Hi, I'm working with a new client who has Fortigate, and have not done much work with them in the past. They've got a very active security department and frequently need IPs added to their block list on 15+ firewalls. I decided that I should try to script something to make that less painful, so I looked up the appropriate commands and created a script that prints out the appropriate CLI input. When I run this in the script execution area of the GUI, however, it just says "Some or All Commands Failed to Execute" without giving me any additional info Here's what I'm running as a test (note, these commands work when I paste directly into CLI)
config firewall address
edit Block_1.2.3.4
set type ipmask
set subnet 1.2.3.4/32
set visibility disable
set comment "Added on 05/28/21 per INC012345"
set associated-interface wan1
next
end
I've tried it without the "next" and "end" lines as well, as I saw them in other examples, but weren't sure if they were necessary Is there something I'm missing here? How do I see what Fortigate is complaining about? Cheers,
-J
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
May I know firmware version you are using?
When testing on my device, there is no error.
Thanks
Hello
Please refer to the document to run script on Firewall to create address object
A
IMHO the correct way to handle this (a common list of addresses, to be distributed to multiple fortigates, updated frequently) is to
set up a web server where the list is placed (in form of a simple text file, one address per line)
create an external connector on each 'receiving' fortigate
The connector pulls in the list at fixed time intervals to keep it's local addresses up to date.
For a recipe, you may start here:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.