Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vgatti
New Contributor

[SOLVED] How to schedule a weekly (not daily) reboot?

I have a FGT 90D and a 60D, both with FortiOS 5.0.12.

The "set daily-restart enable" works just fine, but I think a weekly reboot would be more appropriate.

Is there any way to achieve that in FortiOS?

 

Thanks

 

EDIT: Solution found on my last post... thanks!

1 Solution
vjoshi_FTNT
Staff
Staff

Hello,

 

At least on the Fortigate, NO.

 

However, you may get some help from some scripts to do this task.

View solution in original post

15 REPLIES 15
vjoshi_FTNT
Staff
Staff

Hello,

 

At least on the Fortigate, NO.

 

However, you may get some help from some scripts to do this task.

vgatti

vjoshi wrote:

At least on the Fortigate, NO.

However, you may get some help from some scripts to do this task.

Thanks for your quick reply!

By saying "scripts", would it be like a CRON task?

vjoshi_FTNT
Staff
Staff

Yes. You are right.

ede_pfau
Esteemed Contributor III

More like 'expect' via ssh. 'cron' is only the scheduler.

But this type of "API" is clumsy. Please report back when you've got it working.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
vgatti

ede_pfau wrote:

More like 'expect' via ssh. 'cron' is only the scheduler.

But this type of "API" is clumsy. Please report back when you've got it working.

emnoc wrote:

A simple expect script on unix or windows execute via  cron job should work.

 

I think I'm almost there... but not quite.

My "expect" script is like this now:

#!/usr/bin/expect -f
spawn ssh admin@192.168.XXX.XXX
expect "admin@192.168.XXX.XXX's password: "
send "PASSWORD\r"
expect "FGTXXXXXX # "
send "execute reboot\r"
expect "This operation will reboot the system !"
expect "Do you want to continue? (y/n)"
send "y\r"

But the FGT is not rebooting... am I missing something?

This is the output:

root@linuxserver:# ./test.sh
spawn ssh admin@192.168.XXX.XXX
admin@192.168.XXX.XXX's password:
FGTXXXXXX # execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)root@linuxserver:#

 

Thanks

emnoc
Esteemed Contributor III

A simple expect script on unix or windows execute via  cron job should work.

 

Ken

PCNSE 

NSE 

StrongSwan  

emnoc
Esteemed Contributor III

[size="5"]

[/size]

expect "This operation will reboot the system !"





Drop the above line and re-test with the debug option -d

e.g

expect -d myscript.exp



PCNSE 

NSE 

StrongSwan  

vgatti
New Contributor

emnoc wrote:

Drop the above line and re-test with the debug option -d e.g expect -d myscript.exp

It works if I run the "expect" script from the shell, but if I set it to run in the CRON of my Linux machine, it shows that the script runs, but the FGT does not reboot...

Any ideas why?

Thanks!

 

PS: My Linux machine is a Ubuntu 14.04 server x86_64

emnoc
Esteemed Contributor III

Assuming the host has the trust access and is the same host that you have tested from the cli

 

1: maybe you temp-bl-action ( failed logins )

 

2: bad credential

 

3: bad ssh-key checks ( we disables ours due to ssh-key-changes can cause issues after a FortiOS upgrade )

 

BTW; here's what we use ( NOTE: all of our FIREWALL have SOC in the name  & we run multi-vdom regardless if it's one or more vdoms )

 

YMMV

 

 

#!/usr/bin/expect -f

# #  kfelix @ socpuppets  dot com team-leader architect engineer SOCPUPPETS

# #g=`date +%F%T` # # Set variables for expect

#  set host [lindex $argv 0]  set user admin  set passw ********** # set date $g # #  ssh runs on non-port 22 on fortigate firewalls

# spawn ssh -p 2022 -o ConnectionAttempts=3 -o ConnectTimeout=60 -o StrictHostKeyChecking=no $user\@$host # # expect "assword:" send "$passw\n" expect "SOC" # send " config global\n" expect "(global)" # send "execute reboot\n" expect "(y/n)" # send "y\n" expect "onnect"

#

 

 

We use a default user for the reboot and feed a list  that read in for the hosts. Works like magic, & have been using something similar for backups and manual updates. Just tweak it for whatever you want.

 

The same script can be adjust for non-fortigate firewalll  ( Juniper, pfsense, Huawei, ASA,etc.....)

 

YMMV and enjoy ;)

 

edit toadd: ensure the user  that the cron is running as can read/permission of the file ( I've been caught on that one many many many times )

PCNSE 

NSE 

StrongSwan