- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[SOLVED] How to schedule a weekly (not daily) reboot?
I have a FGT 90D and a 60D, both with FortiOS 5.0.12.
The "set daily-restart enable" works just fine, but I think a weekly reboot would be more appropriate.
Is there any way to achieve that in FortiOS?
Thanks
EDIT: Solution found on my last post... thanks!
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vjoshi wrote:Thanks for your quick reply!At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
By saying "scripts", would it be like a CRON task?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes. You are right.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
More like 'expect' via ssh. 'cron' is only the scheduler.
But this type of "API" is clumsy. Please report back when you've got it working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ede_pfau wrote:More like 'expect' via ssh. 'cron' is only the scheduler.
But this type of "API" is clumsy. Please report back when you've got it working.
emnoc wrote:A simple expect script on unix or windows execute via cron job should work.
I think I'm almost there... but not quite.
My "expect" script is like this now:
#!/usr/bin/expect -f
spawn ssh admin@192.168.XXX.XXX
expect "admin@192.168.XXX.XXX's password: "
send "PASSWORD\r"
expect "FGTXXXXXX # "
send "execute reboot\r"
expect "This operation will reboot the system !"
expect "Do you want to continue? (y/n)"
send "y\r"
But the FGT is not rebooting... am I missing something?
This is the output:
root@linuxserver:# ./test.sh
spawn ssh admin@192.168.XXX.XXX
admin@192.168.XXX.XXX's password:
FGTXXXXXX # execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)root@linuxserver:#
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A simple expect script on unix or windows execute via cron job should work.
Ken
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[size="5"]
[/size]expect "This operation will reboot the system !"
Drop the above line and re-test with the debug option -d
e.g
expect -d myscript.exp
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
emnoc wrote:Drop the above line and re-test with the debug option -d e.g expect -d myscript.exp
It works if I run the "expect" script from the shell, but if I set it to run in the CRON of my Linux machine, it shows that the script runs, but the FGT does not reboot...
Any ideas why?
Thanks!
PS: My Linux machine is a Ubuntu 14.04 server x86_64
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Assuming the host has the trust access and is the same host that you have tested from the cli
1: maybe you temp-bl-action ( failed logins )
2: bad credential
3: bad ssh-key checks ( we disables ours due to ssh-key-changes can cause issues after a FortiOS upgrade )
BTW; here's what we use ( NOTE: all of our FIREWALL have SOC in the name & we run multi-vdom regardless if it's one or more vdoms )
YMMV
#!/usr/bin/expect -f
# # kfelix @ socpuppets dot com team-leader architect engineer SOCPUPPETS
# #g=`date +%F%T` # # Set variables for expect
# set host [lindex $argv 0] set user admin set passw ********** # set date $g # # ssh runs on non-port 22 on fortigate firewalls
# spawn ssh -p 2022 -o ConnectionAttempts=3 -o ConnectTimeout=60 -o StrictHostKeyChecking=no $user\@$host # # expect "assword:" send "$passw\n" expect "SOC" # send " config global\n" expect "(global)" # send "execute reboot\n" expect "(y/n)" # send "y\n" expect "onnect"
#
We use a default user for the reboot and feed a list that read in for the hosts. Works like magic, & have been using something similar for backups and manual updates. Just tweak it for whatever you want.
The same script can be adjust for non-fortigate firewalll ( Juniper, pfsense, Huawei, ASA,etc.....)
YMMV and enjoy ;)
edit toadd: ensure the user that the cron is running as can read/permission of the file ( I've been caught on that one many many many times )
PCNSE
NSE
StrongSwan