Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add fortigate node #1917

Merged
merged 13 commits into from
Mar 13, 2024
Merged

add fortigate node #1917

merged 13 commits into from
Mar 13, 2024

Conversation

robotwalk
Copy link
Contributor

No description provided.

@robotwalk robotwalk marked this pull request as draft February 27, 2024 19:18
@steiler
Copy link
Collaborator

steiler commented Mar 1, 2024

should also contain "fortios" as the kind name.

@hellt
Copy link
Member

hellt commented Mar 1, 2024
edited
Loading

I renamed the kind to fortinet_forios to keep it consisten with the naming scheme

you can try the beta build

sudo docker run --rm -v $(pwd):/workspace ghcr.io/oras-project/oras:v1.1.0 pull ghcr.io/srl-labs/clab-oci:14aac630

running this cmd will download the containerlab binary in your PWD

ADD1
as @steiler found, the registration part is missing -- example https://github.com/srl-labs/containerlab/blob/main/nodes/checkpoint_cloudguard/checkpoint_cloudguard.go#L21

@steiler
Copy link
Collaborator

steiler commented Mar 1, 2024
edited
Loading

ADD1 as @steiler found, the registration part is missing -- example https://github.com/srl-labs/containerlab/blob/main/nodes/checkpoint_cloudguard/checkpoint_cloudguard.go#L21

This is where it would need to go. https://github.com/srl-labs/containerlab/blob/main/clab/register.go
Add the import and call Register

@hellt
Copy link
Member

hellt commented Mar 6, 2024

@robotwalk thanks, I am a bit behind with some other tasks, just pinging you to tell I have not forgotten about this one

@hellt
Copy link
Member

hellt commented Mar 8, 2024
edited
Loading

Hi @robotwalk
I have tried to launch the image built with hellt/vrnetlab#174 and it boots fine after I did a8ad97a

But, I wonder what should I expect from this basic boot? It seems ssh doesn't respond, but telnet works.

How people usually consume fortios?

ADD1:

Dumping some resources I used:

@robotwalk
Copy link
Contributor Author

robotwalk commented Mar 12, 2024
edited
Loading

Hi @robotwalk I have tried to launch the image built with hellt/vrnetlab#174 and it boots fine after I did a8ad97a

But, I wonder what should I expect from this basic boot? It seems ssh doesn't respond, but telnet works.

How people usually consume fortios?

ADD1:

Dumping some resources I used:

You are right.
Will add the configuration to enable ssh on port1

Edit:
What do you mean with ssh is not working. I can login with ssh

$ ssh -l admin 172.17.0.2            
                                                                                                 
The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.                
                                                                                                    
ED25519 key fingerprint is SHA256:MOP/G/FdbV+1423Fv97HyBIeEkR5+RNQtuJs5IGjat4.                                                                                                              

This key is not known by any other names                                                                                                                                                    

Are you sure you want to continue connecting (yes/no/[fingerprint])? yes                                                                                                                    

Warning: Permanently added '172.17.0.2' (ED25519) to the list of known hosts.                                                                                                               

admin@172.17.0.2's password:        

                                                                                                                                                        
vr-fortinet # show system interface                                                                                                                                                         config system interface                                                                                                                                                                         edit "port1"                                                                                                                                                                                    set vdom "root"
        set mode dhcp
        set allowaccess ping https ssh fgfm
        set type physical
        set snmp-index 1
    next

But this is just with the image started withoul containerlabs.

Will evaluate this further

@hellt
Copy link
Member

hellt commented Mar 12, 2024

It's all good. The DHCP assigned address is assigned by qemu so no need for explicit config

@robotwalk
Copy link
Contributor Author

robotwalk commented Mar 12, 2024
edited
Loading

So I just build containerlabs with the current code and ran the lab-examples/fortigate/fortinet.clab.yml topology

./bin/containerlab deploy -t lab-examples/fortigate/fortinet.clab.yml

Getting healthy

docker ps
CONTAINER ID   IMAGE                        COMMAND                  CREATED         STATUS                   PORTS                                                                            NAMES
b716ac700587   vrnetlab/vr-fortios:v7.0.0   "/launch.py --userna…"   2 minutes ago   Up 2 minutes (healthy)   22/tcp, 80/tcp, 443/tcp, 830/tcp, 3443/tcp, 5000/tcp, 10000-10099/tcp, 161/udp   clab-fortigate-forti2
8db36ce45d42   vrnetlab/vr-fortios:v7.0.0   "/launch.py --userna…"   2 minutes ago   Up 2 minutes (healthy)   22/tcp, 80/tcp, 443/tcp, 830/tcp, 3443/tcp, 5000/tcp, 10000-10099/tcp, 161/udp   clab-fortigate-forti1

Get ips

$ docker ps -q | xargs -n1 docker inspect | grep -i ipaddress
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "172.20.20.2",
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "172.20.20.3",

SSH into

$ ssh -l admin 172.20.20.2
The authenticity of host '172.20.20.2 (172.20.20.2)' can't be established.
ED25519 key fingerprint is SHA256:+KSIszKGsTyvgqOPU2nxSp/QW4AgRmyOxCabYsrV1Dc.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.20.20.2' (ED25519) to the list of known hosts.
admin@172.20.20.2's password:
forti2 #

$ ssh -l admin 172.20.20.3
The authenticity of host '172.20.20.3 (172.20.20.3)' can't be established.
ED25519 key fingerprint is SHA256:0CiIyNO93oVwewQJXdHtyHuNNayXMeR1gpCmWmvLenE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '172.20.20.3' (ED25519) to the list of known hosts.
admin@172.20.20.3's password:
forti1 #

SSH is enabled by default

forti2 # show system interface
config system interface
    edit "port1"
        set vdom "root"
        set mode dhcp
        set allowaccess ping https ssh fgfm
        set type physical
        set snmp-index 1
    next
    edit "port2"
        set vdom "root"
        set type physical
        set snmp-index 2
    next
    edit "ssl.root"
        set vdom "root"
        set type tunnel
        set alias "SSL VPN interface"
        set snmp-index 3
    next
    edit "fortilink"
        set vdom "root"
        set fortilink enable
        set ip 10.255.1.1 255.255.255.0

The second interface is also there and so is the linkt between the two nodes

image

btw: this graph feature is just awesome

@hellt hellt marked this pull request as ready for review March 13, 2024 10:31
@codecov Codecov
Copy link

codecov bot commented Mar 13, 2024

Codecov Report

Attention: Patch coverage is 88.23529% with 4 lines in your changes are missing coverage. Please review.

Project coverage is 53.85%. Comparing base (e269a28) to head (3653c31).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1917      +/-   ##
==========================================
+ Coverage   53.53%   53.85%   +0.31%     
==========================================
  Files         155      156       +1     
  Lines       11347    11382      +35     
==========================================
+ Hits         6075     6130      +55     
+ Misses       4413     4391      -22     
- Partials      859      861       +2
Files Coverage Δ
clab/register.go 100.00% <100.00%> (ø)
nodes/fortinet_fortigate/fortigate.go 87.87% <87.87%> (ø)

... and 6 files with indirect coverage changes

@hellt hellt merged commit 756d51a into srl-labs:main Mar 13, 2024
63 checks passed
@hellt
Copy link
Member

hellt commented Mar 13, 2024

thanks @robotwalk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@robotwalk @steiler @hellt