Recurring schedule object

Recurring schedule object

Recurring schedules are in effect repeatedly at specified times of specified days of the week. The Recurring schedule is based on a repeating cycle of the days of the week as opposed to every x days or days of the month. This means that you can configure the schedule to be in effect on Tuesday, Thursday, and Saturday but not every 2 days or on odd numbered days of the month.

If a recurring schedule has a stop time that is earlier than the start time, the schedule will take effect at the start time but end at the stop time on the next day. You can use this technique to create recurring schedules that run from one day to the next.

Configuring a Recurring schedule object in the GUI

  1. Go to Policy & Objects > Schedules.
  2. Select Create New. A drop down menu is displayed. Select Schedule.
  3. From the Type options, choose Recurring.
  4. Input a Name for the schedule object.
  5. If you which to add a Color to the icon in the GUI, you can click on the Change link to choose 1 of 32 color options.
  6. From the Days options, choose the day of the week that you would like this schedule to apply to. The schedule will be in effect on the days of the week that have a check mark in the checkbox to the left of the name of the weekday.
  7. If the scheduled time is the whole day, leave the All Day toggle switch enabled. If the schedule is for specific times during the day, disable the All Day toggle switch.
  8. If the All Day option is disabled, choose a Start Time.

The Start Time is composed of two fields, Hour and Minute. Think of setting the time for a digital clock in 24 hour mode. The Hour value can be an integer from 0 and 23. The Minute value can be from 0 to 59. 0 and 0 would be midnight at the start of the day and 23 and 59 would be one minute to midnight at the end of the day. The value can be entered by keyboard or by using the up and down arrows in the field to select the value.

  1. Choose a Stop Time.

Configuration is the same as Start Time.

  1. Press OK.

Because recurring schedules do not work with DENY policies, the strategy when designing a schedule should not be to determine when users cannot access a policy but to build the schedules around when it is possible to access the policy.

Example: Firewall Schedule – Recurring

The Company wants to allow the use of Facebook by employees, but only during none business hours and the lunch break.

  • The business hours are 9:00 p.m. to 6:00 p.m. l The Lunch break is 12:00 p.m. to 1:00 p.m.
  • The plan is to create a schedule to cover the morning business hours and the afternoon business hours and block access to the Facebook web site during that time.

Configuration in the GUI

  1. Go to Policy & Objects > Objects > Schedule.
  2. Select Create New > Schedule.
  3. Fill out the fields with the following information:
Type Recurring
Name Morning_Business_Hours
Days Monday, Tuesday, Wednesday, Thursday, Friday
Start Time Hour = 9, Minute = 0
Stop Time Hour = 12, Minute = 0
  1. Select OK.
  2. Create a second new schedule.
Type Recurring
Name Morning_Business_Hours
Days Monday, Tuesday, Wednesday, Thursday, Friday
Start Time Hour = 13, Minute = 0
Stop Time Hour = 18, Minute = 0
  1. Select OK.

To verify that the schedule was added correctly:

  1. Go to Policy & Objects > Objects > Schedule.
  2. Check that the schedule with the name you used has been added to the list of recurring schedules and that the listed settings are correct.

Configuration in the CLI

  1. Enter the following CLI command:

config firewall schedule recurring edit Morning_Business_Hours set day monday tuesday wednesday thursday friday set start 09:00 set end 12:00

end

  1. Enter the following CLI command:

config firewall schedule recurring edit Afternoon_Business_Hours set day monday tuesday wednesday thursday friday set start 13:00 set end 18:00

end

To verify that the schedule was added correctly:

  1. Enter the following CLI command:

config firewall schedule recurring

edit <the name of the schedule you wish to verify> show full-configuration

 

Schedule

This entry was posted in FortiGate, FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.