I have a FGT 90D and a 60D, both with FortiOS 5.0.12.
The "set daily-restart enable" works just fine, but I think a weekly reboot would be more appropriate.
Is there any way to achieve that in FortiOS?
Thanks
EDIT: Solution found on my last post... thanks!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
Thanks everyone for your suggestions!
After a lot of trials and errors I was able to make an expect script that reboots the FortiGates of my company on a weekly schedule.
For some reason I couldn't understand, trying to use an expect script to send the command "execute reboot" worked if I manually ran the script, but not inside a cron task. So after a lot of thought I realized that I could run two expect scripts: one that sends "set daily-restart enable" one hour before the chosen time and another script that sends "set daily-restart disable" one hour after the reboot.
It's not pretty, but it works.
These are the scripts:
fgt-enable-restart.exp
#!/usr/bin/expect -f
spawn ssh admin@xxx.xxx.xxx.xxx
expect "admin@xxx.xxx.xxx.xxx's password: "
send "password\r"
expect "FGT12345 # "
send "config system global\r"
expect "FGT12345 (global) # "
send "set daily-restart enable\r"
expect "FGT12345 (global) # "
send "set restart-time 06:00\r"
expect "FGT12345 (global) # "
send "end\r"
expect "FGT12345 # "
send "exit\r"
fgt-disable-restart.exp
#!/usr/bin/expect -f
spawn ssh admin@xxx.xxx.xxx.xxx
expect "admin@xxx.xxx.xxx.xxx's password: "
send "password\r"
expect "FGT12345 # "
send "config system global\r"
expect "FGT12345 (global) # "
send "set daily-restart disable\r"
expect "FGT12345 (global) # "
send "end\r"
expect "FGT12345 # "
send "exit\r"
Thanks!
PS: I guess I should say that I'm using a Linux machine for that, Ubuntu 14.04 LTS x86_64.
I think it depends on the environment but I had some issues with expect in the past with other types of routers, missing the first character of the line. I would suggest you expect only distinctive last part of the line like emnoc showed.
This option is configurable from the CLI as shown in the example below: config system global set daily-restart enable set restart-time 05:06 end
[ul]FGT # The system will reboot due to scheduled daily restart. Current time is 05:06
Waking up a sleeping thread.
Does this work if the firewall you want to reboot is part of an HA pair? I'd like to reboot the primary every night and want to be sure my secondary will not respect the 'daily-restart' when configs are sync'd:
config system global set daily-restart enable set restart-time 05:06 end
That's a good question. Please let the rest of us know how it worked.
No, this setting will be synchronized to both units, so both units will reboot at the same time. Just did that last night on a pair of 600Ds. Uptime is identical to the minute.
Updated Answer!
Yes, this can easily be done. Daily, weekly and monthly.
Check this KB article:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Programming-a-daily-restart-reboot/ta-p/19...
In the script is it only "exec reboot" or is there a new line under with a "yes" also?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.