So the situation I'm in is, we have an existing set of servers (VMs) in Azure that are being updated to the newest versions of SQL and the core software they use for an application. Apparently the recommended way to do this is not to just upgrade the existing VMs to the new versions (thus keeping the existing IP) but to build brand new VMs on the new software then migrate the data over. Obviously this means these new servers have new IP addresses, but they each need all the same firewall permissions that their older counterpart currently has while they run simultaneously and are tested. Then once everything looks good, they will decommission the old VMs and I would remove them from the rules leaving only the new ones in their place.
I was trying to find some way other than manually searching by each old IP for all the rules it exists in, and manually adding the new IP to that rule.
I wondered if there was some script or batch file that would allow me to, for instance, tell it to add <new object> to <list of rules> as either a source or destination and it add them all at once. Or even better, if there was a way with some kind of script to tell it basically "every rule you see <old IP/object>, add <new IP/object> to the rule as well."
As you can see, this takes a bit of effort, so I wouldn't bother if the number of policies to update is low.
A slightly easier, though a bit more primitive approach could be a bulk edit in a good enough text editor.
1, Create the new address object as usual
2, Back up the config and edit the backup file
3, Do a bulk-replace of all instances of:
I would recommend doing this with manual confirmations for each occurence, since this will likely have some false positive matches. (the object being mentioned in non-relevant places that should not be touched, such as its own definition)
3, Restore the configuration (reboot needed) Alternative-3, Yank just the "config firewall policy" section of the modified backup (+any other section you modified), and copy-paste it over the existing config in CLI/SSH. Assuming it contains only the relevant modifications, it will update the relevant policies and leave the others untouched.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.