With our VPN being over utilized I had to implement split tunneling on our vpn. However there are some web services that require a known IP address to access. Unfortunately these services are on AWS which the IP address changes often. I built this script to lookup the addresses and then update the Fortigate firewalls VPN Routing list to make sure that the traffic goes over the vpn tunnel and through our known IP address to access the service.
#!/usr/bin/python3
#Update Epsilon on the Fortigate Firewall VPNs
from nslookup import Nslookup
from netmiko import ConnectHandler
import cred
device1 = {
“host”: cred.hostname,
“username”: cred.rancid_username,
“password”: cred.rancid_password,
“device_type”: “fortinet”,
“secret”: cred.rancid_password,
}
#Connect to the Fortinet
net_connect = ConnectHandler(**device1)
#Listing of the domains to query
DOMAIN_FILE = open(“domains.txt”, “r”)
#DNS Server to query
DNS_SERVER = [‘x.x.x.x’]
def LOOKUP_DOMAIN():
#queries the specified dns server to get the info for the urls and writes the data to a config file
dns_query = Nslookup(dns_servers=(DNS_SERVER))
ips_record = dns_query.dns_lookup(line)
ORDERNUMBER = 1
for x in ips_record.answer:
FILE_CONFIG.write(“edit ” + line + “_” + str(ORDERNUMBER) + ‘\n’)
FILE_CONFIG.write(“set subnet ” + x + ” 255.255.255.255″ +’\n’)
FILE_CONFIG.write(“next” +’\n’)
ORDERNUMBER = (ORDERNUMBER + 1)
FILE_CONFIG = open(‘config.txt’,’w’)
FILE_CONFIG.write(“config firewall address” +’\n’)
for line in DOMAIN_FILE:
line = line.rstrip(‘\n’)
LOOKUP_DOMAIN()
FILE_CONFIG.write(“end” +’\n’)
FILE_CONFIG.close()
# write to the Fortigate
output2 = net_connect.send_config_from_file(config_file=”config.txt”)
Breathe Underwater 