Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LourensL
New Contributor II

Created on ‎04-24-2024 12:57 AM

Import MAC address list into address group

I need some help with importing bulk Mac Addresses to either the Addresses under Policy&Objects/Addresses using a csv file. I have created a group where I would like the address to be imported to. It's a Fortigate 200FFortigate.png

Labels:
1241
0 Kudos
2 Solutions
ozkanaltas
Valued Contributor III
In response to LourensL

Created on ‎04-29-2024 03:43 AM

Hi @LourensL ,

 

I tried again. I didn't get any errors in my environment. 

 

image.png

 

My bat file and group.txt looks like that. 

 

image.png

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1108
LourensL
New Contributor II

Created on ‎04-29-2024 04:56 AM

@ozkanaltas Working 100% Thank you.

 

View solution in original post

1085
0 Kudos
8 REPLIES 8
ozkanaltas
Valued Contributor III

Created on ‎04-24-2024 01:20 AM Edited on ‎04-24-2024 01:42 AM

Hello @LourensL ,

 

You can use CLI for bulk import. For example ;

 

 

 

config firewall address
    edit "aa:bb:cc:dd:ee"
        set type mac
        set macaddr aa:bb:cc:dd:ee
    next
    edit "aa:bb:cc:dd:ef"
        set type mac
        set macaddr aa:bb:cc:dd:ef
    next
end

 

 

 

You can resume like this. 

 

Or I have a bat file for this kind of job. You can use it if you want. 

 

 

 

@echo off

 echo config firewall address
 for /f " eol=# tokens=1-3 delims=,"  %%i in (mac.txt) do CALL :oneaddr %%i %%j
 echo end
 goto :EOF
 
 :oneaddr
 echo edit %1  
 echo set type mac
 echo set set macaddr %2
 echo next

 

 

 

mac.txt should be like this. The first column is the object name second is the mac address of the device. 

 

 

device_name,aa:bb:cc:dd:ee
device_name,aa:bb:cc:dd:ff

 

 

 

You can run this bat file like this, mac_bulk.bat >> output.txt. You need to put both files in same folder(mac.txt,mac_bulk.bat)

 

 

For groups, you can use this bat. 

 

@echo off
  
  echo config firewall addrgrp
 for /f " eol=# tokens=1-3 delims=,"  %%i in (group.txt) do CALL :oneaddr %%i %%j
 echo end
 goto :EOF
 
 
 :oneaddr

 echo edit %1
 echo append member %2
 echo next

 

group.txt should be like this. 

 

group_name,object_name
group_name,object_name
If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1226
0 Kudos
LourensL
New Contributor II

Created on ‎04-24-2024 01:40 AM

Thank you @ozkanaltas ,

Sorry for the ignorance. How do I get the files onto the device?

1215
0 Kudos
ozkanaltas
Valued Contributor III
In response to LourensL

Created on ‎04-24-2024 01:43 AM Edited on ‎04-24-2024 01:43 AM

Hello @LourensL ,

 

You can just paste output to CLI.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1209
LourensL
New Contributor II

Created on ‎04-29-2024 03:23 AM

Hi @ozkanaltas 

 

When trying to run the script for adding the Mac Adressess to the group I get this error

 

for /f " eol=# tokens=1-3 delims=," %%i in (group.txt) do CALL :oneaddr %%i %%j
%%i was unexpected at this time.

1115
0 Kudos
ozkanaltas
Valued Contributor III
In response to LourensL

Created on ‎04-29-2024 03:43 AM

Hi @LourensL ,

 

I tried again. I didn't get any errors in my environment. 

 

image.png

 

My bat file and group.txt looks like that. 

 

image.png

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1109
LourensL
New Contributor II

Created on ‎04-29-2024 04:56 AM

@ozkanaltas Working 100% Thank you.

 

1086
0 Kudos
LourensL
New Contributor II

Created on ‎04-29-2024 05:02 AM

@ozkanaltas Next Question.

How do I import Mac Addresses in Ip Address Assignment rules?

 

 

Assignment Rule.png

1080
0 Kudos
ozkanaltas
Valued Contributor III
In response to LourensL

Created on ‎04-29-2024 05:20 AM

Hi @LourensL ,

 

Normally i don't have a script for that. But I changed my address group script for that. I think it will works. 

 

You need to change "edit <YOUR_DHCP_ID>" area with your DHCP id. 

@echo off
  
  echo config system dhcp server
  echo edit <YOUR_DHCP_ID>
  echo config reserved-address

 for /f " eol=# tokens=1-3 delims=,"  %%i in (mac.txt) do CALL :oneaddr %%i %%j
 echo end
 goto :EOF
 
 
 :oneaddr

echo edit 0
echo set type mac
echo set mac %1
echo set action block
echo next

 

Your mac address txt (mac.txt) should be like this. 

 

aa:bb:cc:dd:ee:ff
bb:cc:dd:ee:ff:gg

image.png

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
1070
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.