Looking for a way to automate large scale changes to rules (specifically interfaces)

Forum|Forum|8 years ago
February 12, 2018
1 reply
5206 views

I am brand new to FortiGate and the 600D, but have extensive programming experience. I am wondering if there is a way to get current rule information from a 600D, modify those rules and then upload a new version. Or, could do the whole thing online, but either way looking for a programmatic interface in the 600D. Any help/pointers would be really appreciated.

Thanks.

Elthon_Abreu

New Member

Hi, You can export a backup, get the rules with a python script, modify whatever you need then import again. Cheers

anelis

New Member

Another option, if you have a recent FortiGate is to use the built-in REST API.

Go into System -> Administrators and set up a REST API admin account.

With this you should be able to perform any modification and change you wish. I haven't used it yet so I have no experience with it but googling I got this script https://github.com/DavidChayla/FortigateApi that could give you an overview on how to interact via Python.

If you only need a oneshot option then, the backup, change, restore is the way to go

I wouldn't recommend doing things via a scriptable SSH client

emnoc

New Member

Another option would be fortimanager and btw nothing is wrong with a scriptable-sshclient. In your case you probably want to test what ever changes your are expecting if it a move/add/change/deletion

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded