

Write-host ""

 

$(Get-Command -Module PowerFGT).Name

}

 

     '4' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage des stratégies firewall"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Get-FGTFirewallPolicy | Select-Object name,policyid | Sort-Object policyid

}

 

 

     '5' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage des adresses firewall"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Get-FGTFirewallAddress | Format-Table

}

 

 

     '6' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Affichage des interfaces"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Get-FGTSystemInterface | Format-Table

}

 

     '7' {

 

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Informations API Interractives"

Write-host "-----------------------------------------------------------"

Write-host ""

$schema_list = Read-Host ("Afficher le schéma Api (o/n)")

 

if ($schema_list -eq "o")

{

 

$schema_api = Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/?action=schema"

foreach ($line in $schema_api.results)

{

$path = $line.path

$name = $[line.name](http://line.name/)

Write-Host "Path : $path / Name : $name"

}

}

 

$path_api = Read-Host ("Saisir le path ? (exemple : system)")

$nom_api = Read-Host ("Saisir le nom ? (exemple : global)")

(Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/$path_api/$nom_api").results

}

 

     '7-1' {

 

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Informations API directes"

Write-host "-----------------------------------------------------------"

Write-host ""

 

$path_nom_api = Read-Host ("Saisir le path et nom ? (exemple : system/global)")

(Invoke-FGTRestMethod -method "get" -uri "api/v2/cmdb/$path_nom_api").results

}

     '7-2' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Export informations vers fichier"$nom_fichier_fgt". "

Write-host "-----------------------------------------------------------"

Write-host ""

echo "#################################################################################" | Out-File -Append -FilePath $nom_fichier_fgt

echo "Cmdb API" | Out-File -Append -FilePath $nom_fichier_fgt

echo "#################################################################################" | Out-File -Append -FilePath $nom_fichier_fgt

 

 

$chemin= @()

$chemin="api/v2/cmdb/system/vdom","api/v2/cmdb/system/global","api/v2/cmdb/system/password-policy","api/v2/cmdb/system.autoupdate/schedule","api/v2/cmdb/system.info.admin/status","api/v2/cmdb/system/resource-limits","api/v2/cmdb/system/fortiguard","api/v2/cmdb/switch-controller.security-policy/local-access","api/v2/cmdb/router/access-list","api/v2/cmdb/router/route-map","api/v2/monitor/ips/session/performance","api/v2/monitor/system/interface"

#api/v2/monitor/system/performance

 

foreach ($ligne_chemin in $chemin)

{

Interrogation_api $ligne_chemin $nom_fichier_fgt

}

 

$chemin="api/v2/cmdb/system/interface"

Ecriture-titre-chemin $chemin

(Invoke-FGTRestMethod -method "get" -uri $chemin).results | select-object name, vdom, mode, ip, allowaccess, interface, vlan-protocol, vlanid | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

 

$chemin="api/v2/cmdb/system/accprofile"

Ecriture-titre-chemin $chemin

((Invoke-FGTRestMethod -method "get" -uri $chemin).results).name | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/cmdb/system/physical-switch"

Ecriture-titre-chemin $chemin

(((Invoke-FGTRestMethod -method "get" -uri $chemin).results).port).name | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/cmdb/system/admin"

Ecriture-titre-chemin $chemin

(Invoke-FGTRestMethod -method "get" -uri $chemin).results | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/cmdb/system.snmp/community"

Ecriture-titre-chemin $chemin

$((Invoke-FGTRestMethod -method "get" -uri $chemin).results).name | Out-File -Append -FilePath $nom_fichier_fgt

$((Invoke-FGTRestMethod -method "get" -uri $chemin).results).status | Out-File -Append -FilePath $nom_fichier_fgt

$(((Invoke-FGTRestMethod -method "get" -uri $chemin).results).hosts) | Select-Object source-ip,ip,ha-direct,host-type  | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/cmdb/system.dhcp/server"

Ecriture-titre-chemin $chemin

$((Invoke-FGTRestMethod -method "get" -uri $chemin).results) | select-object id,status,lease-time,dns-service,default-gateway | ft | Out-File -Append -FilePath $nom_fichier_fgt

$((Invoke-FGTRestMethod -method "get" -uri $chemin).results)."ip-range" | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/cmdb/system/dns-database"

Ecriture-titre-chemin $chemin

(Invoke-FGTRestMethod -method "get" -uri $chemin).results | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/cmdb/system/vdom-property"

Ecriture-titre-chemin $chemin

(Invoke-FGTRestMethod -method "get" -uri $chemin).results | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/monitor/system/resource/usage"

Ecriture-titre-chemin $chemin

(Invoke-FGTRestMethod -method "get" -uri $chemin).results | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

$chemin="api/v2/monitor/router/ipv4"

Ecriture-titre-chemin $chemin

(Invoke-FGTRestMethod -method "get" -uri $chemin).results | ft | Out-File -Append -FilePath $nom_fichier_fgt

 

 

 

 

# Sorties commandes

echo "#################################################################################" | Out-File -Append -FilePath $nom_fichier_fgt

echo "Fgt powershell" | Out-File -Append -FilePath $nom_fichier_fgt

echo "#################################################################################" | Out-File -Append -FilePath $nom_fichier_fgt

 

echo "Stratégie Firewall" | Out-File -Append -FilePath $nom_fichier_fgt

Get-FGTFirewallPolicy | Format-Table | Out-File -Append -FilePath $nom_fichier_fgt

echo "Adresses Firewall" | Out-File -Append -FilePath $nom_fichier_fgt

Get-FGTFirewallAddress | Format-Table | Out-File -Append -FilePath $nom_fichier_fgt

echo "Interfaces" | Out-File -Append -FilePath $nom_fichier_fgt

Get-FGTSystemInterface | Format-Table | Out-File -Append -FilePath $nom_fichier_fgt

 

}

 

 

 

     '8' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Journaux"

Write-host "-----------------------------------------------------------"

Write-host ""

 

#Write-host "10 connexions en cours"

#Get-FGTLogTraffic -type memory -subtype forward -rows 10 | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

 

Write-host "Liste des informations filtrables :"

Write-host "

 

action      

app         

appcat      

applist     

apprisk     

countapp    

date        

dstcountry  

dstintf     

dstintfrole 

dstip       

dstport     

duration    

level       

mastersrcmac

osname

policyid    

policyname  

policytype  

proto       

rcvdbyte    

rcvdpkt     

sentbyte    

sentpkt     

service      

sessionid   

srccountry  

srcintf     

srcintfrole 

srcip       

srcmac

srcname

srcport     

subtype     

time        

trandisp    

unauthuser

unauthusersource

utmaction   

vd          

 

     

"

$filtre = Read-Host "Choisissez un filtre"

$information = Read-Host "Choisissez une information à filtrer"

 

 

Write-Host "Afficher les 100 derniers journaux "

Write-host "-----"

Write-host -ForegroundColor Cyan "Affichage des informations par groupe : "

Write-host "-----"

 

$resultat = @()

# Affichage des 100 derniers journaux (groupe)

Get-FGTLogTraffic -type memory -subtype forward -rows 100 | select-object $filtre | Group-Object -Property $filtre -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true}

# Affichage des 100 derniers journaux avec le filtre

Get-FGTLogTraffic -type memory -subtype forward -rows 100 | where-Object $filtre -eq $information | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac |  ft * -wrap -AutoSize

Write-host "-----"

 

 

}

     '9' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Recherche de journaux préconfigurés"

Write-host "-----------------------------------------------------------"

Write-host ""

 

    Write-Host "1: 1000 derniers forward deny"

    Write-Host "2: 1000 derniers forward deny avec un port TCP de destination"

    Write-Host "3: 1000 derniers forward deny avec une adresse IP source"

    Write-Host "4: 1000 derniers forward deny avec une adresse IP de destination"

    Write-Host "5: 1000 derniers forward deny avec une adresse mac source"

    Write-Host "6: 1000 derniers forward deny avec un service"

 

 

$exclusion=""

$selection_journal = Read-Host "Choisir l'option"

$exclusion = Read-Host "Exclure une/plusieurs information(s), exemple   PING|HTTPS|DNS|HTTP|tcp/22"

 

if ($selection_journal -eq 1)

{

Write-host "`n--------"

Write-host "Recherche 1000 dernieres interfaces sources forward deny regroupés"

Write-host "--------"

 

$(Get-FGTLogTraffic -type memory -subtype forward -rows 1000).srcintf | Where-Object { $_ -notmatch $exclusion } |  Group-Object  -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true}

 

Write-host "`n--------"

Write-host "Recherche 1000 dernieres destination forward deny regroupés"

Write-host "--------"

 

$(Get-FGTLogTraffic -type memory -subtype forward -rows 1000).dstip | Where-Object { $_ -notmatch $exclusion } | Group-Object  -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true}

 

Write-host "`n--------"

Write-host "Recherche 1000 derniers services forward deny regroupés"

Write-host "--------"

 

$(Get-FGTLogTraffic -type memory -subtype forward -rows 1000).service  | Where-Object { $_ -notmatch $exclusion } |  Group-Object  -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true}

 

 

 

Write-host "------------------------"

Write-host "Affichage des entrées"

Write-host "------------------------"

 

Get-FGTLogTraffic -type memory -subtype forward -rows 1000  | Where-Object action -eq deny | Where-Object { $_ -notmatch $exclusion } | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

#Get-FGTLogTraffic -type fortianalyzer -subtype forward  -rows 1000 -since 7d  | Select-Object date,time,level,vd,app,apprisk,osname,srcname,srcip,srcport,dstip,dstport,action,policyname,service,unauthuser | Where-Object action -eq deny | ft *

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arreter (o/n) "

if ($continue -eq "o")

{

while (1)

{

echo "`n--------"

echo "Recherche 1000 dernieres destination forward deny regroupés"

echo "--------"

$(Get-FGTLogTraffic -type memory -subtype forward -rows 1000).dstip  |  Where-Object { $_ -notmatch $exclusion } |  Group-Object  -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true} | Select-Object -First 10

 

 

echo "`n--------"

echo "Recherche 1000 derniers services forward deny regroupés"

echo "--------"

$(Get-FGTLogTraffic -type memory -subtype forward -rows 1000).service | Where-Object { $_ -notmatch $exclusion } | Group-Object  -NoElement | Where-Object Name -ne "" | Sort-Object -Property @{Expression = "Count"; Descending = $true} | Select-Object -First 10

 

 

echo "------------------------"

echo "Affichage de 40 entrées"

echo "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000  | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | Select-Object -First 40 | ft * -wrap -AutoSize

 

 

sleep 10

}

}

}

 

elseif ($selection_journal -eq 2)

{

Write-host "Recherche 1000 derniers forward deny par port de destination regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny).dstport | group -NoElement | Sort-Object -property Count -Descending

 

$prt_dest = Read-host "Port de Destination"

Write-host "------------------------"

Write-host "Affichage des entrées avec le port de destination $prt_dest "

Write-host "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstport $prt_dest | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny  | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arreter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstport $prt_dest | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny  | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 10}

}

}

 

elseif ($selection_journal -eq 3)

{

Write-host "Recherche 1000 derniers forward deny par adresse source regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny).srcip | group -NoElement | Sort-Object -property Count -Descending

 

$src_ip = Read-host "Adresse IP source"

Write-host "------------------------"

Write-host "Affichage des entrées avec l'adresse source $src_ip"

Write-host "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -srcip $src_ip  | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arreter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -srcip $src_ip  | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 10}

}

}

 

 

elseif ($selection_journal -eq 4)

{

Write-host "Recherche 1000 derniers forward deny par adresse de destination regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny).dstip | group -NoElement | Sort-Object -property Count -Descending

$dest_ip = Read-host "Adresse IP destination"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstip $dest_ip  | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arreter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 -dstip $dest_ip  | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 10}

}

}

 

elseif ($selection_journal -eq 5)

{

Write-host "Recherche 1000 derniers forward par adresse source mac regroupés"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000   | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny).srcmac | group -NoElement | Sort-Object -property Count -Descending

 

$srcmac = Read-host "Adresse source mac"

Write-host "------------------------"

Write-host "Affichage des entrées avec l'adresse source mac $srcmac"

Write-host "------------------------"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Where-Object srcmac -eq $srcmac | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arreter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny | Where-Object srcmac -eq $srcmac | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 10}

}

}

 

 

 

elseif ($selection_journal -eq 6)

{

Write-host "Recherche 1000 derniers forward deny par service"

(Get-FGTLogTraffic -type memory -subtype forward -rows 1000 | Where-Object { $_ -notmatch $exclusion } | Where-Object action -eq deny).service | group -NoElement | Sort-Object -property Count -Descending | ft -AutoSize

$service = Read-host "Service"

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 |  Where-Object { $_ -notmatch $exclusion } | Where-Object {($_.service -eq $service -and $_.action -eq 'deny')}  | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

$continue = "0"

$continue = Read-Host "Afficher en continue avec ctrl + c pour arreter (o/n) "

if ($continue -eq "o")

{

while (1) {

Get-FGTLogTraffic -type memory -subtype forward -rows 1000 | Where-Object { $_ -notmatch $exclusion } | Where-Object {($_.service -eq $service -and $_.action -eq 'deny')} | Select-Object date,time,level,vd,srcip,srcname,srcintf,dstip,dstport,srccountry,dstcountry,action,policyname,service,app,apprisk,duration,sentbyte,rcvdbyte,utmaction,osname,unauthuser,unauthusersource,srcmac | ft * -wrap -AutoSize

sleep 10}

}

}

 

 

else

{

Write-host "Aucune option"

}

 

 

}

 

 

     '10' {

Write-host ""

Write-host "-----------------------------------------------------------"

Write-host -ForegroundColor Green "Deconnexion PowerFGT"

Write-host "-----------------------------------------------------------"

Write-host ""

 

Disconnect-FGT

}

     'q' {

     exit

     }

 

}

1 reply

alagoutte Jul 8, 2025
Maintainer

Nice!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

menu with pre configured query for admin #302

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 3 comments 3 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

menu with pre configured query for admin #302

Uh oh!

Uh oh!

Ced-g-77 Mar 12, 2025

Replies: 3 comments · 3 replies

Uh oh!

alagoutte Mar 12, 2025 Maintainer

Uh oh!

Ced-g-77 Mar 13, 2025 Author

Uh oh!

alagoutte Mar 13, 2025 Maintainer

Uh oh!

Uh oh!

Ced-g-77 Mar 12, 2025 Author

Uh oh!

Uh oh!

Ced-g-77 Jul 8, 2025 Author

Uh oh!

alagoutte Jul 8, 2025 Maintainer

Ced-g-77
Mar 12, 2025

Replies: 3 comments 3 replies

alagoutte
Mar 12, 2025
Maintainer

Ced-g-77 Mar 13, 2025
Author

alagoutte Mar 13, 2025
Maintainer

Ced-g-77
Mar 12, 2025
Author

Ced-g-77
Jul 8, 2025
Author

alagoutte Jul 8, 2025
Maintainer