post-login-banner not accepted

[tommarcoen]

Our company has a post-login-banner configured on the firewall for which you have to press 'a' to accept it and get a prompt. It is not accepted automatically but it's also not possible to manually accept the banner by doing a execute_command('a').

Did you follow the steps from https://github.com/napalm-automation/napalm#faq

• Yes
• No

Setup

napalm-fortios version

(Paste verbatim output from pip freeze | grep napalm-fortios between quotes below)

napalm-fortios==0.4.0

FortiOS version

(Paste verbatim output from get sys status between quotes below)

# get sys status
Version: FortiGate-600D v5.4.5,build1138,170531 (GA)
Virus-DB: 51.00610(2017-09-11 21:16)
Extended DB: 51.00610(2017-09-11 21:15)
Extreme DB: 1.00000(2012-10-17 15:47)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 12.00219(2017-09-08 02:04)
Serial-Number: FGT6HD3916806247
IPS Malicious URL Database: 1.00760(2017-09-11 08:47)
Botnet DB: 4.00045(2017-09-11 10:00)
BIOS version: 05000005
System Part-Number: P18736-06
Log hard disk: Available
Hostname: FWBIS001
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 10
Virtual domains status: 2 in NAT mode, 0 in TP mode
Virtual domain configuration: enable
FIPS-CC mode: disable
Current HA mode: a-a, master
Branch point: 1138
Release Version Information: GA
FortiOS x86-64: Yes
System time: Tue Sep 12 10:13:11 2017

Steps to Reproduce the Issue

from pyFG import FortiOS
d = FortiOS('10.1.1.1', username='username', password='password')
d.open()
d.execute_command('a')
['', 'POST WARNING:', 'This is a private computer system. Unauthorized access or use ', 'is prohibited and subject to prosecution and/or disciplinary ', 'action. All use of this system constitutes consent to ', 'monitoring at all times and users are not entitled to any ', 'expectation of privacy. If monitoring reveals possible evidence', 'of violation of criminal statutes, this evidence and any other ', 'related information, including identification information about ', 'the user, may be provided to law enforcement officials.', 'If monitoring reveals violations of security regulations or', 'unauthorized use, employees who violate security regulations or', 'make unauthorized use of this system are subject to appropriate ', 'disciplinary action.', '', '', '', ' ', "(Press 'a' to accept):", '']
d.execute_command('a')
['', 'POST WARNING:', 'This is a private computer system. Unauthorized access or use ', 'is prohibited and subject to prosecution and/or disciplinary ', 'action. All use of this system constitutes consent to ', 'monitoring at all times and users are not entitled to any ', 'expectation of privacy. If monitoring reveals possible evidence', 'of violation of criminal statutes, this evidence and any other ', 'related information, including identification information about ', 'the user, may be provided to law enforcement officials.', 'If monitoring reveals violations of security regulations or', 'unauthorized use, employees who violate security regulations or', 'make unauthorized use of this system are subject to appropriate ', 'disciplinary action.', '', '', '', ' ', "(Press 'a' to accept):", '']

[tommarcoen]

When I do ssh username@10.1.1.1 'a; get system status', I get the following output which seems to suggest then sending a` via SSH automation works as I do get a prompt.

POST WARNING:
This is a private computer system. Unauthorized access or use
is prohibited and subject to prosecution and/or disciplinary
action. All use of this system constitutes consent to
monitoring at all times and users are not entitled to any
expectation of privacy. If monitoring reveals possible evidence
of violation of criminal statutes, this evidence and any other
related information, including identification information about
the user, may be provided to law enforcement officials.
If monitoring reveals violations of security regulations or
unauthorized use, employees who violate security regulations or
make unauthorized use of this system are subject to appropriate
disciplinary action.




(Press 'a' to accept):

FWBIS001 #
FWBIS001 # 6694: Unknown action 0
Command fail. Return code -1

Moreover, I was able to remotely execute a command via cat commands.txt | ssh username@10.1.1.1 where the commands.txt file contains two lines:

a
get system status

I think this means that pyFG somehow is sending the commands passed along with execute_command() wrongly to the SSH session.

[dbarrosop]

I suggest you opening an issue in https://github.com/spotify/pyfg as there isn't much we can do here.

Closing the ticket, feel free to reopen if you feel there is something we could do.

[dbarrosop]

Now that I realized, try the following:

from pyFG import FortiOS
d = FortiOS('10.1.1.1', username='username', password='password')
d.open()
d.execute_command('a\n')

[tommarcoen]

Does not work either. But I suspect it should be something like this. Also a\r\n or a\n\r did not work.

[awlx]

Maybe this is obsolete in the future, I started a rewrite based on the official FortiOS API (https://github.com/fortinet-solutions-cse/fortiosapi) instead of screenscraping.

Let's see if I can pull all the needed stuff through API only.

[tommarcoen]

Hey awlx, any updates on that?