New Member

Solved

[SOLVED] How to schedule a weekly (not daily) reboot?

Forum|Forum|10 years ago
September 2, 2015
7 replies
59083 views

I have a FGT 90D and a 60D, both with FortiOS 5.0.12.

The "set daily-restart enable" works just fine, but I think a weekly reboot would be more appropriate.

Is there any way to achieve that in FortiOS?

Thanks

EDIT: Solution found on my last post... thanks!

Best answer by vjoshi_FTNT

Hello,

At least on the Fortigate, NO.

However, you may get some help from some scripts to do this task.

vjoshi_FTNTAnswer

Staff

Hello,

At least on the Fortigate, NO.

However, you may get some help from some scripts to do this task.

vgattiAuthor

New Member

vjoshi wrote:
At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.

Thanks for your quick reply!

By saying "scripts", would it be like a CRON task?

vjoshi_FTNT

Staff

Yes. You are right.

ede_pfau

SuperUser

More like 'expect' via ssh. 'cron' is only the scheduler.

But this type of "API" is clumsy. Please report back when you've got it working.

vgattiAuthor

New Member

ede_pfau wrote:
More like 'expect' via ssh. 'cron' is only the scheduler.
But this type of "API" is clumsy. Please report back when you've got it working.

emnoc wrote:
A simple expect script on unix or windows execute via cron job should work.

I think I'm almost there... but not quite.

My "expect" script is like this now:

#!/usr/bin/expect -f
spawn ssh admin@192.168.XXX.XXX
expect "admin@192.168.XXX.XXX's password: "
send "PASSWORD\r"
expect "FGTXXXXXX # "
send "execute reboot\r"
expect "This operation will reboot the system !"
expect "Do you want to continue? (y/n)"
send "y\r"

But the FGT is not rebooting... am I missing something?

This is the output:

root@linuxserver:# ./test.sh
spawn ssh admin@192.168.XXX.XXX
admin@192.168.XXX.XXX's password:
FGTXXXXXX # execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)root@linuxserver:#

Thanks

emnoc

New Member

A simple expect script on unix or windows execute via cron job should work.

Ken

emnoc

New Member

[size="5"]

[/size]

expect "This operation will reboot the system !"

Drop the above line and re-test with the debug option -d

e.g

expect -d myscript.exp

vgattiAuthor

New Member

emnoc wrote:
Drop the above line and re-test with the debug option -d e.g expect -d myscript.exp

It works if I run the "expect" script from the shell, but if I set it to run in the CRON of my Linux machine, it shows that the script runs, but the FGT does not reboot...

Any ideas why?

Thanks!

PS: My Linux machine is a Ubuntu 14.04 server x86_64

emnoc

New Member

Assuming the host has the trust access and is the same host that you have tested from the cli

1: maybe you temp-bl-action ( failed logins )

2: bad credential

3: bad ssh-key checks ( we disables ours due to ssh-key-changes can cause issues after a FortiOS upgrade )

BTW; here's what we use ( NOTE: all of our FIREWALL have SOC in the name & we run multi-vdom regardless if it's one or more vdoms )

YMMV

#!/usr/bin/expect -f

# # kfelix @ socpuppets dot com team-leader architect engineer SOCPUPPETS

# #g=`date +%F%T` # # Set variables for expect

# set host [lindex $argv 0] set user admin set passw ********** # set date $g # # ssh runs on non-port 22 on fortigate firewalls

# spawn ssh -p 2022 -o ConnectionAttempts=3 -o ConnectTimeout=60 -o StrictHostKeyChecking=no $user\@$host # # expect "assword:" send "$passw\n" expect "SOC" # send " config global\n" expect "(global)" # send "execute reboot\n" expect "(y/n)" # send "y\n" expect "onnect"

#

We use a default user for the reboot and feed a list that read in for the hosts. Works like magic, & have been using something similar for backups and manual updates. Just tweak it for whatever you want.

The same script can be adjust for non-fortigate firewalll ( Juniper, pfsense, Huawei, ASA,etc.....)

YMMV and enjoy ;)

edit toadd: ensure the user that the cron is running as can read/permission of the file ( I've been caught on that one many many many times )

vgattiAuthor

New Member

Thanks everyone for your suggestions!

After a lot of trials and errors I was able to make an expect script that reboots the FortiGates of my company on a weekly schedule.

For some reason I couldn't understand, trying to use an expect script to send the command "execute reboot" worked if I manually ran the script, but not inside a cron task. So after a lot of thought I realized that I could run two expect scripts: one that sends "set daily-restart enable" one hour before the chosen time and another script that sends "set daily-restart disable" one hour after the reboot.

It's not pretty, but it works.

These are the scripts:

fgt-enable-restart.exp

#!/usr/bin/expect -f

spawn ssh admin@xxx.xxx.xxx.xxx
expect "admin@xxx.xxx.xxx.xxx's password: "
send "password\r"
expect "FGT12345 # "
send "config system global\r"
expect "FGT12345 (global) # "
send "set daily-restart enable\r"
expect "FGT12345 (global) # "
send "set restart-time 06:00\r"
expect "FGT12345 (global) # "
send "end\r"
expect "FGT12345 # "
send "exit\r"

fgt-disable-restart.exp

#!/usr/bin/expect -f

spawn ssh admin@xxx.xxx.xxx.xxx
expect "admin@xxx.xxx.xxx.xxx's password: "
send "password\r"
expect "FGT12345 # "
send "config system global\r"
expect "FGT12345 (global) # "
send "set daily-restart disable\r"
expect "FGT12345 (global) # "
send "end\r"
expect "FGT12345 # "
send "exit\r"

Thanks!

PS: I guess I should say that I'm using a Linux machine for that, Ubuntu 14.04 LTS x86_64.

Toshi_Esumi

SuperUser

I think it depends on the environment but I had some issues with expect in the past with other types of routers, missing the first character of the line. I would suggest you expect only distinctive last part of the line like emnoc showed.