Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vgatti
New Contributor

[SOLVED] How to schedule a weekly (not daily) reboot?

I have a FGT 90D and a 60D, both with FortiOS 5.0.12.

The "set daily-restart enable" works just fine, but I think a weekly reboot would be more appropriate.

Is there any way to achieve that in FortiOS?

 

Thanks

 

EDIT: Solution found on my last post... thanks!

1 Solution
vjoshi_FTNT
Staff
Staff

Hello,

 

At least on the Fortigate, NO.

 

However, you may get some help from some scripts to do this task.

View solution in original post

15 REPLIES 15
vgatti
New Contributor

Thanks everyone for your suggestions!

After a lot of trials and errors I was able to make an expect script that reboots the FortiGates of my company on a weekly schedule.

 

For some reason I couldn't understand, trying to use an expect script to send the command "execute reboot" worked if I manually ran the script, but not inside a cron task. So after a lot of thought I realized that I could run two expect scripts: one that sends "set daily-restart enable" one hour before the chosen time and another script that sends "set daily-restart disable" one hour after the reboot.

 

It's not pretty, but it works.

These are the scripts:

 

fgt-enable-restart.exp

#!/usr/bin/expect -f

spawn ssh admin@xxx.xxx.xxx.xxx
expect "admin@xxx.xxx.xxx.xxx's password: "
send "password\r"
expect "FGT12345 # "
send "config system global\r"
expect "FGT12345 (global) # "
send "set daily-restart enable\r"
expect "FGT12345 (global) # "
send "set restart-time 06:00\r"
expect "FGT12345 (global) # "
send "end\r"
expect "FGT12345 # "
send "exit\r"

 

fgt-disable-restart.exp

#!/usr/bin/expect -f

spawn ssh admin@xxx.xxx.xxx.xxx
expect "admin@xxx.xxx.xxx.xxx's password: "
send "password\r"
expect "FGT12345 # "
send "config system global\r"
expect "FGT12345 (global) # "
send "set daily-restart disable\r"
expect "FGT12345 (global) # "
send "end\r"
expect "FGT12345 # "
send "exit\r"

 

Thanks!

 

PS: I guess I should say that I'm using a Linux machine for that, Ubuntu 14.04 LTS x86_64.

Toshi_Esumi
Esteemed Contributor II

I think it depends on the environment but I had some issues with expect in the past with other types of routers, missing the first character of the line. I would suggest you expect only distinctive last part of the line like emnoc showed.

goolias

This option is configurable from the CLI as shown in the example below: config system global set daily-restart enable set restart-time 05:06 end

[ul]
  • Once the restart time is reached, the following message is displayed on the CLI console:[/ul]

    FGT # The system will reboot due to scheduled daily restart. Current time is 05:06

  • sub_net

    Waking up a sleeping thread.  

     

    Does this work if the firewall you want to reboot is part of an HA pair?  I'd like to reboot the primary every night and want to be sure my secondary will not respect the 'daily-restart' when configs are sync'd:

     

    config system global set daily-restart enable set restart-time 05:06 end

    Toshi_Esumi
    Esteemed Contributor II

    That's a good question. Please let the rest of us know how it worked.

    ede_pfau
    Esteemed Contributor III

    No, this setting will be synchronized to both units, so both units will reboot at the same time. Just did that last night on a pair of 600Ds. Uptime is identical to the minute.


    Ede

    "Kernel panic: Aiee, killing interrupt handler!"