Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Aabir007
New Contributor

Adding bulk IP address in firewall

Fortigate 401E with version 6.4.4 I have to create a bulk amount of objects on the firewall using any script or we can do it in a single go? Please suggest. Ex- I have a list of 5000 IP address. So I want to add the same in the firewall without entering it manually as because huge time will be required.
6 REPLIES 6
Heaven_Knows
New Contributor III

Aabir007 wrote:
Fortigate 401E with version 6.4.4 I have to create a bulk amount of objects on the firewall using any script or we can do it in a single go? Please suggest. Ex- I have a list of 5000 IP address. So I want to add the same in the firewall without entering it manually as because huge time will be required.
the best way to do this is to use fortigate rest api  if you are a programmer .

You can use the telnet script to do this, but it's not stable.

you also can do this by edit the config file manually in "config firewall address" section

 

 

ede_pfau
Esteemed Contributor III

been there, done that...

 

Some time ago I have developed a python script to exactly this task. It will not only create the address objects, but also address groups and super-groups to accommodate the group limits.

You can download it here: https://www.beneicke-edv.de/support/tools/#ext_blacklists

and use or adopt it to your needs freely.

 

The only requirement is that you have python installed. I might even make it an executable for convenience.

And no, there is no Youtube flic about this showing you how to run it  :)


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
AdiMizil
New Contributor III

When I migrated a pFSense to Fortigate  I created the objects in excel, copy /past in notepad++ and then ran the the script using Fortigate 

 

config firewall addressedit P2P_radioset comment "P2P_radio_to_2nd_location"set subnet 172.16.11.0 255.255.255.248set color 17end

https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/780930/configuration-scripts

 

Ede has a more elegant option. :) 

 

ede_pfau
Esteemed Contributor III

thanks, AdiMizil! I started with a simple DOS batch but then I ran into trouble with address group size...

I've added a Windows executable now, so Python is no longer needed. HTH.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
INFRAZN

hello ede_pfau,,

can you please elaborate on this solution.

i also have bulk addresses to be added.

 

pavankr5
Staff
Staff

Please check this article on Creation and addition of bulk IP address objects.  

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creation-and-addition-of-bulk-IP-address-o...

hope it helps let us know if you have any queries.

 

Thanks,

Pavan

Top Kudoed Authors