Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

RyanEdwards_FTNT

FortiManager TCL Scripting

Fortimanager TCL Scripting

Has anyone engaged in scripting using TCL to enhance or automate firewall policy creation for multiple devices in an enterprise?

The problem is this:

When creating a firewall policy using a script, you have to enter "Edit #" of the policy to add.  When scripting, it would be nice to add a new policy # incremented from a variable set via the last policy ID in the given array.   Not being a TCL guru, I have found it difficult to write such script.  Anyoen ran into this and/or written said script or know th syntax for such?

1 Solution
jpforcioli_FTNT

I guess the "edit 0" trick doesn't work for you?

With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.

You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...

But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.

Best Regards.

Jean-Pierre FORCIOLI

View solution in original post

1 REPLY 1
jpforcioli_FTNT

I guess the "edit 0" trick doesn't work for you?

With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.

You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...

But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.

Best Regards.

Jean-Pierre FORCIOLI