Technical Tip: Fetch interface details of a managed FortiGate using FortiManager TCL Script

Follow the initial steps from this article on how to enable and run TCL scripts in FortiManager:

Technical Tip: How to use TCL script...existing route

1. Go to Device Manager -> Scripts, select type TCL Script, and select 'Create new'.
2. Create the following TCL script:

proc do_cmd {cmd} {
return [split [exec "$cmd\n" "# "] \n]
}
#
set intf ""

array set typeintf {} ;# Initialize the type array
set vdom_enabled ""
#
#
# Execute command to get system status
set status [exec "get system status\n" "# " 15]
#
# Check if VDOM is disabled
if {[regexp {Virtual domain configuration: disable} $status]} {
set vdom_enabled false
} else {
set vdom_enabled true
}
#
# Enter Global if vdom enabled
if {$vdom_enabled} {
do_cmd "config global"
}
#
# Loop through each line of the command output
foreach line [split [exec "show system interface\n" "# "] \n] {
#
if {[regexp {edit[ ]+"(\w+)"} $line match intf]} {
# Capture the interface name
set intf $intf
continue
} elseif {[regexp {set[ ]+(type)[ ]+(.*)} $line match key value]} {
# Capture the type for the interface
lappend typeintf($intf) "$key $value"
}
}
#
# Configure system interface
do_cmd "config system interface\n"
#
# Iterate over each interface
foreach intf [array names typeintf] {
# Execute command and get output
set input [exec "get $intf\n" "# "]
set linelist [split $input \n]
#
# Initialize variables
set name ""
set vdom ""
set mode ""
set ip ""
set type ""
#
# Process each line in the output
foreach line2 $linelist {
# Match and extract 'name'
if {[regexp {^name\s+:(.*)} $line2 dummy name]} {
set name $name
#
# Match and extract 'vdom'
} elseif {[regexp {^vdom\s+:(.*)} $line2 dummy vdom]} {
set vdom $vdom
#
# Match and extract 'mode'
} elseif {[regexp {^mode\s+:(.*)} $line2 dummy mode]} {
set mode $mode
#
# Match and extract 'ip'
} elseif {[regexp {^ip\s+:(.*)} $line2 dummy ip]} {
set ip $ip
#
# Match and extract 'type'
} elseif {[regexp {^type\s+:(.*)} $line2 dummy type]} {
set type $type
}
}
#
# Output or process the collected data as needed
puts "Interface: $intf"
puts " -- VDOM: $vdom"
puts " -- Mode: $mode"
puts " -- IP: $ip"
puts " -- Type: $type"
}
# Exit system interface
do_cmd "end"
#
# Exit Global if vdom enabled
if {$vdom_enabled} {
do_cmd "end"
}

3. After the script runs successfully, select View Details:

    

   

    

4. Select the execution history icon for each FortiGate:

5. This shows the details of FortiGate interfaces including IP addresses:

Note:

This script only fetches the interface name, VDOM, mode, type and IP address. This can be modified to fetch any other detail of the interfaces or details depending on any condition.

Related documents:

• Tcl scripts
• Technical Tip: How to troubleshoot TCL Scripts failed in FortiManager
• Technical Tip: How to fetch FortiAP and FortiSwitch Serials using TCL Script in FortiManager
• Technical Tip: How to fetch MAC address of all physical interfaces of FortiGates using a FortiManage...