FortiSim: Fortinet Firewall Simulator

[+] Status: Complete [+] Origin: Portfolio Project [+] Date: 2025.01
>> TECH_STACK:
[React][TypeScript][Tailwind CSS][Vite]

FortiSim is a browser-based Fortinet FortiGate firewall simulator. It provides both a CLI terminal that emulates FortiOS command syntax and a GUI that mirrors the FortiGate web management interface. Engineers can practice firewall configuration, build policy rulesets, and analyze rule interactions without needing access to physical hardware or vendor trial licenses.

The simulator includes a policy rule engine that evaluates firewall rules top-down, detects shadowed rules, and visualizes the effective security posture for any given traffic flow. Both interfaces share the same underlying configuration state, so changes in the CLI are immediately visible in the GUI and vice versa.

Open Source

This project is open source and available on GitHub

View Repository 6 Commits Star on GitHub

Frontend application simulating FortiGate CLI and GUI interfaces:

React + TypeScript
UI Framework

Component-based architecture modeling FortiGate CLI and GUI interfaces with type-safe policy rule management

Tailwind CSS
Styling

Recreating the FortiGate web interface aesthetic with responsive layouts and dark mode support

TypeScript
Rule Engine

Strict typing for firewall policy objects, address groups, service definitions, and rule evaluation logic

Vite
Build Tool

Fast development with hot module replacement for rapid iteration on the CLI parser and GUI components

Simulation FortiOS CLI Emulation
Problem: Learning Fortinet firewall configuration requires access to expensive hardware or limited trial VMs
Solution: Built a terminal emulator that parses FortiOS CLI commands, validates syntax, maintains configuration state, and provides contextual tab completion and help text matching real FortiGate behavior
Result: Practice firewall configuration without needing physical hardware or vendor licenses
Architecture Policy Rule Engine
Problem: Firewall rules interact in complex ways. Order matters, overlapping rules create shadows, and implicit denies catch everything else
Solution: Implemented a rule evaluation engine that processes policies top-down, detects shadowed rules (rules that never trigger because an earlier rule matches first), and visualizes the effective policy for any given source/destination/service combination
Result: Visual policy analysis helps identify misconfigurations before they reach production
UX Design Dual Interface Mode
Problem: Some engineers prefer CLI, others prefer GUI. Both are valid workflows on real FortiGate devices
Solution: Built both a terminal-style CLI interface and a web GUI that mirrors the FortiGate management console. Changes made in either interface reflect in real time in the other, maintaining a single source of truth for the configuration
Result: Supports both CLI-first and GUI-first workflows, matching real-world Fortinet administration
CLI Parsing
  • Command tokenization
  • Context-aware completion
  • Syntax validation
  • Help text generation
Network Security
  • Firewall policy logic
  • Rule ordering
  • Shadow detection
  • Address/service objects
React Architecture
  • Terminal emulator component
  • Dual-view state sync
  • Policy table rendering
  • Real-time filtering
TypeScript
  • Discriminated unions for rules
  • Type-safe CLI commands
  • Generic policy types
  • Strict null checks
Complete
  • FortiOS CLI emulation with tab completion
  • GUI mirroring FortiGate web interface
  • Policy rule engine with top-down evaluation
  • Shadow rule detection and analysis
  • Dual-interface state synchronization
  • Address and service object management