Some issues which I needed fixing to get a working result

[RPSimons]

Thanks for your work, this perfectly suits my needs. Hope you'll finish it ;-)

I had to make a few minor (crude) adjustments for it to process my asa code:

• Asa code missed another possibility for a rule object.
• Fortigate generator must not start with policy '0' since this will in fact create policy '1' when no policies exist
• 'description' should be 'comment' and should be contained in parathensis
• There was some bad mapping to certain host types
• I gave all policies a name since this is mandatory anyway when changing afterwards in the GUI
  You'll see for yourself below.

Hope this information is of use to you.

diff mod/DirectFire/Converter/parsers/ciscoasa.py original/DirectFire/Converter/parsers/ciscoasa.py
601d600
< elif network_object[1] == "host": # is a host
603,622d601
< network_object_name = network_object[2]
<
< if network_object_name not in data["network_objects"]:
<
< data["network_objects"][network_object_name] = {}
< data["network_objects"][network_object_name][
< "type"
< ] = "host"
< data["network_objects"][network_object_name][
< "host"
< ] = network_object[2]
< data["network_objects"][network_object_name][
< "description"
< ] = ""
<
< ## add network object to the group
<
< data["network_groups"][network_group_name]["members"].append(
< network_object_name
< )

diff mod/Converter/generators/fortigate.py original/DirectFire/Converter/generators/fortigate.py
403,404c403
< dst_config.append(cfglvl1 + "edit " + str(policy_id + 1)) # must start at 1
< dst_config.append(cfglvl2 + "set name PID_" + str(policy_id + 1)) # must start at 1

    dst_config.append(cfglvl1 + "edit " + str(policy_id))

406,413c405,409
< if "".join(list(map(str, attributes["src_interfaces"]))):
< dst_config.append(
< cfglvl2
< + "set srcintf "
< + " ".join(list(map(str, attributes["src_interfaces"])))
< )
< else:
< dst_config.append(cfglvl2 + "set srcintf ANY")

    dst_config.append(
        cfglvl2
        + "set srcintf "
        + " ".join(list(map(str, attributes["src_interfaces"])))
    )

415,422c411,415
< if "".join(list(map(str, attributes["dst_interfaces"]))):
< dst_config.append(
< cfglvl2
< + "set dstintf "
< + " ".join(list(map(str, attributes["dst_interfaces"])))
< )
< else:
< dst_config.append(cfglvl2 + "set dstintf ANY")

    dst_config.append(
        cfglvl2
        + "set dstintf "
        + " ".join(list(map(str, attributes["dst_interfaces"])))
    )

431c424
< # cfglvl2

    #     cfglvl2

435,479d427
< if attributes["src_addresses"][0]["name"] == "any":
< dst_config.append(cfglvl2 + "set srcaddr all")
< else:
< dst_config.append(
< cfglvl2
< + "set srcaddr "
< + " " + attributes["src_addresses"][0]["name"]
< )
<
< if attributes["dst_addresses"][0]["name"] == "any":
< dst_config.append(cfglvl2 + "set dstaddr all")
< else:
< dst_config.append(
< cfglvl2
< + "set dstaddr "
< + " " + attributes["dst_addresses"][0]["name"]
< )
<
< if attributes["action"] == "allow":
< dst_config.append(cfglvl2 + "set action accept")
< else:
< dst_config.append(cfglvl2 + "set action deny")
<
< dst_config.append(
< cfglvl2
< + "set schedule always "
< )
<
< if attributes["src_services"][0]["name"] == "any":
< dst_config.append(cfglvl2 + "set service ALL")
< else:
< dst_config.append(cfglvl2 + "set service "
< + " " + attributes["src_services"][0]["name"]
< )
<
< dst_config.append(
< cfglvl2
< + "set logtraffic all"
< )
<
< # set action accept
< # set schedule "always"
< # set service "ALL_ICMP"
< # set logtraffic all
< # set comments " (Copy of CUST2BACKUP)"
482c430
< dst_config.append(cfglvl2 + 'set comments "' + attributes["description"] + '"')

        dst_config.append(cfglvl2 + "set description " + attributes["description"])

[glennake]

HI @RPSimons,

I'm glad you found this useful, and thank you for your comprehensive feedback.

I will build your fixes/enhancements into the tool as soon as I can.

Glenn