Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BBoozer
New Contributor

Whitelist Updates via FortiManager

I am attempting to update our whitelist w/o success. I have added a single address to the Whitelist that is attached to our current profile. Our Global FortiGuard Services policy shows it is set to automatic. I am thinking there must be a script required to run to push the whitelist to all our FortiGates & FortiWifi' s in the field. However, I cannot locate anything in the documentation and it is crunch time. Any ideas? FortiManager 3000c on 4.0 MR3 Patch Release 11
3 REPLIES 3
FortiRack_Eric
New Contributor III

Use Fortimanager 5.0.3 (latest) to manage FortiGates. Way way better than the FMG 4.3.x even with 4.3.x FortiGates. Make a ADOM in 4.3 mode and your good to go.

Rackmount your Fortinet --> http://www.rackmount.it/fortirack

 

Rackmount your Fortinet --> http://www.rackmount.it/fortirack
BBoozer

Simply not an option. We have over 1200 FortiGates/Wifis in the field, and a change control of that mangnitude would require weeks of testing before approval. This needs to push immediately.
Dave_Hall
Honored Contributor

Create a CLI script (under Root ADOM->Device Manager->Tools>Script->CLI Script) that does something similar to the following....
config webfilter urlfilter
     edit 1
             config entries
                 edit " .*update\\.microsoft\\.com.*" 
                     set action monitor
                     set type regex
                 next
                 edit " .*download\\.windowsupdate\\.com.*" 
                     set action monitor
                     set type regex
                 next
                 edit " .*\\.microsoft\\.com.*" 
                     set action monitor
                     set type regex
                 next
             end
         set name " defined-urlfilter" 
     next
 end
 
Next, setup the fgt device group/schedule for running the script... 1. Under Device Manager (Root), right click on the Fortigate group, choose Script->Scheduled Scripts->Create New->Select Script->{name of script from above} 2. Uncheck " Run on DB(Only CLI Scripts)" (if you want the script run directly on the fgt devices) 3. Under " Select Execute Type" choose schedule type. 4. Check " Exclude Certain Devices from the Group" if you want to exclude some devices from the script run. Note the above is untested and I am not sure if you need to run the script against the DB or not. (i.e. the fgt device may go out-of-sync with the fgr.) Also, I suggest running the script on a stand-alone fgt to confirm it is running properly (you may need to remove the padded spaces). Again, the above is untested -- use this info at your own risk. Edit: I am assuming the white list is a URL filter list (but any script code should do).

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors