Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
syordanov
Staff
Staff

Created on ‎02-21-2025 05:26 AM

Article Id 378051

Technical Tip: Schedule disable/enable of FortiGate interfaces

Description This article describes how to schedule and disable/enable FortiGate interfaces.
Scope FortiOS v6.4, v7.0, v7.2, v7.4, v7.6.
Solution

Sometimes is needed to do a scheduled disable/enable the interface to reduce the unnecessary usage of specific interfaces.

The below steps show how to configure an auto-script which will disable port3 at 18:00 and will enable it back at 9:00.

 

Schedule the script to disable the port at 18:00 every day:


config system automation-trigger
    edit "Scheduled_int_disable"
        set description "disable the interface every day @ 18:00"
        set trigger-type scheduled
        set trigger-frequency daily
        set trigger-hour 18
        set trigger-minute 0
    next
end

 

Script which will disable the port3:

 

config system automation-action
    edit "Disable_interface_script"
        set description ''
        set action-type cli-script
        set minimum-interval 0
        set script "config system interface
            edit port3
                set status down
                end
        end
end

 

Automation stitch, configured to disable port3 at 18:00 every day :


config system automation-stitch
    edit "Disable_interface"
        set trigger "Scheduled_int_disable"
            config actions
                edit 1
                    set action "Disable_interface_script"
                    set required enable
                next
            end
    next
    end

end

 

Schedule the script to enable the port at 09:00 every day:

 

config system automation-trigger
    edit "Schedule_enable_interface"
        set description ''
        set trigger-type scheduled
        set trigger-frequency daily
        set trigger-hour 9
        set trigger-minute 0
    next

end

 

Script which will enable the port3:

 

config system automation-action
    edit "Enable_Interface_script"
        set action-type cli-script
        set script "config system interface
            edit port3
                set status up
        end"
    end"

end

 

Automation stitch configured to enable port3 at 09:00 :

 

config system automation-stitch
    edit "Enable_interface"
        set description "enable port3 @ 9:00"
        set trigger "Schedule_enable_interface"
            config actions
                edit 1
                     set action "Enable_Interface_script"
                     set required enable
                 next
            end
    next
end

 

Commands below can be used, to check the status of automation stitch :

 

diagnose test application autod 3
alert mail log count: 0

stitch: Disable_interface (scheduled)

local hit: 1 relayed to: 0 relayed from: 0
last trigger:Fri Feb 21 10:43:02 2025
last relay:
next scheduled trigger:Fri Feb 21 18:00:00 2025
actions:
Disable_interface_script:
done: 1 relayed to: 0 relayed from: 0
last trigger:Fri Feb 21 10:43:02 2025
last relay:


stitch: Enable_interface (scheduled)

local hit: 1 relayed to: 0 relayed from: 0
last trigger:Fri Feb 21 10:42:53 2025
last relay:
next scheduled trigger:Sat Feb 22 09:00:00 2025
actions:
Enable_Interface_script:
done: 1 relayed to: 0 relayed from: 0
last trigger:Fri Feb 21 10:42:53 2025
last relay:
542
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.