Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dan
Contributor

Fortigate stitch question (CLI chaining with delays)

Fortigate 40F, 6.4.11

 

Question:

In a automation stich with CLI action, can I add a delay between CLI commands?

"sleep <seconds>" does not work. I think this is only available in FortiSwitchOS, but not in FortiOS.

I could do this:
exec ping-options interval 10

exec ping-options repeat-count 1

exec ping 8.8.8.8

 

.. but this seems to be crude..

 

 

Another way would be to split the CLI commands in several actions, whereas every CLI action does have a delay configurable.

However, I have a email action at the end, with %%results%% in the email body. That only gives me the result of the very latest CLI action. I need the output of all the CLI commands.

 

Is there a workaround or another solution?

 

Dan

 

 

Current setup (that obviously does not work):

 

config system automation-trigger
  edit "My UDP Session Clear" 
   set trigger-type scheduled
   set trigger-hour 3
   set trigger-minute 17
 next
end
config system automation-action
  edit "My UDP Session Clear_email" 
   set action-type email
   set email-to "my-email@somewhere.com"
   set email-subject "My UDP Session Clear"
   set message "%%log%%

   %%results%%"
  next
end

 

config system automation-action
  edit "list sessions" 
   set action-type cli-script
   set required enable
   set script "diag sys session filter clear
diag sys session filter dport 30470
diag sys session list

exec ping-options interval 10                <--- Next 3 lines for 10 seconds delay

exec ping-options repeat-count 1

exec ping 8.8.8.8

diag sys session clear

 

exec ping-options interval 10                <--- Next 3 lines for 60 seconds delay

exec ping-options repeat-count 6

exec ping 8.8.8.8

                                                
diag sys session list"
   set accprofile "super_admin"
  next
end

 

config system automation-stitch
  edit "My UDP Session Clear" 
   set trigger "My UDP Session Clear" 
   set action "list sessions" "My UDP Session Clear_email" 
  next
end

 

3 REPLIES 3
Jean-Philippe_P
Moderator
Moderator

Hello dan!

 

Thanks for posting on the Fortinet Community Forum.

 

First thing, did you try to update the version of your FortiGate? It can resolve lots of issues!

 

Second thing, I found this documentation:

 

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/137181/chaining-and-delaying-actions

 

Can you please tell me if it helps or if you need more assistance?

 

Kindest regards,

Jean-Philippe - Fortinet Community Team
dan

Hello Jean-Philippe,

I am staying with my "solution" above. 

I know about the chaining and delaying. I mentioned to split the script into several actions. That is exactly what the link you geve is describing. 

The problem with that is that %%results%% will only contain the result of the very last action. 

 

Anyway, my script above is not a beauty, but it works.

Dan

 

Markus_M
Staff
Staff

Hi Dan,

 

someone might respond better, but I also use the ping to add an artificial delay in the "config system auto-script" section in absence of a "wait" or "sleep" command.

The stitch might do better, but generally try with "show full" to see the configurable options or the question mark '?' to see the available options.

 

Best regards,

 

Markus