Python script to convert Cisco ASA to Fortigate addresses objects and groups, created with help of ChatGPT
In this blog post, I will discuss how I used ChatGPT to create a Python script for converting Cisco ASA network objects and groups to Fortigate format.
As a network engineer with limited coding experience, I was intimidated by the prospect of creating a script from scratch. But with ChatGPT, I was able to get started right away. ChatGPT is an open-source natural language processing model that can be used to generate code from natural language commands.
Using ChatGPT, I provided the input file asa.txt and the model generated a script that read the input file, converted the Cisco ASA network objects and groups to Fortigate format, and wrote the converted lines to the output file.
The script generated by ChatGPT was accurate and easy to read, and it was able to handle the complexity of the task. It used regular expressions to match the different patterns of object-group constructs, and it was able to create the corresponding firewall address group configurations. It also converted the masks to CIDR format, which is a nice feature.
Overall, I was impressed with the accuracy and quality of the script generated by ChatGPT, and it saved me a lot of time and effort. By using ChatGPT, I was able to create a Python script with minimal coding experience. This is a great example of how natural language processing can be used to automate the process of coding.
In conclusion, ChatGPT is a powerful tool for automating the process of coding. It can generate accurate and quality code from natural language commands, and it is easy to use even for those with limited coding experience. I highly recommend ChatGPT for automating network tasks.
Feel free to use this piece of code for your own benefit.
import re
# Converting address objects
# Open the input and output files
with open('asa.txt', 'r') as asa_file, open('fgt-addr-addrgrp.txt', 'w') as fgt_file:
# Read the contents of the input file
asa_contents = asa_file.read()
# Convert subnet address objects
asa_contents = re.sub(r'object network (\S+)\n subnet (\S+) (\S+)',
r'config firewall address\n edit \1\n set subnet \2 \3\n next\n end\n',
asa_contents)
# Convert fqdn network objects
asa_contents = re.sub(r'object network (\S+)\n fqdn (v4 )?(\S+)',
r'config firewall address\n edit \1\n set type fqdn\n set fqdn \3\n next\n end\n',
asa_contents)
# Convert host address objects
asa_contents = re.sub(r'object network (\S+)\n host (\S+)',
r'config firewall address\n edit \1\n set subnet \2 255.255.255.255\n next\n end\n',
asa_contents)
# Split the input file into lines
asa_lines = asa_contents.split('\n')
# Iterate through the lines and write the converted lines to the output file
for line in asa_lines:
if re.match(r'config firewall address', line):
fgt_file.write(line + '\n')
if re.match(r' edit \S+', line):
fgt_file.write(line + '\n')
if re.match(r' set .+', line):
fgt_file.write(line + '\n')
if re.match(r' next', line):
fgt_file.write(line + '\n')
if re.match(r' end', line):
fgt_file.write(line + '\n\n')
def mask_to_cidr(mask):
# Convert mask to CIDR format
cidr = 0
for octet in mask.split("."):
cidr += bin(int(octet)).count("1")
return cidr
# Converting address group objects and creating new address objects from addresses inside them
# Open input and output files
with open("asa.txt", "r") as asa_file, open("fgt-addr-addrgrp.txt", "a") as output_file:
# Initialize variables
groupname = ""
descr = ""
subnets = []
hosts = []
objects = []
nestedgroups = []
# Read input file line by line
for line in asa_file:
# Check if line starts a new object-group block
if line.startswith("object-group network"):
# If an object-group block is already in progress, create the corresponding firewall address group configurations
if groupname:
# Create firewall address group configuration block for subnets
if subnets:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for subnet in subnets:
output_file.write(f" append member {subnet}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Create firewall address group configuration block for hosts
if hosts:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for host in hosts:
output_file.write(f" append member {host}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Create firewall address group configuration block for objects
if objects:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for obj in objects:
output_file.write(f" append member {obj}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Extract group name from line
groupname = re.search(r"object-group network (\S+)", line).group(1)
# Reset variables
descr = ""
subnets = []
hosts = []
objects = []
nestedgroups = []
# Check if line is a description line
elif line.startswith(" description"):
# Extract description from line
descr = re.search(r" description (.*)", line).group(1)
elif line.startswith(" network-object"):
# Check if line is a network-object subnet line
#updating below line with match:
# Check if line is a network-object host line
if "network-object host" in line:
# Extract host address from line
host = re.search(r" network-object host (\S+)", line).group(1)
# Add address/32 to list of hosts
hosts.append(f"{host}/32")
# Create firewall address configuration block
output_file.write("config firewall address\n")
output_file.write(f" edit {host}/32\n")
output_file.write(f" set subnet {host}/32\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Check if line is a network-object object line
elif "network-object object" in line:
# Extract object name from line
obj = re.search(r" network-object object (\S+)", line).group(1)
# Add object name to list of objects
objects.append(obj)
elif "network-object" in line and re.search(r"network-object (\S+) (\S+)", line):
# Extract subnet and mask from line
subnet, mask = re.search(r" network-object (\S+) (\S+)", line).groups()
# Convert mask to CIDR format
cidr = mask_to_cidr(mask)
# Add subnet/CIDR to list of subnets
subnets.append(f"{subnet}/{cidr}")
# Create firewall address configuration block
output_file.write("config firewall address\n")
output_file.write(f" edit {subnet}/{cidr}\n")
output_file.write(f" set subnet {subnet}/{cidr}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
elif line.startswith(" group-object"):
# Check if line is a network-object subnet line
#updating below line with match:
# Check if line is a network-object host line
if "group-object" in line:
# Extract object name from line
nestedgrp = re.search(r" group-object (\S+)", line).group(1)
# Add object name to list of objects
objects.append(nestedgrp)
# If there is an object-group block in progress at the end of the input file, create the corresponding firewall address group configuration
if groupname:
# Create firewall address group configuration block for subnets
if subnets:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for subnet in subnets:
output_file.write(f" append member {subnet}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Create firewall address group configuration block for hosts
if hosts:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for host in hosts:
output_file.write(f" append member {host}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Create firewall address group configuration block for objects
if objects:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for obj in objects:
output_file.write(f" append member {obj}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
# Create firewall address group configuration block for nested groups
if nestedgroups:
output_file.write("config firewall addrgrp\n")
output_file.write(f" edit {groupname}\n")
if descr:
output_file.write(f" set comment '{descr}'\n")
for obj in objects:
output_file.write(f" append member {nestedgrp}\n")
output_file.write(" next\n")
output_file.write("end\n\n")
print("Done! check the output file")