Import MAC address list into address group

LourensL · ‎04-24-2024

I need some help with importing bulk Mac Addresses to either the Addresses under Policy&Objects/Addresses using a csv file. I have created a group where I would like the address to be imported to. It's a Fortigate 200F

ozkanaltas · ‎04-29-2024

Hi @LourensL ,

I tried again. I didn't get any errors in my environment.

My bat file and group.txt looks like that.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

LourensL · ‎04-29-2024

@ozkanaltas Working 100% Thank you.

View solution in original post

ozkanaltas · ‎04-24-2024

Hello @LourensL ,

You can use CLI for bulk import. For example ;

config firewall address
    edit "aa:bb:cc:dd:ee"
        set type mac
        set macaddr aa:bb:cc:dd:ee
    next
    edit "aa:bb:cc:dd:ef"
        set type mac
        set macaddr aa:bb:cc:dd:ef
    next
end

You can resume like this.

Or I have a bat file for this kind of job. You can use it if you want.

@echo off

 echo config firewall address
 for /f " eol=# tokens=1-3 delims=,"  %%i in (mac.txt) do CALL :oneaddr %%i %%j
 echo end
 goto :EOF
 
 :oneaddr
 echo edit %1  
 echo set type mac
 echo set set macaddr %2
 echo next

mac.txt should be like this. The first column is the object name second is the mac address of the device.

device_name,aa:bb:cc:dd:ee
device_name,aa:bb:cc:dd:ff

You can run this bat file like this, mac_bulk.bat >> output.txt. You need to put both files in same folder(mac.txt,mac_bulk.bat)

For groups, you can use this bat.

@echo off
  
  echo config firewall addrgrp
 for /f " eol=# tokens=1-3 delims=,"  %%i in (group.txt) do CALL :oneaddr %%i %%j
 echo end
 goto :EOF
 
 
 :oneaddr

 echo edit %1
 echo append member %2
 echo next

group.txt should be like this.

group_name,object_name
group_name,object_name

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

LourensL · ‎04-24-2024

Thank you @ozkanaltas ,

Sorry for the ignorance. How do I get the files onto the device?

ozkanaltas · ‎04-24-2024

Hello @LourensL ,

You can just paste output to CLI.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

LourensL · ‎04-29-2024

Hi @ozkanaltas

When trying to run the script for adding the Mac Adressess to the group I get this error

for /f " eol=# tokens=1-3 delims=," %%i in (group.txt) do CALL :oneaddr %%i %%j
%%i was unexpected at this time.

ozkanaltas · ‎04-29-2024

Hi @LourensL ,

I tried again. I didn't get any errors in my environment.

My bat file and group.txt looks like that.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

LourensL · ‎04-29-2024

@ozkanaltas Working 100% Thank you.

LourensL · ‎04-29-2024

@ozkanaltas Next Question.

How do I import Mac Addresses in Ip Address Assignment rules?

ozkanaltas · ‎04-29-2024

Hi @LourensL ,

Normally i don't have a script for that. But I changed my address group script for that. I think it will works.

You need to change "edit <YOUR_DHCP_ID>" area with your DHCP id.

@echo off
  
  echo config system dhcp server
  echo edit <YOUR_DHCP_ID>
  echo config reserved-address

 for /f " eol=# tokens=1-3 delims=,"  %%i in (mac.txt) do CALL :oneaddr %%i %%j
 echo end
 goto :EOF
 
 
 :oneaddr

echo edit 0
echo set type mac
echo set mac %1
echo set action block
echo next

Your mac address txt (mac.txt) should be like this.

aa:bb:cc:dd:ee:ff
bb:cc:dd:ee:ff:gg

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW