FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Quint021
Staff
Staff
Article Id 241823
Description This article describes how to create bulk IP address objects and add them through scripting.
Scope FortiGate.
Solution

Essentially, it is necessary to have a list of either IP addresses or subnets.

 

For this example, the following will be used:

 

95.10.48.0/24
96.120.36.0/24
97.239.248.0/24
97.239.255.0/24
98.150.140.0/24
99.238.140.0/24
100.233.116.0/24
101.242.192.0/24
102.46.176.0/24

 

- Edit this so it is in the proper format to simply script via FortiGate GUI or paste it into the CLI.

- To do this, use Notepad++ or any text editor capable of doing text searches using regular expressions.

- So with the IP address listed in a new file in Notepad++, bring up the 'Replace' window (Ctrl+H).

- For Search Mode, select the Regular Expression option:

In the Find What: field, enter the following:

 

 “(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(/\d{2})” < no quotes >

   

In the Replace with: field enter:

 

 "edit NameIP-$1.$2.$3.$4\nset subnet $1.$2.$3.$4$5\nnext\n" < no quotes >   

       

- Select 'Find Next' to ensure it finds a subnet then select 'Replace' to verify it makes the change wanted.

Note.

Select all the contents of the text file before selecting 'Replace All'. (Ctrl+a).

 

- Select 'Replace All':


edit NameIP-95.10.48.0
    set subnet 95.10.48.0/24
next

 

edit NameIP-96.120.36.0
    set subnet 96.120.36.0/24
next

 

edit NameIP-97.239.248.0
    set subnet 97.239.248.0/24
next

 

edit NameIP-98.239.255.0
    set subnet 98.239.255.0/24
next

 

edit NameIP-99.150.140.0
    set subnet 99.150.140.0/24
next

 

edit NameIP-100.238.140.0
    set subnet 100.238.140.0/24
next

 

edit NameIP-101.233.116.0
    set subnet 101.233.116.0/24
next

 

edit NameIP-102.242.192.0
    set subnet 102.242.192.0/24
next

- At the top of this add the: 'config firewall address'.

- At the bottom add the: 'end'.

Note.

If the device is operating in VDOM mode, it will be necessary to enter that specific VDOM by adding the following commands to the top of the textfile:

 

# config vdom
    edit <name_vdom>

To add these addresses to the FortiGate:

 

Method 1: Copy the contents of the text file and directly paste it into CLI on FortiGate.

Method 2: Upload via CLI script.

 

To run a script using the GUI:

- Select the username and select Configuration- > Scripts.

- Select 'Run Script'.

- Select the text file containing the script on the management computer, then select 'OK'.

 

The script runs immediately, and the Script Execution History table is updated:

https://docs.fortinet.com/document/fortigate/6.2.12/cookbook/780930/configuration-scripts