FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
This article describes how to use scripts with WorkFlow mode.

WorkFlow Summary.

Work Flow mode.

Workflow mode is used to control the creation, configuration, and installation of policies and objects.
It helps to ensure all changes are reviewed and approved before they are applied.
When workflow mode is enabled, the ADOM has to be locked and a session has to be started before policy, object, or unit changes can be made in an ADOM.

Work Flow mode Approval.

When a session is submitted for approval, email messages are sent to the approvers, who can then approve or reject the changes directly from the email message.
Sessions can also be approved or rejected by the approvers from within the ADOM itself.
This case example particularity (‘auto-approve’ method).
same user approves what he has modified and submitted himself.
The goal is to avoid as much as possible common mistakes and cosmetic errors forcing the user to check multiple time the same group of changes.

This article will not  explain how to configure the flow-mode

WorkFlow Procedure using Script.

WorkFlow mode using Script.


CLI (or TLC) script can be created to be run to:
- Unit database.
- Policy Package or ADOM Database.
- Remote FortiGate Directly (via CLI).

On this article workflow procedure, script runs on Policy Package or ADOM Database, thus only this type of script is taken into account on following slides.
In the next slide, there is a small difference in the workflow flowchart.

FlowChart Summary with WorkFlow mode using Script.

Related Articles

Techincal Tip: How to use WorkFlow mode with ‘auto-approve’ method

Technical Tip: Unable to import policy when enabling workflow mode

Technical Tip: How to rollback using WorkFlow mode with ‘auto-approve’ method