Bunch of cross-platform Python scripts that are written to remove SSLVPN users from your Fortigate firewalls and store the states in a database file.
It comes in two flavors, SSH and API versions and you can pick both or either of these for your use case.
fortidb.py module is called from the main programs and is used to log, audit and keep track of user deletion process.
If you run fortidb.py directly, it will show you a list of users that have been given to be deleted, their status and also you get the option of viewing their group membership prior to deletion.
There is a function called sanitize_username in API version and a method called SanitizeUsername in SSH version that can be customized with the user format you use in your company, so that you could disregard the case-sensitivity of users upon feeding them to the scripts.
Currently it just strips and returns what you input.
Python has to be installed on the machine, running the scripts.
Paramiko, Netmiko and FortiOSAPI are needed to run this script. You can install them using below guide.
Both scripts can get either a username or a text file with the users you want to delete, separated by newlines.
Make sure of the case sensitivity of users you want to delete. They should be the same as your firewalls unless you have modified the sanitize_username or SanitizeUsername.
git clone https://github.com/pouriyajamshidi/FortiSSLVPNUserRevoker.gitpip3 install -r requirements.txtchmod +x FortiSSLVPNRevoker-API.py
chmod +x FortiSSLVPNRevoker-SSH.py
chmod +x fortidb.py./FortiSSLVPNRevoker-SSH.py <username>
OR
./FortiSSLVPNRevoker-API.py <username>./FortiSSLVPNRevoker-SSH.py <userlist.txt>
OR
./FortiSSLVPNRevoker-API.py <userlist.txt>python3 FortiSSLVPNRevoker-SSH.py <username>
OR
python3 FortiSSLVPNRevoker-API.py <username>python3 FortiSSLVPNRevoker-SSH.py <userlist.txt>
OR
python3 FortiSSLVPNRevoker-API.py <userlist.txt>Linux and Windows machines.
Pull requests are welcome.
