From 2cc280d2fec0bc642eedecd65156d40b964aa898 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 20:56:44 +0100 Subject: [PATCH 1/8] README(.md): Add missing cmdlet (ServiceGroup, LogEvent..) --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 2870cf6d..4a0fad96 100644 --- a/README.md +++ b/README.md @@ -2376,6 +2376,8 @@ Add-FGTFirewallProxyAddressGroup Add-FGTFirewallProxyAddressGroupMember Add-FGTFirewallProxyPolicy Add-FGTFirewallServiceCustom +Add-FGTFirewallServiceGroup +Add-FGTFirewallServiceGroupMember Add-FGTFirewallVip Add-FGTFirewallVipGroup Add-FGTFirewallVipGroupMember @@ -2406,6 +2408,7 @@ Confirm-FGTRouterStatic Confirm-FGTSDNConnector Confirm-FGTServiceCustom Confirm-FGTServiceGroup +Confirm-FGTSystemAdmin Confirm-FGTUserGroup Confirm-FGTUserLDAP Confirm-FGTUserLocal @@ -2421,6 +2424,7 @@ Copy-FGTFirewallAddress Copy-FGTFirewallAddressGroup Copy-FGTFirewallProxyAddress Copy-FGTFirewallProxyAddressGroup +Copy-FGTFirewallServiceGroup Copy-FGTFirewallVipGroup Copy-FGTUserGroup Deploy-FGTVm @@ -2444,6 +2448,7 @@ Get-FGTFirewallSSLSSHProfile Get-FGTFirewallVip Get-FGTFirewallVipGroup Get-FGTIpsSensor +Get-FGTLogEvent Get-FGTLogSetting Get-FGTLogTraffic Get-FGTMonitorFirewallAddressDynamic @@ -2534,6 +2539,8 @@ Remove-FGTFirewallProxyAddressGroup Remove-FGTFirewallProxyAddressGroupMember Remove-FGTFirewallProxyPolicy Remove-FGTFirewallServiceCustom +Remove-FGTFirewallServiceGroup +Remove-FGTFirewallServiceGroupMember Remove-FGTFirewallVip Remove-FGTFirewallVipGroup Remove-FGTFirewallVipGroupMember @@ -2560,6 +2567,7 @@ Set-FGTFirewallLocalInPolicy Set-FGTFirewallPolicy Set-FGTFirewallProxyAddressGroup Set-FGTFirewallServiceCustom +Set-FGTFirewallServiceGroup Set-FGTFirewallVipGroup Set-FGTMonitorUserLocalChangePassword Set-FGTRouterBGP From 37d66d77ffcff2fc5d0db2a52e8a6675b67508d9 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 21:12:00 +0100 Subject: [PATCH 2/8] README(.md): Add example about Firewall Service Group --- README.md | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 96 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a0fad96..9f0e1b5d 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ With this module (version 0.9.1) you can manage: - RoutePolicy (Get) - [SDN Connector](#sdn-connector) (Get) - [Service Custom](#service-custom) (Add/Get/Set/Remove) -- Service Group (Get) +- [Service Group](#service-group) (Add/Get/Copy/Set/Remove and Add/Remove Member) - [Static Route](#static-route) (Add/Get/Remove) - [Switch(-controller)](#switch) (Get) - [System Admin](#system-admin) (Add/Get/Set/Remove) @@ -1829,6 +1829,101 @@ or delete it `Remove-FGTFirewallServiceCustom`. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y ``` +### Service Group + +You can create a new Service Group `Add-FGTFirewallServiceGroup`, retrieve its information `Get-FGTFirewallServiceGroup`, +modify its properties `Set-FGTFirewallServiceGroup`, copy/clone its properties `Copy-FGTFirewallServiceGroup`, +Add member to Address Group `Add-FGTFirewallServiceGroup` and remove member `Remove-FGTFirewallServiceGroup`, +or delete it `Remove-FGTFirewallServiceGroup`. + + +```powershell + +# Get information about ALL Service Group (using Format Table) + Get-FGTFirewallServiceGroup | Format-Table + + name q_origin_key uuid uuid-idx proxy member + ---- ------------ ---- -------- ----- ------ + Email Access Email Access 93335026-dfc4-51ef-c42b-629ab4282816 15893 disable {@{name=DNS; + Exchange Server Exchange Server 9333715a-dfc4-51ef-6183-f0a310646069 15896 disable {@{name=DCE-RPC + Web Access Web Access 933360b6-dfc4-51ef-0736-afa8ac22a85d 15894 disable {@{name=DNS + Windows AD Windows AD 93336746-dfc4-51ef-2780-4461a70290e0 15895 disable {@{name=DCE-RPC + + +# Add a Service Group with HTTP and HTTPS + Add-FGTFirewallServiceGroup -name "My Service Group" -member HTTP, HTTPS + + name : My Service Group + q_origin_key : My Service Group + uuid : b618b7a8-e03a-51f0-d9ee-34d958d1c624 + uuid-idx : 42622 + proxy : disable + member : {@{name=HTTP; q_origin_key=HTTP}, @{name=HTTPS; q_origin_key=HTTPS}} + comment : + color : 0 + fabric-object : disable + +# Add DNS member to existing User Group + Get-FGTFirewallServiceGroup -name "My Service Group" | Add-FGTFirewallServiceGroupMember -member DNS + + name : My Service Group + q_origin_key : My Service Group + uuid : b618b7a8-e03a-51f0-d9ee-34d958d1c624 + uuid-idx : 42622 + proxy : disable + member : {@{name=HTTP; q_origin_key=HTTP}, @{name=HTTPS; q_origin_key=HTTPS}, @{name=DNS; q_origin_key=DNS}} + comment : + color : 0 + fabric-object : disable + +# Remove HTTP member to existing User Group + Get-FGTFirewallServiceGroup -name "My Service Group" | Remove-FGTFirewallServiceGroupMember -member HTTP + + name : My Service Group + q_origin_key : My Service Group + uuid : b618b7a8-e03a-51f0-d9ee-34d958d1c624 + uuid-idx : 42622 + proxy : disable + member : {@{name=HTTPS; q_origin_key=HTTPS}, @{name=DNS; q_origin_key=DNS}} + comment : + color : 0 + fabric-object : disable + +# Modify a Service Group (set member...) + Get-FGTFirewallServiceGroup -name "My Service Group" | Set-FGTFirewallServiceGroup -member DNS + + name : My Service Group + q_origin_key : My Service Group + uuid : b618b7a8-e03a-51f0-d9ee-34d958d1c624 + uuid-idx : 42622 + proxy : disable + member : {@{name=DNS; q_origin_key=DNS}} + comment : + color : 0 + fabric-object : disable + +# Copy/Clone a Service Group + Get-FGTFirewallServiceGroup -name "My Service Group" | Copy-FGTFirewallServiceGroup -name "My Service User Group" + + name : My Service User Group + q_origin_key : My Service User Group + uuid : 654866b0-e03b-51f0-37cd-775ca4fbef17 + uuid-idx : 43059 + proxy : disable + member : {@{name=DNS; q_origin_key=DNS}} + comment : + color : 0 + fabric-object : disable + +# Remove a Service Group + Get-FGTFirewallServiceGroup -name "My Service Group" | Remove-FGTFirewallServiceGroup + + Confirm + Are you sure you want to perform this action? + Performing the operation "Remove Firewall Service Group" on target "My Service Group". + [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): Y +``` + ### VPN IPsec #### VPN IPsec Interface Phase 1 From 9354a28315b7cdce8b885599a01bf3dfdf8fb156 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 21:12:43 +0100 Subject: [PATCH 3/8] README(.md): Add new chapiter (and sub) for Service (indent) --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9f0e1b5d..e074c496 100644 --- a/README.md +++ b/README.md @@ -1765,7 +1765,9 @@ or delete it `Remove-FGTSystemSDNConnector`. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y ``` -### Service Custom +### Service + +#### Service Custom You can create a new Service Custom `Add-FGTFirewallServiceCustom`, retrieve its information `Get-FGTFirewallServiceCustom`, modify its properties `Set-FGTFirewallServiceCustom` @@ -1829,7 +1831,7 @@ or delete it `Remove-FGTFirewallServiceCustom`. [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): y ``` -### Service Group +#### Service Group You can create a new Service Group `Add-FGTFirewallServiceGroup`, retrieve its information `Get-FGTFirewallServiceGroup`, modify its properties `Set-FGTFirewallServiceGroup`, copy/clone its properties `Copy-FGTFirewallServiceGroup`, From d8c5b5a7fd8e690fc39e569a7f47931a39da9cea Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 21:13:23 +0100 Subject: [PATCH 4/8] README(.md): Update release --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index e074c496..bbe9b7b0 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ This is a Powershell module for configure a FortiGate (Fortinet) Firewall. -With this module (version 0.9.1) you can manage: +With this module (version 0.10.0) you can manage: - [Address](#address) (Add/Get/Copy/Set/Remove object type ipmask/subnet, FQDN, iprange, geo, mac and dynamic (SDN)) - [AddressGroup](#address-group) (Add/Get/Copy/Set/Remove and Add/Remove Member) From d8f9317cde15fd1ccb721ea1e66336942a7e299f Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Tue, 23 Dec 2025 21:14:04 +0100 Subject: [PATCH 5/8] README(.md): note about tested with FortiOS 8.0 (beta) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bbe9b7b0..8d472aca 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ There is some extra feature More functionality will be added later. Connection can use HTTPS (default) or HTTP -Tested with FortiGate (using 5.6.x, 6.x and 7.x firmware but it will be also work with 5.4.x) +Tested with FortiGate (using 5.6.x, 6.x, 7.x and 8.x (beta) firmware but it will be also work with 5.4.x) Add (Experimental) support of [VDOM](#vdom) is available using -vdom parameter for each cmdlet # Usage From 155e9a13f1fa21a647e9754a7e45caf903b8e7f2 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 31 Dec 2025 12:29:24 +0100 Subject: [PATCH 6/8] PowerFGT.psd1: Update to 0.10.0 --- PowerFGT/PowerFGT.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PowerFGT/PowerFGT.psd1 b/PowerFGT/PowerFGT.psd1 index fd071960..cbdbf336 100644 --- a/PowerFGT/PowerFGT.psd1 +++ b/PowerFGT/PowerFGT.psd1 @@ -12,7 +12,7 @@ RootModule = 'PowerFGT.psm1' # Version number of this module. - ModuleVersion = '0.9.1' + ModuleVersion = '0.10.0' # Supported PSEditions # CompatiblePSEditions = @() From 79ac6a623a014f5d687a733d1031bed30fb1dc87 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 31 Dec 2025 12:33:31 +0100 Subject: [PATCH 7/8] GBA(release): Update to checkout@v6 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b199524f..3efeb8ed 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -9,7 +9,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Publish shell: pwsh run: | From 1b5c22bfeb7f4ca65bf7e819f2cefe97416c2403 Mon Sep 17 00:00:00 2001 From: Alexis La Goutte Date: Wed, 31 Dec 2025 13:58:14 +0100 Subject: [PATCH 8/8] PowerFGT.psd1: Update CompatiblePSEditions, Tags and ReleaseNotes --- PowerFGT/PowerFGT.psd1 | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/PowerFGT/PowerFGT.psd1 b/PowerFGT/PowerFGT.psd1 index cbdbf336..e7e5d212 100644 --- a/PowerFGT/PowerFGT.psd1 +++ b/PowerFGT/PowerFGT.psd1 @@ -9,31 +9,31 @@ @{ # Script module or binary module file associated with this manifest. - RootModule = 'PowerFGT.psm1' + RootModule = 'PowerFGT.psm1' # Version number of this module. - ModuleVersion = '0.10.0' + ModuleVersion = '0.10.0' # Supported PSEditions - # CompatiblePSEditions = @() + CompatiblePSEditions = @('Desktop', 'Core') # ID used to uniquely identify this module - GUID = '608e2723-7ce4-4f86-a3c8-ac1acb4f1f66' + GUID = '608e2723-7ce4-4f86-a3c8-ac1acb4f1f66' # Author of this module - Author = 'Alexis La Goutte' + Author = 'Alexis La Goutte' # Company or vendor of this module #CompanyName = 'Unknown' # Copyright statement for this module - Copyright = '(c) Alexis La Goutte. All rights reserved.' + Copyright = '(c) Alexis La Goutte. All rights reserved.' # Description of the functionality provided by this module - Description = 'PowerShell module to query the Fortigate API' + Description = 'PowerShell module to query the Fortigate API' # Minimum version of the PowerShell engine required by this module - PowerShellVersion = '3.0' + PowerShellVersion = '3.0' # Name of the PowerShell host required by this module # PowerShellHostName = '' @@ -69,16 +69,16 @@ # NestedModules = @() # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. - FunctionsToExport = '*' + FunctionsToExport = '*' # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. - CmdletsToExport = @() + CmdletsToExport = @() # Variables to export from this module - VariablesToExport = '*' + VariablesToExport = '*' # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export. - AliasesToExport = @() + AliasesToExport = @() # DSC resources to export from this module # DscResourcesToExport = @() @@ -90,24 +90,24 @@ # FileList = @() # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. - PrivateData = @{ + PrivateData = @{ PSData = @{ # Tags applied to this module. These help with module discovery in online galleries. - Tags = @('Fortinet', 'FortiGate', 'API', 'PSEdition_Core', 'PSEdition_Desktop') + Tags = @('Fortinet', 'FortiGate', 'API') # A URL to the license for this module. - LicenseUri = 'https://github.com/FortiPower/PowerFGT/blob/master/LICENSE' + LicenseUri = 'https://github.com/FortiPower/PowerFGT/blob/master/LICENSE' # A URL to the main website for this project. - ProjectUri = 'https://fortipower.github.io/PowerFGT' + ProjectUri = 'https://fortipower.github.io/PowerFGT' # A URL to an icon representing this module. # IconUri = '' # ReleaseNotes of this module - # ReleaseNotes = '' + ReleaseNotes = 'See https://github.com/FortiPower/PowerFGT/releases for full changelog' } # End of PSData hashtable