Merge pull request #69 from Botinoc/master

chkp-ofirs · web-flow · commit 36ab664bf264 · 2022-07-04T13:19:36.000+03:00
Fortinet: changing the logic for creating zones (VDOM mod)
diff --git a/FortinetMigration/FortiGateConverter.cs b/FortinetMigration/FortiGateConverter.cs
@@ -3557,8 +3557,6 @@ public void Add_ParentLayer(CheckPoint_Package package, List<FgCommand> fgComman
                 cpRuleLayer.Rules.Add(cpSubRuleZone);
             }
 
-            bool isIntfContainsAny = false;
-
             NewFortigateAnalizStatistic._fullrullPackcount = fgCommandsList.Count;
             foreach (FgCommand fgCommandE in fgCommandsList)
             {
@@ -3616,20 +3614,20 @@ public void Add_ParentLayer(CheckPoint_Package package, List<FgCommand> fgComman
                             {
                                 fgSrcIntfs = fgCommand_Set.Value.Trim('"').Split(new string[] { "\" \"" }, StringSplitOptions.None).ToArray();
 
-                                if (Array.IndexOf(fgSrcIntfs.Select(s => s.ToLowerInvariant()).ToArray(), "any") > -1)
-                                {
-                                    isIntfContainsAny = true;
-                                }
+                                //if (Array.IndexOf(fgSrcIntfs.Select(s => s.ToLowerInvariant()).ToArray(), "any") > -1)
+                                //{
+                                //    isIntfContainsAny = true;
+                                //}
                             }
 
                             if (fgCommand_Set.Field.Equals("dstintf"))
                             {
                                 fgDstIntfs = fgCommand_Set.Value.Trim('"').Split(new string[] { "\" \"" }, StringSplitOptions.None).ToArray();
 
-                                if (Array.IndexOf(fgDstIntfs.Select(s => s.ToLowerInvariant()).ToArray(), "any") > -1)
-                                {
-                                    isIntfContainsAny = true;
-                                }
+                                //if (Array.IndexOf(fgDstIntfs.Select(s => s.ToLowerInvariant()).ToArray(), "any") > -1)
+                                //{
+                                //    isIntfContainsAny = true;
+                                //}
                             }
 
 
@@ -4108,41 +4106,52 @@ public void Add_ParentLayer(CheckPoint_Package package, List<FgCommand> fgComman
 
             //if Src or Dst Intf DO NOT contain ANY then we create sub-layers
             //otherwise policy is plain
-            if (!isIntfContainsAny)
+            List<CheckPoint_Rule> newRootRulesList = new List<CheckPoint_Rule>();
+            foreach (CheckPoint_Rule rootRule in rootRulesList)
             {
-                package.ParentLayer.Rules.AddRange(rootRulesList);
+                if (!rootRule.Name.Contains("any"))
+                {
+                    newRootRulesList.Add(rootRule);
+                }
+            }
+            package.ParentLayer.Rules.AddRange(newRootRulesList);
 
-                foreach (string key in extraZonesMap.Keys)
+            
+            foreach (string key in extraZonesMap.Keys)
+            {
+                if (key.Contains("any"))
                 {
-                    AddCpObjectToLocalMapper(key, extraZonesMap[key]);
-                    AddCheckPointObject(extraZonesMap[key]);
+                    continue;
                 }
+                AddCpObjectToLocalMapper(key, extraZonesMap[key]);
+                AddCheckPointObject(extraZonesMap[key]);
+            }
 
-                _warningsList.AddRange(extraZonesWarnMsgsList);
+            _warningsList.AddRange(extraZonesWarnMsgsList);
 
-                foreach (string key in rootLayersMap.Keys)
+            foreach (string key in rootLayersMap.Keys)
+            {
+                if (key.Contains("any"))
                 {
-                    CheckPoint_Layer cpLayer = rootLayersMap[key];
+                    continue;
+                }
+                CheckPoint_Layer cpLayer = rootLayersMap[key];
 
-                    CheckPoint_Rule cpRuleCU = new CheckPoint_Rule();
-                    if(!OptimizeConf) NewFortigateAnalizStatistic._cleanupServicesRuleCount++;
-                    NewFortigateAnalizStatistic._totalServicesRulesCount++;
-                    cpRuleCU.Name = "Sub-Policy Cleanup";
-                    cpRuleCU.Layer = cpLayer.Name;
+                CheckPoint_Rule cpRuleCU = new CheckPoint_Rule();
+                if (!OptimizeConf) NewFortigateAnalizStatistic._cleanupServicesRuleCount++;
+                NewFortigateAnalizStatistic._totalServicesRulesCount++;
+                cpRuleCU.Name = "Sub-Policy Cleanup";
+                cpRuleCU.Layer = cpLayer.Name;
 
-                    cpLayer.Rules.Add(cpRuleCU);
+                cpLayer.Rules.Add(cpRuleCU);
 
-                    package.SubPolicies.Add(cpLayer);
-                    validatePackage(package);
-                }
+                package.SubPolicies.Add(cpLayer);
+                validatePackage(package);
             }
-            else
+            foreach (CheckPoint_Rule ruleAdd in realRulesList)
             {
-                foreach (CheckPoint_Rule ruleAdd in realRulesList)
-                {
-                    ruleAdd.Layer = package.ParentLayer.Name;
-                    package.ParentLayer.Rules.Add(ruleAdd);
-                }
+                ruleAdd.Layer = package.ParentLayer.Name;
+                package.ParentLayer.Rules.Add(ruleAdd);
             }
 
             var cpRuleFake = new CheckPoint_Rule();
