Useful script example on Fortimanager

Forum|Forum|10 years ago
October 27, 2015
1 reply
23001 views

hi all,

I'm reading this:

http://docs-legacy.fortinet.com/fmgr/50hlp/52/5-2-0/index.html?context=fmg&topic=script_samples&single=true#page/FMG_520_Online_Help/1300_Scripts.14.21.html#ww1866757

is there anyone that can share any useful trick about real-life script in production?

I'm interested in how I can get more from this feature.

Thanks

jason_yancey

New Member

This is a question I have been pursuing for some time and have found very little. Here is one resource I did find with some practical use cases (it may be a little dated): http://www.fortihelp.com/search/label/TCL

The above resource and the examples in the admin guide are quite helpful with regard to scripting changes directly on FortiGate units. However, performing changes directly against your FortiGates will bring your FortiManager device database and policy packages out of sync. You are then forced to re-import / synchronize policy packages.

It seems like the answer to this is to use the exec_ondb procedure (mentioned in the admin guide) to make changes directly to the device database and policy packages on the FortiManager. Once that central policy is changed you could then push it out to all your FortiGate devices. But the admin guide has no practical examples of this. At this moment I am stuck on the syntactical differences between the exec and exec_ondb commands. If I ever get past this issue I may post about it.

But I agree with your original sentiment: this looks like an incredibly powerful tool if I just knew how to use it properly.

oliverlagAuthor

New Member

Thanks!

JohnAgora

New Member

Depends a lot on your network.

For instance I've found useful scripts that add a static route, modify the access options, or modify a VPN on thousands of devices.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded