Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

RyanEdwards_FTNT
Staff
Staff

Created on ‎09-30-2015 04:57 AM

FortiManager TCL Scripting

Fortimanager TCL Scripting

Has anyone engaged in scripting using TCL to enhance or automate firewall policy creation for multiple devices in an enterprise?

The problem is this:

When creating a firewall policy using a script, you have to enter "Edit #" of the policy to add.  When scripting, it would be nice to add a new policy # incremented from a variable set via the last policy ID in the given array.   Not being a TCL guru, I have found it difficult to write such script.  Anyoen ran into this and/or written said script or know th syntax for such?

Labels:
419
0 Kudos
1 Solution
jpforcioli_FTNT
Staff
Staff

Created on ‎09-30-2015 08:55 PM

I guess the "edit 0" trick doesn't work for you?

With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.

You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...

But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.

Best Regards.

Jean-Pierre FORCIOLI

View solution in original post

416
0 Kudos
1 REPLY 1
jpforcioli_FTNT
Staff
Staff

Created on ‎09-30-2015 08:55 PM

I guess the "edit 0" trick doesn't work for you?

With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.

You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...

But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.

Best Regards.

Jean-Pierre FORCIOLI
417
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.