Skip to main content
Ydaew
Ydaew
New Member
June 27, 2019
Solved

Generating Fortigate policies

  • June 27, 2019
  • 1 reply
  • 11478 views

Hello everyone,

I'm looking for a script to generate policy text file (CLI fromat) from CSV file.

 

Thanks

    Best answer by Ydaew

    Thank you so much guys, Actually a lot of firewalls to work on and configure, this is why i'm trying to minimize the work by automate it using some scripts. So far things are OK for static route and network objects (for sure some needs to be tuned manually but at least we can minimize the time). 

    One more thing, all firewalls are going to be built from scratch, so excel will be good choice to arrange things. 

     

     

     

    1 reply

    Grave_Rose
    Grave_Rose
    New Member
    June 27, 2019

    Hey Ydaew,

     

    I don't have anything handy myself but I would assume something along these lines could work.

     

    Do not use this code! It's just an example.

    #!/bin/bash

     

    # Your input file will be the first variable

    IF=$1

    # Your output file will be the second variable

    OF=$2

     

    # Start the loop

    while IFS=, read -r col1 col2 col3 ... # Add as many columns as you need

    # Create a firewall policy number to increment as we go

    policy_num=1

    do

       # Create your commands like this

       echo "config firewall policy" >> $2

       echo "edit $policy_num" >> $2

       echo "set srcint $col1" >> $2

       echo "set dstint $col2" >> $2

       # ...

       # Continue to build your policy this way

       echo "next" >> $2

       echo "end" >> $2

       echo "" >> $2

       policy_num=$((policy_num+1))

    done < $1

    # EOF

     

    Hope this helps,

     

    Sean (Gr@ve_Rose)

    rwpatterson
    rwpatterson
    New Member
    June 27, 2019

    One drawback to this approach: All predefined Fortigate items NEED TO MATCH EXACTLY. Case sensitive, special characters... Everything.

     

    Interfaces

    Firewall Objects & groups

    Services

    Traffic Shapers...

     

    Also the order is important. All the above needs to exist before policy creation is started. Unless you have hundreds of policies to input, I would take the time and put them in by hand. Using the CLI, you'll get feedback immediately if something was wrong. For the most part the GUI won't let you add anything that won't work.

     

    My two cents.

    Ydaew
    YdaewAuthorAnswer
    New Member
    June 27, 2019

    Thank you so much guys, Actually a lot of firewalls to work on and configure, this is why i'm trying to minimize the work by automate it using some scripts. So far things are OK for static route and network objects (for sure some needs to be tuned manually but at least we can minimize the time). 

    One more thing, all firewalls are going to be built from scratch, so excel will be good choice to arrange things. 

     

     

     

    Terms & ConditionsAccessibility statement