Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Looking for a way to automate large scale changes to rules (specifically interfaces)

I am brand new to FortiGate and the 600D, but have extensive programming experience. I am wondering if there is a way to get current rule information from a 600D, modify those rules and then upload a new version. Or, could do the whole thing online, but either way looking for a programmatic interface in the 600D. Any help/pointers would be really appreciated.




Hi, You can export a backup, get the rules with a python script, modify whatever you need then import again. Cheers

Elthon Abreu FCNSA v5

Elthon Abreu FCNSA v5

Another option, if you have a recent FortiGate is to use the built-in REST API.


Go into System -> Administrators and set up a REST API admin account.


With this you should be able to perform any modification and change you wish. I haven't used it yet so I have no experience with it but googling I got this script that could give you an overview on how to interact via Python.



If you only need a oneshot option then, the backup, change, restore is the way to go


I wouldn't recommend doing things via a scriptable SSH client

Esteemed Contributor III

Another option would be   fortimanager and btw  nothing is wrong with a scriptable-sshclient. In your case you probably want to  test what ever changes your  are expecting if it a move/add/change/deletion






PCNSE NSE StrongSwan

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors