|
Starting from FortiManager 7.2.0, firewall objects are now able to be used as metadata variables.
The firewall objects are:
- Addresses.
- Virtual IPs.
- IP Pools.
From the GUI, this can be identified when it shows a '$' (sign in magnifying glass) symbol, and when hovering near (this field supports variable) it will display:
The firewall address will be used as an example:
- Create a new address object by:
Policy & Objects -> Firewall Objects -> Addresses and select 'Create New'.
-
Put a dollar ($) sign in the field, it will show the metadata variable's value or create a new value.
-
New metadata variable values can be created by selecting '+' sign:
Or go to: Policy & Objects -> Advanced (Tools -> Display Options -> Check All -> OK) -> Metadata Variables.
-
In Metadata Variables, it is necessary to put value in Default Value or it will throw an error when creating the address.
error: firewall/address/addtest1/ : invalid subnet ip and mask
For example:
The address created is 192.168.2.0 with four octets as a variable, the default Value needs to have the same four octets (0.0.0.0), whereas the backend uses the default value as a syntax checking.
This is also applicable if using one/two/three octets as a variable.
The subnet mask format for the address can either use /24 or full octet (255.255.255.0).
-
To use different address values from each device, it is necessary to enable per-device mapping in the Metadata Variables.
When installed, it will use the per-device mapping value and not the Default Value:
Related documents:
Technical Tip: New Meta Variables and their usage including Jinja scripting
Docs: Jinja Filters and Functions
Docs: Introduction to Jinja
Docs: Jinja2 template sample scripts
Docs: Create Jinja templates and a CLI template group
Docs: FortiManager meta variables in Jinja
Docs: Preview Jinja script on device or device group
Docs: Perform installation to apply Jinja template configurations to branches
|
