Bulk Rule Modifying

Forum|Forum|4 years ago
June 11, 2021
1 reply
4132 views

Hi everyone,

Looking for some advise. I recently imported from another vendor and in to Fortigate a bit over 1000 rules. The conversion disabled logging on all of the rules. I would like a simple way, maybe via a script in FortiManager, to update all 1000 rules in one shot. I would like to:

1. Enable "Log all sessions", along with enabling "Generate Logs when Session Starts"

2. Enable "Security Profiles" - "Use Standard Security profiles" - IPS Profile - "Monitor Mode" - Proxy Options "Default"

Any help would be appreciated, thank you!

Toshi_Esumi

SuperUser

It's just CLI config like

config firewall policy

edit n

set logtraffic all

set utm-status enable

set ips-sensor "sensor_name"

set av-profile "profile_name"

and so on...

end

For UTM, nothing is set by default so you have to name them. But I think you meant "Protocol Options", which is already set "default" by default. So you shouldn't touch it.

But in FMG script, there is no control flow statements available like "for-loop". So you still have to type 1000 of them (just copy one set to 1000 times and modify "edit n"). Then if you use a policy package, you have to apply it to ("Run against on") "Policy Package or ADOM". If not, to "Device Database".

If you want to use iteration, you have to use API, which someone else might be able to provide some ideas.

jkrbberAuthor

New Member

Thanks a lot for the response.

I was hoping there would be an easier way than to manually script up the editing of 1000 rules! If I went this route, then yes, I believe I can create the script in FortiManager, run against Policy Package or Adom, then head over to Policies and Objects tab, and run the script directly on the policy package.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded