Bunch of cross-platform Python scripts that are written to remove SSLVPN users from your Fortigate firewalls and store the states in a database
file.
It comes in two flavors, SSH
and API
versions and you can pick both or either of these for your use case.
fortidb.py
module is called from the main programs and is used to log
, audit
and keep track
of user deletion process.
If you run fortidb.py
directly, it will show you a list of users that have been given to be deleted, their status and also you get the option of viewing their group membership prior to deletion.
There is a function called sanitize_username
in API
version and a method called SanitizeUsername
in SSH
version that can be customized with the user format you use in your company, so that you could disregard the case-sensitivity of users upon feeding them to the scripts.
Currently it just strips and returns what you input.
Python
has to be installed on the machine, running the scripts.
Paramiko
, Netmiko
and FortiOSAPI
are needed to run this script. You can install them using below guide.
Both scripts can get either a username
or a text file
with the users you want to delete, separated by newlines
.
Make sure of the case sensitivity of users you want to delete. They should be the same as your firewalls unless you have modified the sanitize_username
or SanitizeUsername
.
git clone https://github.com/pouriyajamshidi/FortiSSLVPNUserRevoker.git
pip3 install -r requirements.txt
chmod +x FortiSSLVPNRevoker-API.py
chmod +x FortiSSLVPNRevoker-SSH.py
chmod +x fortidb.py
./FortiSSLVPNRevoker-SSH.py <username>
OR
./FortiSSLVPNRevoker-API.py <username>
./FortiSSLVPNRevoker-SSH.py <userlist.txt>
OR
./FortiSSLVPNRevoker-API.py <userlist.txt>
python3 FortiSSLVPNRevoker-SSH.py <username>
OR
python3 FortiSSLVPNRevoker-API.py <username>
python3 FortiSSLVPNRevoker-SSH.py <userlist.txt>
OR
python3 FortiSSLVPNRevoker-API.py <userlist.txt>
Linux and Windows machines.
Pull requests are welcome.