Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
farhanahmed
Staff
Staff

Created on ‎05-01-2024 08:57 AM Edited on ‎05-24-2024 08:47 AM By Moderator

Article Id 312424

Technical Tip: How to fetch MAC address of all physical interfaces of FortiGates using a FortiManager TCL script

Description This article describes how to use a TCL script in FortiManager to fetch the MAC address of all physical interfaces of FortiGate(s).
Scope FortiManager, FortiGate.
Solution

Follow the initial steps from this article on how to enable and run TCL scripts in FortiManager:

Technical Tip: How to use TCL script...existing route

 

  1. Go to Device Manager -> Scripts, select type TCL Script, and select 'Create new'.

    Create the following TCL script:

#!
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# "]
}
#
# Execute command to get system status
#
set status [exec "get system status\n" "# " 15]
#
# Check if VDOM is disabled
#
if {[regexp {Virtual domain configuration: disable} $status]} {
set vdom_enabled false
} else {
set vdom_enabled true
}
#
# Enter Global if VDOM enabled
#
if {$vdom_enabled} {
do_cmd "config global"
}
#
# Getting the names of all interfaces
#
foreach line2 [split [exec "show system interface\n" "# "] \n] {
#
if {[regexp {edit[ ]+"(\w+)"} $line2 match2 intf2]} {
continue
#
# Checking if type of interface is physical, if yes, append it to array
#
} elseif {[regexp {set[ ]+(type)[ ]+(physical)} $line2 match2 key2 value2]} {
#
lappend mac_addr2($intf2) "$key2 $value2"
}
# elseif - closed
}
#
# array --> calls an array
# names --> names of the indices are used
# mac_addr --> name of array
#
# looping on each interface in the array and get nic info
#
foreach intf2 [array names mac_addr2] {
#
set input2 [exec "get hardware nic $intf2\n" "# " 15 ]
#
# Regular expression to get the MAC address
#
regexp {Permanent.*(([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})|([0-9a-fA-F]{4}\\.[0-9a-fA-F]{4}\\.[0-9a-fA-F]{4}))} $input2 match2 mac2
#
puts "Mac address of Interface $intf2 is $mac2"
}
#
# Exit configuration mode
#
if {$vdom_enabled} {
do_cmd "end"
}
# end

 

  1. After the script runs successfully, select View Details:

     

    1.png

     

  1. Select the execution history icon for each FortiGate:

 

2.png

 

  1. This shows the details of MAC addresses for all interfaces of the FortiGate:

3.png

 

Related documents:
248
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.