FortiPower · alagoutte · Jan 14, 2025 · Jan 9, 2025 · Jan 9, 2025 · Jan 9, 2025
diff --git a/PowerFGT/Public/cmdb/firewall/address.ps1 b/PowerFGT/Public/cmdb/firewall/address.ps1
@@ -53,6 +53,11 @@ function Add-FGTFirewallAddress {
 
         Add Address object type mac (macaddr) with name FGT-Mac and value 01:02:03:04:05:06
 
+        .EXAMPLE
+        Add-FGTFirewallAddress -Name FGT-Dynamic-SDN-MyVM -sdn MyVcenter -filter VMNAME=MyVM
+
+        Add Address object type dynamic (SDN) MyVcenter with name FGT-Dynamic-SDN-MyVM and filter VMNAME=MyVM
+
         .EXAMPLE
         $data = @{ "color" = 23 }
         PS C:\>Add-FGTFirewallAddress -Name FGT -ip 192.0.2.0 -mask 255.255.255.0 -data $data
@@ -77,6 +82,10 @@ function Add-FGTFirewallAddress {
         [string]$country,
         [Parameter (Mandatory = $false, ParameterSetName = "mac")]
         [string[]]$mac,
+        [Parameter (Mandatory = $true, ParameterSetName = "dynamic")]
+        [string]$sdn,
+        [Parameter (Mandatory = $true, ParameterSetName = "dynamic")]
+        [string]$filter,
         [Parameter (Mandatory = $false)]
         [string]$interface,
         [Parameter (Mandatory = $false)]
@@ -147,6 +156,11 @@ function Add-FGTFirewallAddress {
                 $address | add-member -name "type" -membertype NoteProperty -Value "mac"
                 $address | add-member -name "macaddr" -membertype NoteProperty -Value @($mac_array)
             }
+            "dynamic" {
+                $address | add-member -name "type" -membertype NoteProperty -Value "dynamic"
+                $address | add-member -name "sdn" -membertype NoteProperty -Value $sdn
+                $address | add-member -name "filter" -membertype NoteProperty -Value $filter
+            }
             default { }
         }
 
@@ -431,6 +445,12 @@ function Set-FGTFirewallAddress {
 
         Change MyFGTAddress to set a new mac address 01:02:03:04:05:06
 
+        .EXAMPLE
+        $MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress
+        PS C:\>$MyFGTAddress | Set-FGTFirewallAddress -filter VMNAME=MyVM
+
+        Change MyFGTAddress to set a new filter VMNANME=MyVM
+
         .EXAMPLE
         $data = @{ "color" = 23 }
         PS C:\>$MyFGTAddress = Get-FGTFirewallAddress -name MyFGTAddress
@@ -462,6 +482,10 @@ function Set-FGTFirewallAddress {
         [string]$country,
         [Parameter (Mandatory = $false, ParameterSetName = "mac")]
         [string[]]$mac,
+        [Parameter (Mandatory = $false, ParameterSetName = "dynamic")]
+        [string]$sdn,
+        [Parameter (Mandatory = $false, ParameterSetName = "dynamic")]
+        [string]$filter,
         [Parameter (Mandatory = $false)]
         [string]$interface,
         [Parameter (Mandatory = $false)]
@@ -558,6 +582,15 @@ function Set-FGTFirewallAddress {
                     $_address | add-member -name "macaddr" -membertype NoteProperty -Value @($mac_array)
                 }
             }
+            "dynamic" {
+                if ( $PsBoundParameters.ContainsKey('sdn') ) {
+                    $_address | add-member -name "sdn" -membertype NoteProperty -Value $sdn
+                }
+
+                if ( $PsBoundParameters.ContainsKey('filter') ) {
+                    $_address | add-member -name "filter" -membertype NoteProperty -Value $filter
+                }
+            }
             default { }
         }
 

diff --git a/PowerFGT/Public/monitor/firewall/address-dynamic.ps1 b/PowerFGT/Public/monitor/firewall/address-dynamic.ps1
@@ -0,0 +1,68 @@
+#
+# Copyright 2019, Alexis La Goutte <alexis dot lagoutte at gmail dot com>
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+function Get-FGTMonitorFirewallAddressDynamic {
+
+    <#
+        .SYNOPSIS
+        Get Monitor Firewall Address Dynamic
+
+        .DESCRIPTION
+        Get Monitor Firewall Adresss Dynamic (addr, subtype...)
+
+        .EXAMPLE
+        Get-FGTMonitorFirewallAddressDynamic
+
+        Get ALL Firewall Address Dynamic
+
+        .EXAMPLE
+        Get-FGTMonitorFirewallAddressDynamic -dynamic mySDN
+
+        Get Firewall Address Dynamic of mySDN
+
+        .EXAMPLE
+        Get-FGTMonitorFirewallAddressDynamic -vdom vdomX
+
+        Get Firewall Address Dynamic of vdomX
+
+    #>
+
+    Param(
+        [Parameter (Mandatory = $false, Position = 1)]
+        [string]$dynamic,
+        [Parameter (Mandatory = $false)]
+        [switch]$skip,
+        [Parameter(Mandatory = $false)]
+        [String[]]$vdom,
+        [Parameter(Mandatory = $false)]
+        [psobject]$connection = $DefaultFGTConnection
+    )
+
+    Begin {
+    }
+
+    Process {
+
+        $invokeParams = @{ }
+        if ( $PsBoundParameters.ContainsKey('skip') ) {
+            $invokeParams.add( 'skip', $skip )
+        }
+        if ( $PsBoundParameters.ContainsKey('vdom') ) {
+            $invokeParams.add( 'vdom', $vdom )
+        }
+
+        $uri = 'api/v2/monitor/firewall/address-dynamic?'
+
+        if ($dynamic) {
+            $uri += "mkey=$($dynamic)"
+        }
+
+        $response = Invoke-FGTRestMethod -uri $uri -method 'GET' -connection $connection @invokeParams
+        $response.results
+    }
+
+    End {
+    }
+}
diff --git a/README.md b/README.md
@@ -25,7 +25,7 @@ This is a Powershell module for configure a FortiGate (Fortinet) Firewall.
 
 With this module (version 0.9.0) you can manage:
 
-- [Address](#address) (Add/Get/Copy/Set/Remove object type ipmask/subnet, FQDN, iprange, geo and mac)
+- [Address](#address) (Add/Get/Copy/Set/Remove object type ipmask/subnet, FQDN, iprange, geo, mac and dynamic (SDN))
 - [AddressGroup](#address-group) (Add/Get/Copy/Set/Remove and Add/Remove Member)
 - DHCPServer (Get)
 - DNS (Get)
@@ -389,6 +389,34 @@ or delete it `Remove-FGTFirewallAddress`.
     allow-routing        : disable
     fabric-object        : disable
 
+# Create an address (type dynamic (SDN))
+    Add-FGTFirewallAddress -name MySDN -sdn MySDNConnector -filter "VMNAME=MyVM"
+
+    name                 : MySDN
+    q_origin_key         : MySDN
+    uuid                 : a656d5e4-d0ef-51ef-add8-8ec2d3dcb1f1
+    type                 : dynamic
+    sub-type             : sdn
+    clearpass-spt        : unknown
+    start-mac            : 00:00:00:00:00:00
+    end-mac              : 00:00:00:00:00:00
+    country              :
+    cache-ttl            : 0
+    sdn                  : MySDNConnector
+    fsso-group           : {}
+    interface            :
+    obj-type             : ip
+    comment              :
+    associated-interface :
+    color                : 0
+    filter               : VMNAME=MyVM
+    sdn-addr-type        : private
+    obj-id               : q
+    list                 : {}
+    tagging              : {}
+    allow-routing        : disable
+    fabric-object        : disable
+
 ```
 
 ### Filtering
@@ -1744,6 +1772,7 @@ You need to have VPN IPsec Interface Phase 1 created before
 
 It is possible to `monitor` FortiGate
 
+* `Get-FGTMonitorFirewallAddressDynamic` List of Fabric Connector address objects and the IPs they resolve to.
 * `Get-FGTMonitorFirewallAddressFQDN` List of FQDN address objects and the IPs they resolved to
 * `Get-FGTMonitorFirewallPolicy` List traffic statistics for firewall policies
 * `Get-FGTMonitorFirewallSession` List all active firewall sessions
@@ -2125,6 +2154,7 @@ Get-FGTIpsSensor
 Get-FGTLogSetting
 Get-FGTLogTraffic
 Get-FGTMonitorFirewallAddressFQDN
+Get-FGTMonitorFirewallAddressDynamic
 Get-FGTMonitorFirewallPolicy
 Get-FGTMonitorFirewallSession
 Get-FGTMonitorLicenseStatus

diff --git a/Tests/common.ps1 b/Tests/common.ps1
@@ -14,6 +14,7 @@ $script:pester_address2 = "pester_address2"
 $script:pester_address3 = "pester_address3"
 $script:pester_address4 = "pester_address4"
 $script:pester_address5 = "pester_address5"
+$script:pester_address6 = "pester_address6"
 $script:pester_addressgroup1 = "pester_addressgroup %/*?1"
 $script:pester_addressgroup2 = "pester_addressgroup2"
 $script:pester_vip1 = "pester_vip %/*?1"
@@ -67,6 +68,8 @@ $script:pester_userradiusserver1 = "pesterradiusserver1.powerfgt"
 $script:pester_userradiusserver2 = "pesterradiusserver2.powerfgt"
 $script:pester_userradiusserver3 = "pesterradiusserver3.powerfgt"
 $script:pester_userradius_secret = ConvertTo-SecureString "pester_userradiussecret" -AsPlainText -Force
+$script:pester_sdnconnector1 = "pester_sdnconnector1"
+$script:pester_sdnconnector2 = "pester_sdnconnector2"
 
 . ../credential.ps1
 #TODO: Add check if no ipaddress/login/password info...

diff --git a/Tests/integration/Connection.Tests.ps1 b/Tests/integration/Connection.Tests.ps1
@@ -284,6 +284,9 @@ Describe "Connect to a FortiGate (using multi connection)" {
         It "Use Multi connection for call Get Webfilter Profile" {
             { Get-FGTWebfilterProfile -connection $fgt } | Should -Not -Throw
         }
+        It "Use Multi connection for call Get Monitor Firewall Address Dynamic" {
+            { Get-FGTMonitorFirewallAddressDynamic -connection $fgt } | Should -Not -Throw
+        }
         It "Use Multi connection for call Get Monitor Firewall Address FQDN" {
             { Get-FGTMonitorFirewallAddressFQDN -connection $fgt } | Should -Not -Throw
         }