FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
alih
Staff
Staff
Article Id 192514

Description


This article describes how to create the script and how to execute it automatically.

Solution


1) Configure the following CLI settings.

 

FMG # config system admin setting
(setting) set show_schedule_script enable
(setting) set show_automatic_script enable
(setting) set show_tcl_script enable
(setting) end

2) Navigate from Device manager -> scripts -> CLI/TCL script and select 'Create new'.

3) Create a TCL script as shown in the screenshot, using the following script text.

 

#!
set systemTime [clock seconds]
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
do_cmd "config vdom"
do_cmd "edit root"
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
puts "Backup_config: $systemTime config"
do_cmd "exe backup config ftp $systemTime  <FTP_IP>  guest '' "
}
do_cmd "end"



 
 
Run a different script to add the hostname and other information to the TCL script output.
#!
set systemTime [clock seconds]
proc get_sys_status aname {
upvar $aname a
puts [exec "#This is an example Tcl script to get the system status of the FortiGate\n" "# " 15 ]
set input [exec "get system status\n" "# " 15 ]
# puts $input
set linelist [split $input \n]
# puts $linelist
foreach line $linelist {
if {![regexp {([^:]+):(.*)} $line dummy key value]} continue
switch -regexp -- $key {
Version {
regexp {FortiGate-([^ ]+) ([^,]+),build([\d]+),.*} $value dummy a(platform) a(version) a(build)
}
Serial-Number {
set a(serial-number) [string trim $value]
}
Hostname {
set a(hostname) [string trim $value]
} }
}
}
get_sys_status status
puts "This machine is a $status(platform) platform."
puts "It is running version $status(version) of FortiOS."
puts "The firmware is build# $status(build)."
puts "S/N: $status(serial-number)"
puts "This machine is called $status(hostname)"
puts "Backup_config: $systemTime config"
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# " 15]
}
set num_config 1
for {set i 1} {$i <= $num_config} {incr i} {
set config [format "cfg%04d" $i]
puts "The time is: [clock format $systemTime -format %H:%M:%S]"
do_cmd "exe backup config ftp $status(hostname)$systemTime a.b.c.d admin password"
}
do_cmd "end"
This is the result of the script when running.

Starting log (Run on device).

- This is an example Tcl script to get the system status of the FortiGate.
Freebox-FortiGate-60~POE #
This machine is a 60E-POE platform.
It is running version v6.4.2 of FortiOS.
The firmware is build# 1723.
S/N: FG60EPTK1-----7
This machine is called Freebox-FortiGate-60E-POE
Backup_config: 1600764484 config
The time is: 1600764484
exe backup config ftp Freebox-FortiGate-60E-POE1600-----4 a.b.c.d admin password
Please wait...
4) Select the script name created, choose Schedule Script and choose the specific time to execute.
 
 

 
 
The below pic shows a successful TCL script execution.
 
 
 
 
The backup file created on the FTP server is visible.
 
 
 
Debug.

On FortiGate:

# Exe tac report
On FortiManager:

# Exe tac report
While running the script.
 
On FortiGate:

# diag debug cli 255
# diag de app fgfm 255
# diag de console tim en
# diag de en
On FortiManager:
# diagnose debug app depmanager 255
# diag de app fgfm 255 <device name>
# diag de tim en
# dia de en
Comments
JianWu
Staff
Staff

If you see the following error msg when running TCL script, that usually indicates password issue. Please refer to the article below for solution.

Script $NameoftheScript executed on $NameoftheDevice failed. Reason: Run script fail

https://community.fortinet.com/t5/FortiManager/Technical-Tip-How-to-troubleshoot-TCL-Scripts-failed-...

Contributors