Fortigate | Extract Useful info from SSL VPN Directory Traversal | Security Testing library

i have windows server 2019 with iis 10 installed, ip and domain restriction enabled ip range 10.0.0.1=>10.0.0.240 - domain name : lo-server.com

the problem that am facing is : when adding a local ip address / Same ip with server / same network / example 10.0.0.66 to deny list it works perfectly it deny the access

but when i add an ip address outside the network / 192.168.20.10 / which is connected to a firewall ( FortiGate ) 10.0.0.200 the restriction doesn't work i need to add the firewall ip to deny it which i don't want to do it because i'll block all the ranges that are connected to the firewall.

how can i deny access to another network without adding the firewall

I'm trying to automate some boring monkey jobs for fortigate firewalls. I receive requests to create address objects for example for 100 different hosts.. many of which should belong to same address group. My csv is

I am using Terraform to build Fortigate resources within a custom child module I've defined. Each instance of the child module will build 12 unique VIPs using the fortios_firewall_vip resource. Inside the root module, I'm attempting to define a VIP Group using the fortios_firewall_vipgrp resource, which would include ALL of the VIPs built from ALL instances of the child module. I seem to be struggling with how to build the member{} block within the vipgrp resource.

Here is a breakdown of the folder structure:

I'm new at Ansible and trying to automate a Fortigate configuration using the fortinet.fortios modules.

I'm having a problem with fortios_firewall_addrgrp specifically that does not support the append of a firewall address to a group.

I have this set in my variables:

I am using an external TCP/UDP network load balancer (Fortigate), Kubernetes 1.20.6 and Istio 1.9.4. I have set set externalTrafficPolicy: Local and need to run ingress gateway on every node (as said here in network load balancer tab) . How do I do that?

This is my ingress gateway service:

I'm writing to you because I can't solve a problem with a client.

My client has an infrastructure with the following characteristics:

• 2 ISP routers
• 1 fortigate firewall
• 1 dedicated router that broadcasts a UCOPIA US250 guest portal
• 65 Zyxel switches (1900 - 24) and one 4600 switch (4x 24 ports for the core network)
• 250 WIFI LIGOWAZE NFT terminals
• 80 VLANs

I do not manage the first 3 equipments, it is another provider.

Today, I have to pass the VLAN dedicated to the guests. The other provider has set up the FORTIGATE to broadcast the DHCP and the associated VLAN on the DMZ port to the OUT port of the UCOPIA. I have to broadcast VLAN 420 from the IN port to the ZYXEL switch and to the LIGOWAVE terminals.

However, when I am connected to the UCOPIA on the IN port, I manage to get the desired IP and to reach the portal, but when I test on the ZYXEL switch, it is impossible to get the dedicated VLAN. I put myself on another port of the ZYXEL, I TAG the VLAN in question. I have modified the ID of my VLAN on my computer in DHCP that does not work. I tried to use static IP but still nothing. I can't even ping the gateway. The ZYXEL port to which the UCOPIA is connected is TAGGED on the dedicated VLAN. I have also tried Untagged and excluding all the other VLANs but it is impossible to get this network.

Do you have any other ideas for me?

Here, you can see my diagram network: MyNetwork

EDIT: Answered by @Theo

Thanks Theo, works perfectly against the 1000+ line input file. I'll be checking all those commands with Google so I can start to understand what you did / how you did it, but it's all good and thanks again!

:EDIT

Sorry for any formatting errors, this is my first question here.

I am trying to write a script for Fortigate Firewall by using Powershell to read in from a csv (or txt) file of URLs to block.

Current code I've worked out for myself with much help from various posts here on Stack Overflow, sample input, expected output and actual output.

In the sections below labelled: This is what I want the output to be

and

This is the output I get in the txt file

There are line spaces that should not be there, but I can't get the formatting right and if I remove the lines to post, it gives me a single line with everything jumbled up.

Can anybody tell me where I'm going wrong with the code?

Many thanks in advance, Al

I have the following code so far:

I am curently working on a GZIP HTTP decompression.

My server receives some data and im cropping and saving it in binary mode. I've made a little script to download the gzip from stackoverflow and saved it to a .gz file. Works fine!

But the "gzip" I receive from my fortigate-firewall ends up being corrupted.

Corrupted and working file here: https://gofile.io/d/j520Nr

The buffer is the corrupted file - and im not sure why. Both files are extremely different (at least how I see it) - but the GZIP header is definitely present!

Can someone maybe compare these two files and tell me why they are that different? Or maybe even show me how to fix it?

Thats the gzip html url for both of the files: What is the best way to parse html in C#?

My corrupted file is around 2KB larger!

I would be happy for every step in the right direction - maybe it is something that can be fixed really easy!

The following code should show you my workflow, "ReadAll" is pretty slow but reads all from the stream. It will be optimized ofc (maybe its the problem of the wrong gzip stream?)

I've the following Azure Automation Runbook script which goal is to take an dump/export from a REST API call which must run from a target device which is able to reach the REST API device. So Azure Automation runbook is targeting a "proxy server" then from this we're taking the REST API backup.

The approach has been working exception the fact we're able not to copy this backup file from the target server once 'cm.vm.run_command' presents output size limitation and is truncating the backup. The workaround we found for this was copying the backup file from the 'target/proxy server' directly into a Storage Account Fileshare which is mounted on the target/proxy server. My problem now is when running from Azure Automation it's not able to access the drive mounted by other user and/or is not able to mount the device or access it directly like below errors messages. Does anybody have any alternative for this ? I was able to check the runbook is having connectivity on the storage account ports 443/445 from t. That was one of the possible reasons described here https://docs.microsoft.com/en-us/azure/storage/files/storage-troubleshoot-windows-file-connection-problems

Below the commands and errors I'm receiving and the whole script used.