FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
iyotov
Staff
Staff
Article Id 351475
Description

 

This article describes the process of exporting a device list from one FortiManager and editing the JSON file and Import Device List to be used in another FortiManager.

 

Scope

 

FortiManager v7.4.

 

Solution

 

  1. Enable the following option:
  • In CLI:

 

config system admin setting
    set show-device-import-export enable
end

  • In the GUI: Go to System Settings -> Settings. Under Display Options in the GUI, enable 'Show Device List Import/Export Buttons'.

 

iyotov_0-1729608845225.png

 

  1. Navigate to Device Manager -> Device & Groups -> Managed FortiGate -> Export Device List.

 

iyotov_1-1729608845240.png

 

  1. On the next prompt, select whether to download the device list of the current ADOM or all devices and all ADOMs. If all ADOMs are selected, the output file will also contain the ADOM list in JSON form, including the device-to-ADOM relationship.

 

iyotov_2-1729608845241.png

 

  1. The downloaded.dat file is a tarball archive, containing a 'data.json' file with the device details. This archive can be unpacked, and the '.json' file can be viewed and edited if necessary.
  • On Linux, use the tar commands to unpack the '.dat' file and view/edit the data.json inside, then repack the tar back the same way when done. For example:

 

tar  -xvzf  device_list.dat
data.json

chmod  700  data.json

nano  data.json

 

iyotov_3-1729608845245.png

 

When ready, save the file again as data.json. After, add the updated data.json back to the archive, overwriting the original:

 

tar -czvf  device_list.dat  data.json

 

  • On Windows, install and use the 7-zip file manager to browse the archive and inline edit the JSON file, then close the text editor and select the option to update the changes to the archive when prompted by 7-zip. Note that it may be necessary to associate '.json' with Notepad++ (or other text editors) in advance for the inline edit to work in 7-zip.

 

Open the '.dat' file with 7-zip File Manager:

 

iyotov_4-1729608845248.png

 

After, select the TAR file to open it:

 

iyotov_5-1729608845249.png

 

Select the data.json to temporarily open the file in the associated Windows editor (Notepad++ in this example).

 

iyotov_6-1729608845253.png

 

This way, the file is open from the temp folder:

 

iyotov_7-1729608845268.png

 

After completion, save the file and close the Notepad++ window. On the following message from 7-zip, select 'Yes':

 

iyotov_8-1729608845269.png

 

Close the 7-zip File Manager. On the next prompt, select 'Yes' again:

 

iyotov_9-1729608845270.png

 

The modified device list can be imported back to FortiManager:

 

iyotov_10-1729608845281.png

 

Note:

This feature currently does not work in FortiManager versions up to v7.2.8 when importing v7.0/v7.2 FortiGates with split VDOMs or a multi-VDOM setup.

 

Note:

An attempt to import a device list containing multiple ADOMs may fail with a 'No Permission' error when the workspace feature is enabled. The solution to this is to temporarily disable the workspace, import the devices, and then enable the workspace again.