Hey all
Trying to automate a few things so I made a script that makes a script that makes the many objects I need to create on a regular basis. The problem is that whatever I do, I can't get the "Upload bulk CLI file" to take my CLI script, all I get is "configuration file error". Pasting the whole script on the CLI works fine and behaves exactly as expected, so I have no idea what the GUI upload function is going on about. Here's a super simple CLI script I made for testing:
config firewall address
edit "Blocked-IP-22.222.22.222"
set subnet 22.222.22.222 255.255.255.255
next
edit "Blocked-IP-222.22.222.22"
set subnet 222.22.222.22 255.255.255.255
next
edit "Blocked-IP-11.111.11.111"
set subnet 11.111.11.111 255.255.255.255
next
edit "Blocked-IP-111.11.111.11"
set subnet 111.11.111.11 255.255.255.255
next
end
4 simple address objects to create. Even if they exist, this doesn't produce any error on CLI since it's just editing existing objects anyway. GUI though, "configuration file error" and I can't really find anything on bulk scripts except that you just put the commands in the file and away you go. But it doesn't go. Why?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
I've just uploaded your script to my 60E, running v5.4.4, without any problems.
To debug bulk scripts:
1- connect via ssh or serial Console
2- enter 'diag deb en'
3- enter 'diag deb cli 7'
4- upload bulk script
You will see each line of the script echoed in the terminal, with "0:" prepended if successful and a negative number if not. You should see an error message then.
Finally,
5- diag deb cli 3
6- diag deb dis
hi,
I've just uploaded your script to my 60E, running v5.4.4, without any problems.
To debug bulk scripts:
1- connect via ssh or serial Console
2- enter 'diag deb en'
3- enter 'diag deb cli 7'
4- upload bulk script
You will see each line of the script echoed in the terminal, with "0:" prepended if successful and a negative number if not. You should see an error message then.
Finally,
5- diag deb cli 3
6- diag deb dis
That was useful. Unexpected output from the debug:
FGT1 # cmd=▒▒c -61: ▒▒c FGT1 # Backtrace: [0x08b64ea8] => /bin/httpsd [0x0834422a] => /bin/httpsd [0x08b64c1f] => /bin/httpsd [0x400a0ef8] => ../lib/libc.so.6 liboffset 0001cef8
Given the weird format, I checked my script file and let's just say the encoding was very strange (WTH is UCS 2 BE BOM?). Switched it to UTF-8, uploaded, works fine. Now to look at my master script and get it to set the encoding properly... Thanks for the help!
Some editors include a BOM right at the start of the file to indicate the UTF encoding. FOS of course chokes on that.
Talk to your editor :)
I spoke to my PowerShell script in gentle tones, got it to output UTF8, found out MS in their wisdom does BOM by default in PowerShell output with Out-File, switched all my encoding to ASCII because 1 byte should be enough for every char, and now the resulting file loads in FGT fine. I know there's workarounds to the PS BOM issue with .Net classes instead of Out-File but my script works now and that's all that's really important. Thanks for the help again.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.