- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
5.4.1 - Removing object colors en masse
Hi,
So, we just upgraded our FortiManager from 5.2.6 to 5.4.1. Most of our FortiGates are currently running 5.0.x, and the FMG is the first step to a global migration to 5.4. In 5.0 and 5.2, we were heavy users of object colors to denote different object types in our firewalls. 5.4 has put that in complete chaos. Forti[Gate]OS 5.4 has different colors versus 5.0/5.2, and for some even more bizzare reason, FortiManager 5.4.1's object color assignments are different that what shows up in FortiGate FortiOS 5.4.1. I really don't know what they were thinking.
Anyways, we now have a 5.0 ADOM with tens of thousands of firewall address objects of varying colors. Since Fortinet teams can't decide between themselves what color pallet to use, I want to just remove the "set color" line en masse from the objects so all of our objects are the standard default color. What is the best way to accomplish this? Is it possible to script on the FortiManager? Can I get an example script?
- Labels:
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can use CLI script like this:
config firewall address
edit "address_name"
unset color
next
edit "another_address
unset color
next
...
end
Probably the easiest way to obtain a list of objects in an ADOM is to use "execute fmpolicy print-adom-object" command (use question marks to complete syntax with ADOM ID and object ID). Then you can use some Python or any other scripting language to generate correct syntax from the list of objects.
Best Regards,
Lukasz Korbasiewicz
Fortinet EMEA TAC Level 2
Fortinet NSE7 Certified
To reach support on call:
http://www.fortinet.com/support/contact_support.html
Helpful links:
Lukasz Korbasiewicz,
Fortinet TAC Support
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, but how would I apply that to the object database in the FortiManager?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the different color issue on FMG side and we will fix this for FMG 5.4.2
for run script, please go to System Settings - Admin - Admin Settings, enable "Show Scripts", then go to "Device Manager", you will see a new tab on top "Scripts" and go to script page, you can create a CLI script, for device db, or remote device, or package db so if you want to modify address config on FMG db, you choose package db, and then copy the address CLI config into script, save script, then in script list page, you will see your newly created script, right click, you can then run script on package/ADOM db to modify the addresses
Thanks
Simon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Simon,
That allows me to run on the objects in a policy package, but not the global object database within the FMG in whole.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, Aaron, for policy object, run script need to select a package but script actually run for that ADOM db, not just for policy package used objects
Thanks
Simon