Technical Tip: Creation and addition of bulk IP address objects

Quint021 · ‎01-03-2023

Description

This article describes how to create bulk IP address objects and add them through scripting.

Scope

FortiGate.

Solution

Essentially, it is necessary to have a list of either IP addresses or subnets.

For this example, the following will be used:

95.10.48.0/24
96.120.36.0/24
97.239.248.0/24
97.239.255.0/24
98.150.140.0/24
99.238.140.0/24
100.233.116.0/24
101.242.192.0/24
102.46.176.0/24

Before doing this, make sure that there are no duplicate entries use Excel to remove them):

2024-03-25 11 33 04.jpg

The red color means it's a duplicate value.
Edit this so it is in the proper format to simply script via FortiGate GUI or paste it into the CLI.
To do this, use Notepad++ or any text editor capable of doing text searches using regular expressions.
With the IP address listed in a new file in Notepad++, bring up the 'Replace' window (Ctrl+H)
For Search Mode, select the Regular Expression option:

In the Find What: field, enter the following:

“(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(/\d{2})” < no quotes >

The problem with the above is that the regular expression only works on the IP address. If there is a list of FQDNs, that regular expression will not work. To address this, kindly use the expression to work with both the IP address and FQDNs.

“(.*)\.([\w_-]+(?:\.[\w_-]+)+)([\w.,@?^=%&:/~+#-]*)?” < no quotes >

In the Replace with: field enter:

"edit NameIP-$1.$2.$3.$4\nset subnet $1.$2.$3.$4$5\nnext\n" < no quotes >

- Select 'Find Next' to ensure it finds a subnet then select 'Replace' to verify it makes the change wanted.

Note.

Select all the contents of the text file before selecting 'Replace All'. (Ctrl+a).

Select 'Replace All':

edit NameIP-95.10.48.0
set subnet 95.10.48.0/24
next

edit NameIP-96.120.36.0
set subnet 96.120.36.0/24
next

edit NameIP-97.239.248.0
set subnet 97.239.248.0/24
next

edit NameIP-98.239.255.0
set subnet 98.239.255.0/24
next

edit NameIP-99.150.140.0
set subnet 99.150.140.0/24
next

edit NameIP-100.238.140.0
set subnet 100.238.140.0/24
next

edit NameIP-101.233.116.0
set subnet 101.233.116.0/24
next

edit NameIP-102.242.192.0
set subnet 102.242.192.0/24
next

At the top of this add the: 'config firewall address'.
At the bottom add the: 'end'.

Note:

If the device is operating in VDOM mode, it will be necessary to enter that specific VDOM by adding the following commands to the top of the textfile:

config vdom
edit <name_vdom>

To add these addresses to the FortiGate:

Method 1: Copy the contents of the text file and directly paste it into CLI on FortiGate.

Method 2: Upload via CLI script.

To run a script using the GUI:

Select the username and select Configuration -> Scripts.
Select 'Run Script'.
Select the text file containing the script on the management computer, then select 'OK'.

The script runs immediately, and the Script Execution History table is updated:

Configuration scripts