Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TPLindley
New Contributor

Looking for a way to automate large scale changes to rules (specifically interfaces)

I am brand new to FortiGate and the 600D, but have extensive programming experience. I am wondering if there is a way to get current rule information from a 600D, modify those rules and then upload a new version. Or, could do the whole thing online, but either way looking for a programmatic interface in the 600D. Any help/pointers would be really appreciated.

 

Thanks.

3 REPLIES 3
Elthon_Abreu
Contributor

Hi, You can export a backup, get the rules with a python script, modify whatever you need then import again. Cheers

Elthon Abreu FCNSA v5

Elthon Abreu FCNSA v5
anelis

Another option, if you have a recent FortiGate is to use the built-in REST API.

 

Go into System -> Administrators and set up a REST API admin account.

 

With this you should be able to perform any modification and change you wish. I haven't used it yet so I have no experience with it but googling I got this script https://github.com/DavidChayla/FortigateApi that could give you an overview on how to interact via Python.

 

 

If you only need a oneshot option then, the backup, change, restore is the way to go

 

I wouldn't recommend doing things via a scriptable SSH client

emnoc
Esteemed Contributor III

Another option would be   fortimanager and btw  nothing is wrong with a scriptable-sshclient. In your case you probably want to  test what ever changes your  are expecting if it a move/add/change/deletion

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Top Kudoed Authors