- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- Re: Web UI/clish idea
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Web UI/clish idea
Hey guys,
Client asked me about this recently and I am pretty sure its not possible currently from web UI, but they wanted to know if there were any plans to implement it eventually. Im referring to something like below on Fortinet, where bunch of web UI settings can be edited in built in cli (terminal) directly.
Thoughts?
Andy
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good idea 🙂 Let's make an RFE 🙂
But the hosting servers and storages are burning from the Forti screenshot 🙂
Ákos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just submitted an RFE and got an email with reference number, lets see what happens 🙂
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good idea 🙂 Let's make an RFE 🙂
But the hosting servers and storages are burning from the Forti screenshot 🙂
Ákos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its super basic lab brother 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just submitted an RFE and got an email with reference number, lets see what happens 🙂
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you asked RFE for GAIA or GAIA embedded or both? What happens in you press in this case the button?
You go to CLI and will show correct CLI reference?
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey,
Just asked for regular fw, not embedded. In Fortinet, yes, if you press option I pointed out, it will show you cli config in embedded cli (terminal) and you can even change it right there.
I was thinking maybe "configuration" option in CP web UI may do something, but nothing comes up no matter how many times I press it.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Example of what I gave initially.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cool I get it, handy if you want to learn the CLI also
If you like this post please give a thumbs up(kudo)! 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think so, ya.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
there is a >_ button in the top pane next to the lock button that opens a cli that is tunneled over HTTPS. or you are looking for something that opens up in a specific cli configuration context?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct, BUT, that opens generic clish, NOT for specific/given settings, like Fortinet screenshot I posted.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To be honest, the config structure of the Fortigate is totally different. Start with #edit
akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep, totally different. I would say its somewhat similar to Cisco OS, see below examples from my lab.
Andy
Literally any command can be shortened.
Using username "admin".
admin@172.16.10.147's password:
Send automatic password
Access denied
admin@172.16.10.147's password:
Fortigate-VM #
Fortigate-VM # diag debug disable
Fortigate-VM # di de di
Fortigate-VM # get sys status
Version: FortiGate-VM64-KVM v7.6.1,build3457,241127 (GA.F)
First GA patch build date: 240724
Security Level: High
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.01026(2024-11-14 23:09)
Serial-Number: FGVM2V0000159742
License Status: Valid
VM Resources: 2 CPU/2 allowed, 1993 MB RAM
Log hard disk: Not available
Hostname: Fortigate-VM
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 3457
Release Version Information: GA
FortiOS x86-64: Yes
System time: Mon Dec 30 14:14:19 2024
Last reboot reason: power cycle
Fortigate-VM # get sy st
ambiguous command before 'st'
Command fail. Return code -7
Fortigate-VM # get sy sta
ambiguous command before 'sta'
Command fail. Return code -7
Fortigate-VM # get sy stat
Version: FortiGate-VM64-KVM v7.6.1,build3457,241127 (GA.F)
First GA patch build date: 240724
Security Level: High
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)
Extended DB: 1.00000(2018-04-09 18:07)
Extreme DB: 1.00000(2018-04-09 18:07)
AV AI/ML Model: 0.00000(2001-01-01 00:00)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 6.00741(2015-12-01 02:30)
APP-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-DB: 6.00741(2015-12-01 02:30)
Proxy-IPS-ETDB: 6.00741(2015-12-01 02:30)
Proxy-APP-DB: 6.00741(2015-12-01 02:30)
FMWP-DB: 0.00000(2001-01-01 00:00)
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
IoT-Detect: 0.00000(2022-08-17 17:31)
OT-Detect-DB: 0.00000(2001-01-01 00:00)
OT-Patch-DB: 0.00000(2001-01-01 00:00)
OT-Threat-DB: 6.00741(2015-12-01 02:30)
IPS-Engine: 7.01026(2024-11-14 23:09)
Serial-Number: FGVM2V0000159742
License Status: Valid
VM Resources: 2 CPU/2 allowed, 1993 MB RAM
Log hard disk: Not available
Hostname: Fortigate-VM
Private Encryption: Disable
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 2
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 3457
Release Version Information: GA
FortiOS x86-64: Yes
System time: Mon Dec 30 14:14:36 2024
Last reboot reason: power cycle
Fortigate-VM #
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer your question, yes, thats what customer was asking me about 🙂
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i see, seems like a big clish revamping to have contexts like that, but that could be cool
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lets see, it would be cool indeed 🙂
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I am user configured to access only Web-UI, should I be allowed to see clish commands ?
There are 3 types of access-mechanisms to be available for specific user: Web-UI, CLI, Gaia-API.
All OS config data are saved in plain-text file (/config/db/initial) and as SQLite database (/config/db/initial_db). I am pretty sure Web-UI is getting these data from CLI anyway (show/dbget). The same should apply to modify something over Web-UI/Clish/Gaia-API (here set,add,delete or dbset should be used).
To have this topic complete, may we get the RFE number so someone can ask for the progress in the future?
Jozko Mrkvicka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure if Im allowed to share RFE reference...
Thoughs @PhoneBoy ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here is the RFE number.
Andy
Feedback reference number: 49259r614
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You realize you can access the CLI from the WebUI, right?
This is from R82, but I'm pretty sure it's also available in earlier versions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Of course, thats been there forever. BUT, thats NOT what customer was talking about 🙂
He wanted to know if say you clicked on "dhcp server" tab, if there would ever be an option to edit that config in cli, or any other tab for that matter. Same like the Fortigate screenshot I posted.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is the first time I’ve ever heard of such a feature.
Whether we will ever develop it or not isn’t known.
You can share the RFE number you have, I suppose, but I’m not sure how useful it will be in practice as I’ve never seen references to them made anywhere.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thats totally fair 🙂
To be perfectly honest with you (or as my mom would say "No son, I want you to be dishonest with me" LOL), I am almost positive customer mentioned just as would be nice to have, but thats about it. You know how it goes, when people work on one vendor forever, its not always easy after you switch to different one, as of course, things WILL be different.
Anywho, here is RFE reference number:
Feedback reference number: 49259r614
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What the customer is asking has no sense
FTNT and CKP clish working in a totally different way, it's basically a Tree Structure VS a Plain Structure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
They are not really asking for it, they just said would be nice to have 🙂
