This repository demonstrates how to deploy the prometheus exporter on Kubernetes to monitor a fortigate firewall.
·
Report Bug
·
Request Feature
Table of Contents
This project provides a streamlined and efficient way to deploy a FortiGate Prometheus exporter for your Kubernetes environment to monitor a fortigate firewall.
Info: It is possible to monitor multiple fortigates and also only specific metrics
Components:
The following requirements are necessary to install the project.
- A running Kubernetes cluster
- kubectl installed and configured
- git installed and configured
- makefile installed
Please ensure to use a valid and trusted HTTPS server certificate for your firewall.
Note: If you are using a self signed certificate, make sure to use this image:
therbert6/fortigate-exporter:0.1-insecure
The deployment is handled by a Makefile.
- Clone the repo
git clone https://github.com/Tim-herbie/k8s_fortigate_exporter.git
- Ensure that the following Profile exist on your fortigate. You can create it via CLI or UI.
-
Create Access Profile via CLI
config system accprofile edit "monitor" # global scope will fail on non multi-VDOM firewall set scope global set authgrp read # As of FortiOS 6.2.1 it seems `fwgrp-permissions.other` is removed, # use 'fwgrp read' to get load balance servers metrics set fwgrp custom set loggrp custom set netgrp custom set sysgrp custom set vpngrp read set wifi read # will fail for most recent FortiOS set system-diagnostics disable config fwgrp-permission set policy read set others read end config netgrp-permission set cfg read set route-cfg read end config loggrp-permission set config read end config sysgrp-permission set cfg read end next end -
Create Access Profile via UI
-
- After that create a new "REST API Admin" under
System/Administratorsand name it something likeprometheus. Note the API Key! - You have now completed all preparations! Now it´s time to create the
fortigate.envfile and enter the URL of your firewall and the API Key.Make sure that you configured your fortigate firewall with a valid certificate
# fortigate.env URL=https://fw.example.com FORTIGATE_API_TOKEN=my-secure-fortigate-api-token
- Deployment
After this you should be able to see some metrics from your fortigate firewall in Prometheus!
make all
Once the Fortigate Prometheus exporter pod is up and running, you should be able to see the metrics in Prometheus.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Tim Herbert - [email protected]
Project Link: https://github.com/Tim-herbie/k8s_fortigate_exporter
Use this space to list resources you find helpful and would like to give credit to. I've included a few of my favorites to kick things off!