FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cpagare
Staff
Staff
Description The article describes the steps to import address objects and create groups using scripts.
Scope  
Solution

Configuration from GUI:

 

By using the bulk command option, the address objects can be imported to a group, the same can be done under Security Fabric -> Automation -> Create New -> CLI script.

 
Imported file should have a correct syntax when uploading.

When a script file is imported, the configuration should match the correct syntax, for example by importing a firewall address objects as below:

# config firewall address
    edit 1.1.1.1
        set subnet 1.1.1.1/32
    next
    edit 1.1.1.2
       set subnet 1.1.1.2/32
    next
end

# config firewall addrgrp
    edit test-grp
        set member 1.1.1.1 1.1.1.2
    next
end

 

Save the file with the extension .txt and import it under Security Fabric -> Automation -> Create New -> CLI script -> Upload -> Execute Script from and browse then select the file.

 

cpagare_0-1638277725366.png

 

 

Configuration from CLI:

 

# config system automation-trigger
    edit "test"
        set description "ip"
        set trigger-type event-based
        set event-type config-change
    next
end

 

# config system automation-action
    edit "test"
        set description ''
        set action-type cli-script
        set minimum-interval 0
        set script "config firewall address
    edit 46.99.175.217
        set subnet 46.99.175.217/32
    next
    edit 78.191.45.163
       set subnet 78.191.45.163/32
    next
    edit 217.79.184.243
        set subnet 217.79.184.243/32
    next
    edit 162.214.127.16
       set subnet 162.214.127.16/32
    next
end

 

# config firewall addrgrp
    edit Phishing Campaign- SAMA
        set member 46.99.175.217 78.191.45.163 162.214.127.16 217.79.184.243
    next
end"
        set execute-security-fabric disable
        set accprofile "super_admin"
    next
end

 

# config system automation-stitch
    edit "test"
        set description ''
        set status enable
        set trigger "test"
        # config actions
            edit 1
                set action "test"
                set delay 0
                set required disable
            next
        end
    next
end

 

Related Document:

https://docs.fortinet.com/document/fortigate/7.0.2/administration-guide/639044/cli-script-action

Contributors