Info

AutoGateMate AutoGateMate

AutoGateMate

10/10/2025

Building AutoGateMate

A Lightweight FortiGate Configuration Management Tool

The Problem

In my day job, I’ve worked extensively with FortiGate firewalls and the challenge of managing their configurations across multiple devices. While Fortinet’s FortiManager is a powerful tool, it comes with licensing costs and complexity that doesn’t always fit smaller deployments or lab environments.

I found myself repeatedly asking: Why can’t I just back up my firewall configs automatically, compare changes easily, and keep them versioned in Git? That question became the spark for AutoGateMate.

The Vision

AutoGateMate is a lighter-weight alternative that solves a specific problem: automated FortiGate configuration backups with built-in version control and easy diffing. Instead of reaching for an enterprise solution, you get a web-based dashboard that lets you:

  • Manage multiple FortiGate devices from one place
  • Automatically backup configurations on a schedule you define
  • Compare configuration versions side-by-side
  • Track your configs in Git for external version control
  • Organize devices with a simple tagging system

It’s not meant to replace FortiManager for large enterprises, but for DevOps engineers, network labs, or smaller operations, it fills a practical gap.

Why I Built It (And What I Learned)

Honestly, this project started as a learning vehicle as much as a solution. I wanted a project to get hands-on experience with several technologies that came up repeatedly:

FortiGate REST API Integration — This was the domain-specific piece. Understanding how to authenticate, fetch configs, parse responses, and handle errors with a real-world API taught me more than any tutorial could.

Docker and Containerization — Beyond just writing the app, I needed it to actually run somewhere. I’ve been using Docker quite a bit in my homelab and it seemed like the perfect fit for this app. Docker forced me to think about environment variables, database initialization, and deployment concerns from day one.

TypeScript Strict Mode — I decided early on to use strict TypeScript. I think Claude or Gemini definitely persuaded me but with the whole “Shift Left” mentality catching type errors, null or undefined properties, and data type validation at development time rather than production is a non-negotiable.

The Tech Stack (Why These Choices?)

A.I. tools helped with a lot of the decisions but sharing my requirements and expectations made these stand out.

  • Next.js 15 — Modern, performance-focused, and seemed to me that it’s the standard for React applications right now
  • PostgreSQL + Prisma — Relational data (devices, backups, versions) pairs well with Prisma’s type safety
  • Tailwind CSS + shadcn/ui — Rapid UI development without too much thinking on my part. The shadcn/ui components are supposedly production-ready and were unstyled enough for me to customize
  • TypeScript (strict) — Catches bugs early and in my mind it keeps up with the Shift Left mentality in security
  • Docker — Keeps me on track for learning more around DevOps and makes the project easily deployable, especially in my lab environment

Features in Action

Device Management — Add as many FortiGate devices as you need. Each device stores its IP, API credentials, and custom tags for organization.

Automated Backups — Set a schedule (hourly, daily, weekly, monthly) and the app handles it. No manual downloads. Behind the scenes, a cron endpoint triggers backups at scheduled intervals.

Configuration Diffing — Compare any two backup versions side-by-side. See exactly what changed: new rules, modified addresses, removed policies. This alone saves hours of manual comparison.

Git Integration — If you want external version control, connect a Git repository. Backups can automatically commit to your repo with timestamps and device names.

Search — Search across all your device configs at once. Need to find all references to a specific IP address across your entire infrastructure? It’s there. still need some more around this feature though

The Reality Check

I want to make sure I’m upfront and honest about where this project stands:

What Works Well — The core backup, diff, and device management features are solid. I’ve tested them against real FortiGate devices running various firmware versions. The Docker setup is straightforward and reproducible.

What Needs Work — Error handling could be more granular. Logging is basic. The authentication is functional but far from hardened. There’s no comprehensive test suite yet (I’m using Vitest, but coverage isn’t complete). The UI is clean but minimal…actually I kind of like that part.

Not Production-Ready — I want to be sure I’m transparent about this because it matters. This is a learning project that happens to solve a real problem. Before using in production, you’d need to audit security, add monitoring and alerting for backup failures, implement per-device API tokens, and add proper RBAC. MFA would make a lot of sense too.

What This Shows

When you look at this project, I hope you see:

  1. Full-stack capability — From database schema to UI, I built a mostly complete application
  2. Technology choices — I tried to pick tools for good reasons, not hype
  3. Practical thinking — I identified what I believe is a real problem and built a solution for it that works
  4. Honest communication — I’m wanting to be clear about limitations and what needs improvement
  5. DevOps mindset — Containerized, automated, versioned, deployable
  6. Real-world integration — I didn’t build a TODO app; I integrated with an actual enterprise firewall API

What’s Next

I’m currently focusing on:

  • Adding more comprehensive test coverage (Vitest)
  • Improving error handling and logging
  • Creating a better UI for the search functionality
  • Considering a multi-user setup with proper authentication
  • Performance testing under load (already ran into some memory issues with Chrome/Edge that I’ve hopefully fixed completely now)

This is an active learning project. I’m not rushing to “launch” it because the learning process is the point.

Give It a Shot

If you’re interested in FortiGate configuration management, learning Next.js, or seeing how these pieces fit together, the project is open source on GitHub. Feel free to:

  • Fork it and experiment
  • Open issues with suggestions
  • Use it in your lab environment
  • Learn from the code

Disclaimer: This is a hobby project under active development. Test thoroughly before using in any environment you care about. Better yet, use it in your lab, suggest improvements, and help make it better.

Want to learn more? Check out the AutoGateMate GitHub repository for the full code, detailed setup instructions, and current development status.

Building things in public, even incomplete things, is how we learn. I hope this project is useful to someone—and I’m always open to feedback and contributions.

← Back to projects