I have a FGT 90D and a 60D, both with FortiOS 5.0.12.
The "set daily-restart enable" works just fine, but I think a weekly reboot would be more appropriate.
Is there any way to achieve that in FortiOS?
Thanks
EDIT: Solution found on my last post... thanks!
Solved! Go to Solution.
Hello,
At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
Hello,
At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
vjoshi wrote:Thanks for your quick reply!At least on the Fortigate, NO.
However, you may get some help from some scripts to do this task.
By saying "scripts", would it be like a CRON task?
Yes. You are right.
More like 'expect' via ssh. 'cron' is only the scheduler.
But this type of "API" is clumsy. Please report back when you've got it working.
ede_pfau wrote:More like 'expect' via ssh. 'cron' is only the scheduler.
But this type of "API" is clumsy. Please report back when you've got it working.
emnoc wrote:A simple expect script on unix or windows execute via cron job should work.
I think I'm almost there... but not quite.
My "expect" script is like this now:
#!/usr/bin/expect -f
spawn ssh admin@192.168.XXX.XXX
expect "admin@192.168.XXX.XXX's password: "
send "PASSWORD\r"
expect "FGTXXXXXX # "
send "execute reboot\r"
expect "This operation will reboot the system !"
expect "Do you want to continue? (y/n)"
send "y\r"
But the FGT is not rebooting... am I missing something?
This is the output:
root@linuxserver:# ./test.sh
spawn ssh admin@192.168.XXX.XXX
admin@192.168.XXX.XXX's password:
FGTXXXXXX # execute reboot
This operation will reboot the system !
Do you want to continue? (y/n)root@linuxserver:#
Thanks
A simple expect script on unix or windows execute via cron job should work.
Ken
PCNSE
NSE
StrongSwan
[size="5"]
[/size]expect "This operation will reboot the system !"
PCNSE
NSE
StrongSwan
emnoc wrote:Drop the above line and re-test with the debug option -d e.g expect -d myscript.exp
It works if I run the "expect" script from the shell, but if I set it to run in the CRON of my Linux machine, it shows that the script runs, but the FGT does not reboot...
Any ideas why?
Thanks!
PS: My Linux machine is a Ubuntu 14.04 server x86_64
Assuming the host has the trust access and is the same host that you have tested from the cli
1: maybe you temp-bl-action ( failed logins )
2: bad credential
3: bad ssh-key checks ( we disables ours due to ssh-key-changes can cause issues after a FortiOS upgrade )
BTW; here's what we use ( NOTE: all of our FIREWALL have SOC in the name & we run multi-vdom regardless if it's one or more vdoms )
YMMV
#!/usr/bin/expect -f
# # kfelix @ socpuppets dot com team-leader architect engineer SOCPUPPETS
# #g=`date +%F%T` # # Set variables for expect
# set host [lindex $argv 0] set user admin set passw ********** # set date $g # # ssh runs on non-port 22 on fortigate firewalls
# spawn ssh -p 2022 -o ConnectionAttempts=3 -o ConnectTimeout=60 -o StrictHostKeyChecking=no $user\@$host # # expect "assword:" send "$passw\n" expect "SOC" # send " config global\n" expect "(global)" # send "execute reboot\n" expect "(y/n)" # send "y\n" expect "onnect"
#
We use a default user for the reboot and feed a list that read in for the hosts. Works like magic, & have been using something similar for backups and manual updates. Just tweak it for whatever you want.
The same script can be adjust for non-fortigate firewalll ( Juniper, pfsense, Huawei, ASA,etc.....)
YMMV and enjoy ;)
edit toadd: ensure the user that the cron is running as can read/permission of the file ( I've been caught on that one many many many times )
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.