Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dan
Contributor

Upload script via GUI, execute it via CLI.. is this possible?

There is a way to upload a script via GUI:

16-12-_2021_13-23-08.png

 

That script ends up here:

16-12-_2021_13-27-42.png

 

 

Is it possible to execute that script via the CLI?

 

 

Thanks

Dan

2 Solutions
Debbie_FTNT
Staff
Staff

Hey @dan ,

 

are you looking to schedule the script, or just execute it?

If scheduling, then you will need to do the 'config system auto-script' configuration Markus outlined above, or set up some kind of automation stitch.


If you are merely looking to execute the script, it will be executed immediately upon upload.

The scripts that end up in that table are NOT reflected in the configuration in any way; they are stored in a folder on the underlying file-system and simply remain there (and in the GUI table) as a record that they were executed.

 

If you are looking to execute the script on demand (instead of once with the upload), you would need to create an auto-script entry again, and then use this CLI command:

 

execute auto-script start <script-name>

 

Let us know if you have any further questions :) .

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

View solution in original post

Markus_M
Staff
Staff

You can then actually use the alias command.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-system-alias/ta-p/189883?...

 

On CLI you then run it as "alias >somethingyouconfigured<"

View solution in original post

5 REPLIES 5
Markus_M
Staff
Staff

Hi Dan,

 

not even sure what this script does, I believe though you are looking for something different, automated script execution.

 

Two ways to do this:

a) config system auto-script

b) an automated script that logs on via SSH and runs commands

 

a) see here:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Automated-script-execution/ta-p/193685

A bit different under the 7.0

 

b) Discussed here already:

https://community.fortinet.com/t5/Fortinet-Forum/Is-it-possible-to-quot-upload-and-run-script-quot-t...

 

In short, there are programs like "plink" or from this forum a library called Paramiko.

Linux machines bring their own tools with them already.

I wrote for home use to push certificates created on other machines via SSH to FGT with basically:

$FortiSSH < $FGTVAR

Whereas the first variable is the ssh admin@fgt-ip and the second variable is a collection of config lines. For example:

echo "config global" > $FGTVAR
echo "config certificate ca" >> $FGTVAR
echo "edit LETSENCRYPT_CHAIN" >> $FGTVAR
echo "set range global" >> $FGTVAR
echo "set ca \"$(cat $CERTNEW)\"" >> $FGTVAR

Advantage of the latter is that this not only works to update FGT config, but other devices config, like FML, FAZ....

 

Best regards,

 

Markus

Debbie_FTNT
Staff
Staff

Hey @dan ,

 

are you looking to schedule the script, or just execute it?

If scheduling, then you will need to do the 'config system auto-script' configuration Markus outlined above, or set up some kind of automation stitch.


If you are merely looking to execute the script, it will be executed immediately upon upload.

The scripts that end up in that table are NOT reflected in the configuration in any way; they are stored in a folder on the underlying file-system and simply remain there (and in the GUI table) as a record that they were executed.

 

If you are looking to execute the script on demand (instead of once with the upload), you would need to create an auto-script entry again, and then use this CLI command:

 

execute auto-script start <script-name>

 

Let us know if you have any further questions :) .

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
dan

Hi @Debbie_FTNT ,

Thanks, you come closest to what I was looking for.  I know about auto-script already.

 

Actually I just wanted to figure out if there was a simple way to create a kind of library or macros with often used commands for me.

For example, if I want to check a flow for a particular problem I am working on, I would always use the commands

diag debug enable
diagnose debug flow filter addr 10.5.5.123
diagnose debug flow show function-name enable
diag debug flow show iprope enable
diagnose debug flow trace start 100

This is a "lot" of typing, especially if I have a new CLI session and cannot use the history. (btw, Peters list for CLI shortcuts is a big help)

 

If I'd be able to put those commands into a macro (or script) and if I would be able to simply execute it on demand, i.e. with 

execute script myspecialflowcheck.txt

or 

macro myspecialflowcheck.txt    ("macro" of course does not exist (yet?))

 

...then I would save myself from some typing.. Just an idea from a lazy typer... :)

 

The ability to define macros would be great...

 

Thanks to @Markus_M for the explanations above, too.

 

Dan

 

 

Markus_M
Staff
Staff

You can then actually use the alias command.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-system-alias/ta-p/189883?...

 

On CLI you then run it as "alias >somethingyouconfigured<"

dan

Hello @Markus_M , this is exactly what I was looking for. 
Wonderful. Many Thanks!

Dan