Technical Tip: CLI Script behavior to run in FortiManager
Description
This article describes the functions of the CLI script on FortiManager and how to use them in each use case. There are three options to run a script on FortiManager, as per below:
- Device Database.
- Policy Package or ADOM Database.
- Remote FortiGate Directly (via CLI).
 
Scope
FortiManager.
Solution
- Device Database
- Create a script that runs on the Device Database.
 
- Run the script by selecting the Script -> Run Script -> Select a device to run a Script -> Run Now -> OK.
 
- Make sure the script is running without error.
- After running the script, the changes will reflected on the Device Database configuration. (The config status will show 'Modified'.)
- It will be necessary to install (Install Device Settings (only)) the changes to reflect on the FortiGate.
 
- Policy Package or ADOM Database:
- Create a script that runs on a Policy Package or the ADOM Database.
 
- Run the script by selecting the Script -> Run Script -> Select a policy package -> Run Now.
 
- Make sure the script running without error.
- After running the script, the changes will reflected on the Policy Package configuration. (The Policy Package Status will show 'Modified'.)
- Install (Install Policy Package & Device Settings) the changes to reflect on the FortiGate.
 
- Remote FortiGate Directly (via the CLI):
- Create a script that runs on the remote FortiGate Directly (via the CLI).
 
- Run the script by selecting the Script -> Run Script -> Select a policy package -> Run Now.
- Make sure the script running without error.
- Since the script is installed directly on the FortiGate it will automatically perform a Retrieve back to FortiManager, and the expected output on Config Status is "Synchronize" and the Policy Package will be 'Unknown'.
 
Note:
To get an output for the commands 'get' and 'show', use this option to run a script from FortiManager. Select the 'Lens' icon after successfully running the script to check on the output.
 
 
Related documents: