I can upload script through System > Advanced and then it is automatically executed in forti OS 5.6.2
how can i perform the same (upload and run script) through CLI command.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes
Look at this thread on a just few of many ways you can run scripts at the cmd
[link]https://forum.fortinet.com/tm.aspx?m=107230[/link]
PCNSE
NSE
StrongSwan
Thanks for your reply, emnoc.
Actually, I am looking for a CLI command to upload Script file on Fortigate 30 E and execute it.
I can achieve this in GUI mode (System > Advanced > "upload and run script"). But I didn’t find any option to perform the same action in CLI…
Interesting too. Have anyone an example? I've uploaded my scripts, but no place, no cmd that i can execute this.
Fortigate 60E v7.x (GA)
And here the solution: https://deepdoc.at/dokuwi..._ueber_ein_desktopicon
Fortigate 60E v7.x (GA)
There are a number of libraries that allow you to mimic commands that you would enter through SSH.
Attached is a python program that uses Paramiko (a library that lets you SSH to a host and execute commands). There are other libraries like "Expect" but "Paramiko" has come into favour with programmers and automators.
We use it extensively to automate tasks from a centralized location (e.g. crontabs, Jenkins etc).
Works well with Python 2.7 but can be upgraded to Python 3.x. Note: You will need to pip install the paramiko libraries for this to work.
The script does the following but you can have it do whatever you want. You could even use this script to upload a script to "config system auto-script" by sending the appropriate commands:
% ssh admin@192.168.1.99
fortigate # config vdom
fortigate (vdom) # edit DMZ
fortigate (DMZ) # config user local
fortigate (local) # edit bill
new entry 'bill' added
fortigate (bill) # set type radius
fortigate (bill) # set radius-server MFA
fortigate (bill) # next
fortigate (local) # edit ted
new entry 'ted' added
fortigate (ted) # set type radius
fortigate (ted) # set radius-server MFA
fortigate (ted) # next
fortigate (local) # end
fortigate # exit
Script:
#!/usr/bin/python2.7
# - Connect to a Fortigate using paramiko/SSH, connects into a specific VDOM, add two users from a list and exit
import paramiko
import time
sleepyTime = 0.5
receiveTime = 20000
fortigateHostname = '192.168.1.99'
fortigateUserName = 'admin'
fortigatePassword = 'XXXXXXXXXXXXX'
verbose = True
def doCommand(remote_conn,command):
remote_conn.send(command + "\n")
output = remote_conn.recv(receiveTime)
if verbose:
print(output)
time.sleep(sleepyTime)
def connectToVDOM(remote_conn):
try:
remote_conn = remote_conn.invoke_shell()
doCommand(remote_conn,"config vdom")
doCommand(remote_conn,"edit DMZ")
except KeyError as e:
print(e)
return(remote_conn)
def usersToAdd(userList, remote_conn):
try:
doCommand(remote_conn,"config user local")
for user in userList:
doCommand(remote_conn,"edit "+user)
doCommand(remote_conn,"set type radius")
doCommand(remote_conn,"set radius-server MFA")
doCommand(remote_conn,"next")
doCommand(remote_conn,"end")
except KeyError as e:
print(e)
def disconnectFromFG(remote_conn):
try:
doCommand(remote_conn,"exit")
except KeyError as e:
print(e)
# Connect to the Fortigate using using the paramiko and SSH
try:
remote_init_conn = paramiko.SSHClient()
remote_init_conn.set_missing_host_key_policy(paramiko.AutoAddPolicy())
remote_init_conn.connect(fortigateHostname, username=fortigateUserName, password=fortigatePassword, look_for_keys=False, allow_agent=False)
except (paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException) as ex:
print("[-] %s:%s - %s" % (fghost, fgport, ex))
except paramiko.ssh_exception.NoValidConnectionsError:
print("[-] %s:%s - %s" % (fghost, fgport, ex))
# User list to add
users = ["bill", "ted"]
# Connect to the VDOM
remote_conn = connectToVDOM(remote_init_conn)
# Add some local users
usersToAdd(users, remote_conn)
# Logout
disconnectFromFG(remote_conn)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.