Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Online Help

    6.2.2
    7.2.0
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.2
    6.2.1
    6.2.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    FortiGate Configuration Obfuscator Tool

    FortiGate Configuration Obfuscator Tool

    This feature can be used to obfuscate IP addresses, object's names, and confidential information for the case when the configurations cannot be sent without scrubbing.

    1. On the left-sidebar, select Obfuscator to enter the page.

    2. 2. Select the types you want to obfuscate. Note that if the object name is unselected, the second row will be disabled.

    3. 3. Upload the FortiGate configuration and click Obfuscate Config.

    4. Options description

    Type

    IPv4 Global find IPv4 addresses include the unicast, multicast, private network, and address range pattern and substitute.
    IPv6 Global find IPv6 addresses and substitute.
    FQDN Global find FQDN and Wildcard-FQDN address and substitute.
    MAC Address Global find MAC addresses and substitute.

    Password,

    Pre-Shared key

    		 Global find ENC *** pattern and substitute with the string "012345678".
    SSID Global find ssid name and substitute.
    Comment Global find set comment|comments and remove the line.
    Object Name Global find object names according to the selected object name categories .

    Object Name

    Interface Find object names under the config system interface and substitute with INTERFACE_INDEX. It won't change the default FortiGate interface name like "wan1", "port2", "dmz," etc.
    Zone Find object names under the config system zone and substitute with ZONE_ INDEX.
    Address

    Find object names under the config firewall address and substitute with ADDR_ INDEX.

    It won't change the name like "all", "any", etc.
    Address Group Find object names under the config firewall addrgrp and substitute with ADDRGrp_ INDEX.
    IPPool Find object names under the config firewall ippool and substitute with IPPool_ INDEX.
    VIP Find object names under the config firewall vip and substitute with VIP_ INDEX.
    VIP Group Find object names under the config firewall vipgrp and substitute with VIPGrp_ INDEX.
    Service

    Find object names under the config firewall service custom and substitute with SERV_ INDEX.

    It won't change the name like "all", "any", etc.
    Service Group Find object names under the config firewall service group and substitute with SERVGrp_ INDEX.
    VPN

    Find object names under

    config vpn ipsec phase1, config vpn ipsec phase2 config vpn ipsec phase1-interface, config vpn ipsec phase2-interface and substitute with VPN_ INDEX or VPN_INTF_ INDEX.
    Policy Find "set name" under the config firewall policy and substitute with POLICY_ INDEX.
    *Note that the text substitution follows the order below.

    IP Address > SSID > (substitute object name with the following order) > VPN > Interface > Zone > address and group > ippool > vip > vip and group > service and group

    According to the substitution order above, if the object name contains an address string (commonly used in IPPool and VIP), it won’t be replaced with the name IPPool_INDEX or VIP_INDEX because the IP address has higher order.

    For example, in the case below, the output replaces the IP string in the object name instead of using IPPool_INDEX while other objects such as VIP remains the same.

    config firewall ippool

    edit "ippool-10.161.192.11"

    set endip 10.161.192.11

    set startip 10.161.192.11

    set type overload

    next

    end

    (After run the obfuscator)

    config firewall ippool

    edit "ippool-10.90.31.207"

    set endip 10.90.31.207

    set startip 10.90.31.207

    set type overload

    next

    end

    Previous
    Next

    FortiGate Configuration Obfuscator Tool

    FortiGate Configuration Obfuscator Tool

    This feature can be used to obfuscate IP addresses, object's names, and confidential information for the case when the configurations cannot be sent without scrubbing.

    1. On the left-sidebar, select Obfuscator to enter the page.

    2. 2. Select the types you want to obfuscate. Note that if the object name is unselected, the second row will be disabled.

    3. 3. Upload the FortiGate configuration and click Obfuscate Config.

    4. Options description

    Type

    IPv4 Global find IPv4 addresses include the unicast, multicast, private network, and address range pattern and substitute.
    IPv6 Global find IPv6 addresses and substitute.
    FQDN Global find FQDN and Wildcard-FQDN address and substitute.
    MAC Address Global find MAC addresses and substitute.

    Password,

    Pre-Shared key

    		 Global find ENC *** pattern and substitute with the string "012345678".
    SSID Global find ssid name and substitute.
    Comment Global find set comment|comments and remove the line.
    Object Name Global find object names according to the selected object name categories .

    Object Name

    Interface Find object names under the config system interface and substitute with INTERFACE_INDEX. It won't change the default FortiGate interface name like "wan1", "port2", "dmz," etc.
    Zone Find object names under the config system zone and substitute with ZONE_ INDEX.
    Address

    Find object names under the config firewall address and substitute with ADDR_ INDEX.

    It won't change the name like "all", "any", etc.
    Address Group Find object names under the config firewall addrgrp and substitute with ADDRGrp_ INDEX.
    IPPool Find object names under the config firewall ippool and substitute with IPPool_ INDEX.
    VIP Find object names under the config firewall vip and substitute with VIP_ INDEX.
    VIP Group Find object names under the config firewall vipgrp and substitute with VIPGrp_ INDEX.
    Service

    Find object names under the config firewall service custom and substitute with SERV_ INDEX.

    It won't change the name like "all", "any", etc.
    Service Group Find object names under the config firewall service group and substitute with SERVGrp_ INDEX.
    VPN

    Find object names under

    config vpn ipsec phase1, config vpn ipsec phase2 config vpn ipsec phase1-interface, config vpn ipsec phase2-interface and substitute with VPN_ INDEX or VPN_INTF_ INDEX.
    Policy Find "set name" under the config firewall policy and substitute with POLICY_ INDEX.
    *Note that the text substitution follows the order below.

    IP Address > SSID > (substitute object name with the following order) > VPN > Interface > Zone > address and group > ippool > vip > vip and group > service and group

    According to the substitution order above, if the object name contains an address string (commonly used in IPPool and VIP), it won’t be replaced with the name IPPool_INDEX or VIP_INDEX because the IP address has higher order.

    For example, in the case below, the output replaces the IP string in the object name instead of using IPPool_INDEX while other objects such as VIP remains the same.

    config firewall ippool

    edit "ippool-10.161.192.11"

    set endip 10.161.192.11

    set startip 10.161.192.11

    set type overload

    next

    end

    (After run the obfuscator)

    config firewall ippool

    edit "ippool-10.90.31.207"

    set endip 10.90.31.207

    set startip 10.90.31.207

    set type overload

    next

    end

    Previous
    Next