After using FortiManager in backup mode for a few years, I am now working on configuring an ADOM in managed mode pushing full baseline configurations with CLI provisioning templates leveraging meta field variables.
So far on a new Fortigate, my CLI Template creates 4 VLAN interfaces under the fortilink interface, IP's them, pulls interface "internal5" from the internal virtual switch, and configures it as a standalone interface. The script works fine on the first run, but as I add more CLI Templates to the CLI Template Group and run it, I get an error more or less stating that "internal5" isn't in the internal virtual switch.
My question is, are these CLI Templates supposed to stay assigned to a device or should they be removed from the device after the initial provisioning? If they're supposed to stay assigned to the device, how do you handle/skip errors for work that was already done in previous runs of the script?
Denny
I've been struggle with the same thing for last a few month with v6.4.5 and encountered many issues. But v6.4.6 was released yesterday fixing at least one Meta Field related problem. So I'll upgrade it today to test them again.
Based on my short experience, my understanding is that CLI templates are supposed to be attached to device config DB all the time, while the Scripts serve one-time needs. However, some things you can't leave in CLI templates attached to devices.
- anything removing, like removing interfaces from a hard-switch, because when it's run second time the object is not there any more and generates an error and stop. Use a script.
- anything adding, like adding entry with "edit 0". Because the second time, it's already there and generates an error and stop. Use "edit 1" "edit 2" ... instead or purge all first then add.
- any other things that would cause an error if it was run multiple times.
As I said, I'm still learning myself so I want to know what others need to say about this.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1846 | |
1130 | |
769 | |
447 | |
260 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.