bunlongheng
3/6/2018 - 7:33 PM

Fortinet Model API between the portal

Fortinet Model API between the portal

<?php
namespace App\Models;

use App\CURL;
use Redirect;
use Session;

//SSC.cfg
$GLOBALS['FG_API']             = 'http://172.18.58.25/jsonrpc';
$GLOBALS['PKG_NAME']           = 'CARWASH_PKG_VPN';
$GLOBALS['DEVICE']             = 'FGV16V0000131282';
$GLOBALS['ATOM']               = 'CARWASH';
$GLOBALS['VDOM']               = 'root';
$GLOBALS['USERNAME']           = 'jsonapi';
$GLOBALS['PASSWORD']           = '';
$GLOBALS['INGRESS_PORT']       = '5000';
$GLOBALS['INGRESS_INTERFACE']  = 'port2';
$GLOBALS['INGRESS_REMOTE_IP']  = '10.0.1.1';
$GLOBALS['EGRESS_PORT']        = '5001';
$GLOBALS['EGRESS_INTERFACE']   = 'port3';
$GLOBALS['EGRESS_REMOTE_IP']   = '10.0.2.1';


class Fortinet {

    /*=======================================
    =            Response Check             =
    =======================================*/

    public static function responseCheck($response) {
        if ($response['result'][0]['status']['code'] != 0 && $response['result'][0]['status']['code'] != -2 ) {
            return $response['result'][0]['status']['message'];
        }
    }

    /*=============================
    =            login            =
    ===============================*/

    public static function login() {

        $body = '
        {
            "id": 1,
            "method": "exec",
            "params": [
            {
                "data": [
                  {"passwd": "'.$GLOBALS['PASSWORD'].'",
                  "user": "'.$GLOBALS['USERNAME'].'"
                  }
                ],
                "url": "sys/login/user"
             }
            ],
            "session": "",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        Session::forget('session');
        Session::put('session',$response['session']);

        return $response['session'];

    }

    /*===============================
    =            Session            =
    ===============================*/

    public static function getSession() {

        // if(Session::has('session')) {
        //     $session = Session::get('session');
        // } else {
        //     $session = Fortinet::login();
        // }

        $session = Fortinet::login();

        return $session;

    }

    /*==========================================
    =            createIngressVxLan            =
    ==========================================*/

    public static function createIngressVxLan($hnsId, $ingressVxLanName) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
            {
              "data": {
                "dstport": "'.$GLOBALS['INGRESS_PORT'].'",
                "interface": "'.$GLOBALS['INGRESS_INTERFACE'].'",
                "name": "'.$ingressVxLanName.'",
                "remote-ip": "'.$GLOBALS['INGRESS_REMOTE_IP'].'",
                "vni":'.$hnsId.'
              },
              "url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/vdom/'.$GLOBALS['VDOM'].'/system/vxlan"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;

    }


    /*=========================================
    =            createEgressVxLan            =
    =========================================*/

    public static function createEgressVxLan($hnsId, $egressVxLanName) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
            {
              "data": {
                "dstport": "'.$GLOBALS['EGRESS_PORT'].'",
                "interface": "'.$GLOBALS['EGRESS_INTERFACE'].'",
                "name": "'.$egressVxLanName.'",
                "remote-ip": "'.$GLOBALS['EGRESS_REMOTE_IP'].'",
                "vni":'.$hnsId.'
              },
              "url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/vdom/'.$GLOBALS['VDOM'].'/system/vxlan"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';
        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;

    }


    /*====================================
    =            createSwitch            =
    ====================================*/

    public static function createSwitch($ingressVxLanName,$egressVxLanName,$switchName) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
            {
              "data": {
                "intra-switch-policy": "explicit",
                "member": [
                  "'.$ingressVxLanName.'",
                  "'.$egressVxLanName.'"
                ],
                "name": "'.$switchName.'",
                "vdom": "'.$GLOBALS['VDOM'].'"
              },
              "url": "/pm/config/device/'.$GLOBALS['DEVICE'].'/global/system/switch-interface"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';
        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;
    }


    /*====================================
    =            createDevice            =
    ====================================*/

    public static function installDevice() {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "exec",
            "params": [
            {
              "data": {
                "adom": "'.$GLOBALS['ATOM'].'",
                "dev_rev_comments": "Synchronizing the device configuration",
                "flags": [
                  "none"
                ],
                "scope": [
                  {
                    "name": "'.$GLOBALS['DEVICE'].'",
                    "vdom": "'.$GLOBALS['VDOM'].'"
                  }
                ]
              },
              "url": "/securityconsole/install/device"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';
        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;
    }



    public static function createDynamicIngressInterface($ingressVxLanName) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
            {
              "data": {
                "default-mapping": "disable",
                "dynamic_mapping": [
                  {
                    "_scope": [
                      {
                        "name": "'.$GLOBALS['DEVICE'].'",
                        "vdom": "'.$GLOBALS['VDOM'].'"
                      }
                    ],
                    "local-intf": [
                      "'.$ingressVxLanName.'"
                    ]
                  }
                ],
                "name": "'.$ingressVxLanName.'",
                "single-intf": "enable"
              },
              "url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/obj/dynamic/interface"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;

    }

    /*====================================================
    =            createDynamicEgressInterface            =
    ====================================================*/

    public static function createDynamicEgressInterface($egressVxLanName) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
            {
              "data": {
                "default-mapping": "disable",
                "dynamic_mapping": [
                  {
                    "_scope": [
                      {
                        "name": "'.$GLOBALS['DEVICE'].'",
                        "vdom": "'.$GLOBALS['VDOM'].'"
                      }
                    ],
                    "local-intf": [
                      "'.$egressVxLanName.'"
                    ]
                  }
                ],
                "name": "'.$egressVxLanName.'",
                "single-intf": "enable"
              },
              "url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/obj/dynamic/interface"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;
    }

    /*=================================================
    =            getPolicyDetailBaseOnName            =
    =================================================*/

    public static function getPolicyDetailBaseOnName($policyName) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
                {
                        "url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/'.$GLOBALS['PKG_NAME'].'/firewall/policy",
                        "filter": [ "name", "==", "'.$policyName.'" ],
                        "fields": [ "name", "policyid",  "webfilter-profile",  "dnsfilter-profile"]
                }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;

    }

    /*============================================
    =            updatePolicyFirewall            =
    ============================================*/

    public static function updatePolicyFirewall($policyId) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
                {
                    "data": {
                        "webfilter-profile": ["carwash-high"],
                        "dnsfilter-profile": ["dns-filter-ss"]
                    },
                    "url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/pkg/'.$GLOBALS['PKG_NAME'].'/firewall/policy/'.$policyId.'"
                }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;

    }

    /*============================================
    =            createPolicyFirewall            =
    ============================================*/

    public static function createPolicyFirewall($hnsId,$ingressVxLanName,$egressVxLanName,$security_level) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "add",
            "params": [
            {
              "data": {
                "action": "accept",
                "av-profile": [
                  "carwash-av"
                ],
                "dnsfilter-profile": [
                  "dns-filter-ss"
                ],
                "profile-protocol-options": [ "carwash-protocol" ],
                "dstaddr": [
                  "all"
                ],
                "dstintf": [
                  "'.$egressVxLanName.'"
                ],
                "logtraffic": "all",
                "name": "carwash-policy-'.$hnsId.'",
                "schedule": [
                  "always"
                ],
                "service": [
                  "ALL"
                ],
                "srcaddr": [
                  "all"
                ],
                "srcintf": [
                  "'.$ingressVxLanName.'"
                ],
                "utm-status": "enable",
                "webfilter-profile": [
                  "carwash-'.$security_level.'"
                ]
              },
              "url": "/pm/config/adom/'.$GLOBALS['ATOM'].'/pkg/'.$GLOBALS['PKG_NAME'].'/firewall/policy"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;

    }

    /*======================================
    =            installPackage            =
    ======================================*/

    public static function installPackage() {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "exec",
            "params": [
            {
              "data": {
                "adom": "'.$GLOBALS['ATOM'].'",
                "flags": [
                  "none"
                ],
                "pkg": "'.$GLOBALS['PKG_NAME'].'",
                "scope": [
                  {
                    "name": "'.$GLOBALS['DEVICE'].'",
                    "vdom": "'.$GLOBALS['VDOM'].'"
                  }
                ]
              },
              "url": "/securityconsole/install/package"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        return $response;
    }

    /*===============================
    =            Monitor            =
    ===============================*/

    public static function monitor($taskId) {

        $session = Fortinet::getSession();

        $body = '
        {
            "id": 1,
            "method": "get",
            "params": [
            {
              "url": "/task/task/'.$taskId.'"
            }
            ],
            "session": "'.$session.'",
            "verbose": 1
        }';

        $response = CURL::post($GLOBALS['FG_API'],$body);
        Fortinet::responseCheck($response);

        $lineCount = count($response['result'][0]['data']['line']);
        $totalPercent = ($response['result'][0]['data']['tot_percent'])/$lineCount;

        return $totalPercent;


    }


}