Scripts – FortiManager 5.2

Leave a reply

CLI script group

Create CLI script groups:

  1. Go to Scripts > CLI Script Group.
  2. Select Create New in the script action bar. The Create New CLI Script Group(s) page opens.
Create new CLI script groups

 

Script syntax

  1. Configure the following settings:
Script Name                  Enter a name for the script group.
Comments                     Optionally, type a comment for the script group.
Type                              CLI Script. This field is read-only.
Run Script on Select the script target. This settings will affect the options presented when you go to run a script. The options include: l Device Database l Policy Package, ADOM Database l Remote FortiGate Directly (via CLI)
Available Scripts/Mem- Use the directional arrows to move an available script to member scripts.

ber Scripts
  1. Select OK to save the CLI script group.

Script syntax

Most script syntax is the same as that used by FortiOS. For information see the FortiOS CLI Reference, available in the Fortinet Document Library.

Some special syntax is required by the FortiManager to run CLI scripts on devices.

Syntax applicable for address and address6

config firewall address edit xxxx

…regular FOS command here…

config dynamic_mapping

syntax

edit “<dev_name>”-“<vdom_name>”

set subnet x.x.x.x x.x.x.x

next

end

Syntax applicable for ippool and ippool6

config firewall ippool edit xxxx

…regular FOS command here…

config dynamic_mapping edit “<dev_name>”-“<vdom_name>”

set startip x.x.x.x set endip x.x.x.x

next

end

Syntax applicable for vip, vip6, vip46, and vip64

config firewall vip edit xxxx

…regular FOS command here…

config dynamic_mapping edit “<dev_name>”-“<vdom_name>” set extintf “any” set extip x.x.x.x-x.x.x.x set mappedip x.x.x.x-x.x.x.x set arp-reply enable|disable

next

end

Syntax applicable for zone

config dynamic interface

edit xxxx

set single-intf enable|disable set default-mapping enable|disable set defmap-intf xxxx config dynamic_mapping edit “<dev_name>”-“<vdom_name>”

set local-intf xxxx set intrazone-deny enable|disable

next

end

next

end

Syntax applicable for local interface

config dynamic certificate local edit xxxx

config dynamic_mapping

edit “<dev_name>”-“global”

Script syntax

set local-cert xxxx

next

end

Syntax applicable for vpn tunnel

config dynamic vpntunnel edit xxxx config dynamic_mapping edit “<dev_name>”-“<vdom_name>” set local-ipsec “<tunnel_name>”

next

end

 

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13
This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.