Skip to main content
DirtyBlueshirt
DirtyBlueshirt
New Member
July 19, 2016
Question

5.4.1 - Removing object colors en masse

  • July 19, 2016
  • 1 reply
  • 9223 views

Hi,

 

So, we just upgraded our FortiManager from 5.2.6 to 5.4.1. Most of our FortiGates are currently running 5.0.x, and the FMG is the first step to a global migration to 5.4. In 5.0 and 5.2, we were heavy users of object colors to denote different object types in our firewalls. 5.4 has put that in complete chaos. Forti[Gate]OS 5.4 has different colors versus 5.0/5.2, and for some even more bizzare reason, FortiManager 5.4.1's object color assignments are different that what shows up in FortiGate FortiOS 5.4.1. I really don't know what they were thinking.

 

Anyways, we now have a 5.0 ADOM with tens of thousands of firewall address objects of varying colors. Since Fortinet teams can't decide between themselves what color pallet to use, I want to just remove the "set color" line en masse from the objects so all of our objects are the standard default color. What is the best way to accomplish this? Is it possible to script on the FortiManager? Can I get an example script?

1 reply

lkorbasiewicz_FTNT
Staff
lkorbasiewicz_FTNT
Staff
July 20, 2016

Hi,

 

You can use CLI script like this:

 

config firewall address

edit "address_name"

unset color

next

edit "another_address

unset color

next

...

end

 

Probably the easiest way to obtain a list of objects in an ADOM is to use "execute fmpolicy print-adom-object" command (use question marks to complete syntax with ADOM ID and object ID). Then you can use some Python or any other scripting language to generate correct syntax from the list of objects.

 

Best Regards,

Lukasz Korbasiewicz

Fortinet EMEA TAC Level 2

Fortinet NSE7 Certified

To reach support on call:

http://www.fortinet.com/support/contact_support.html

 

Helpful links:

http://kb.fortinet.com

http://video.fortinet.com

http://docs.fortinet.com

DirtyBlueshirt
DirtyBlueshirtAuthor
New Member
July 20, 2016

Yes, but how would I apply that to the object database in the FortiManager?

scao_FTNT
Staff
scao_FTNT
Staff
July 20, 2016

Sorry for the different color issue on FMG side and we will fix this for FMG 5.4.2

 

for run script, please go to System Settings - Admin - Admin Settings, enable "Show Scripts", then go to "Device Manager", you will see a new tab on top "Scripts" and go to script page, you can create a CLI script, for device db, or remote device, or package db   so if you want to modify address config on FMG db, you choose package db, and then copy the address CLI config into script, save script, then in script list page, you will see your newly created script, right click, you can then run script on package/ADOM db to modify the addresses

 

Thanks

 

Simon

Terms & ConditionsAccessibility statement