Looking for a way to automate large scale changes to rules (specifically interfaces)

TPLindley · ‎02-12-2018

I am brand new to FortiGate and the 600D, but have extensive programming experience. I am wondering if there is a way to get current rule information from a 600D, modify those rules and then upload a new version. Or, could do the whole thing online, but either way looking for a programmatic interface in the 600D. Any help/pointers would be really appreciated.

Thanks.

Elthon_Abreu · ‎02-26-2018

Hi, You can export a backup, get the rules with a python script, modify whatever you need then import again. Cheers

Elthon Abreu FCNSA v5

anelis · ‎03-12-2018

Another option, if you have a recent FortiGate is to use the built-in REST API.

Go into System -> Administrators and set up a REST API admin account.

With this you should be able to perform any modification and change you wish. I haven't used it yet so I have no experience with it but googling I got this script https://github.com/DavidChayla/FortigateApi that could give you an overview on how to interact via Python.

If you only need a oneshot option then, the backup, change, restore is the way to go

I wouldn't recommend doing things via a scriptable SSH client

emnoc · ‎03-12-2018

Another option would be fortimanager and btw nothing is wrong with a scriptable-sshclient. In your case you probably want to test what ever changes your are expecting if it a move/add/change/deletion

Ken

PCNSE

NSE

StrongSwan

Looking for a way to automate large scale changes to rules (specifically interfaces)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website