FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
kahelek_FTNT
Staff
Staff
Description
Scripting can be a used to populate Global policies into FortiManager.  The following document provides a very brief example on how this might be accomplished.

Scope





Solution
1.)  Populate the Scripting capability into the Gui, for the Global Policies.  This is done by navigating to the Policy and Objects Section and then navigating to the Global ADOM drop-down tab.  From there, select the Display Options and enabled the "Advanced" section. 
Kahele-KB_1.png
2.)  This will now reveal a "Script" section available in your Gui display, from which you can now populate scripting logic against various targets. 
Kahele-KB_2.PNG
3.)   From here, simply click on the Scripting place-holder, and click "Create new".   The Script detail should point to the Policy Package, ADOM Database.
Kahele-KB_3.png
4.)  Shown below is an example of 4 simple policies;  the script instruction(s) comprising two policies for the Header, and likewise for the footer section. 

config global header policy
    edit 1
        set srcintf "any"
        set dstintf "any"
        set srcaddr "gall"
        set dstaddr "gall"
        set action accept
        set schedule "galways"
        set service "gBGP"
        set logtraffic all
        set profile-protocol-options "gdefault"
    end
end <<<<<<<  Notice here, that you will need to separate your Header and Footer policy instructions by an "end" argument.
config global footer policy
    edit 2
        set srcintf "any"
        set dstintf "any"
        set srcaddr "gall"
        set dstaddr "gall"
        set action accept
        set schedule "galways"
        set service "gESP"
        set logtraffic all
        set profile-protocol-options "gdefault"
    next
end


5.)   After you've populated your script instruction, right click your Script and press "run".  You will be asked to run the script against a policy package. Upon commencing with the operation, you will see a message indicating that the Script is executing, and to view the Script Execution History log file for the result.

6.)  A successful script, with proper syntax, would be reflected by the appearance of rules visually identifiable in the display. 
Kahele-KB_5.PNG
7.)  From here, you would select the assignment tab to assign the Global Policy to an Adom.

Kahele-KB_6.PNG

8.)  After assigning the policy,  it would then be viewable as rules situated before (the Header rules), and after (the Footer rules) - any other rules in place and already attached to a Policy Package. In this example, the Policy Package(s) living in the root Adom.

Kahele-KB_7.png



Contributors