| Description |
This article explains how to create a script to configure dynamic objects in FortiManager. Configuring dynamic objects through the GUI can be time-consuming, especially when dealing with a large number of mappings. By using FortiManager’s CLI syntax and CLI scripts, it is possible to reduce configuration time and streamline the process. |
| Scope | FortiManager. |
| Solution |
FortiManager uses a specific syntax for dynamic objects.
In the FortiManager CLI, use the command below to show how a firewall object is configured.
execute fmpolicy print-adom-object <adom_id> <firewall_obj_id> <obj_name>
This is an example of how a firewall address object with dynamic mapping applied is configured:
config firewall address edit "LAN" set subnet 10.0.0.0 255.255.255.0 config dynamic_mapping edit "<FGT1_name_on_FMG>"-"<vdom>" set subnet 10.1.0.0 255.255.255.0 next edit "<FGT2_name_on_FMG>"-"<vdom>" set subnet 10.2.0.0 255.255.255.0 next end next end
Following the same pattern, a CLI script can be created to configure entry massively.
Example:
config firewall address edit "LAN" set subnet 10.0.0.0 255.255.255.0 edit "FortiGate_1"-"root" set subnet 10.1.0.0 255.255.255.0 next set subnet 10.2.0.0 255.255.255.0 next set subnet 10.3.0.0 255.255.255.0 next edit "FortiGate_4"-"root" set subnet 10.4.0.0 255.255.255.0 next end next end This CLI script must be run on the Policy Package or ADOM Database.
When prompted to select a policy package during script execution, any policy package can be chosen. The script operates at the ADOM database level, and the selected policy package does not affect the outcome.
This is the result of the CLI script:
|
