So, we just upgraded our FortiManager from 5.2.6 to 5.4.1. Most of our FortiGates are currently running 5.0.x, and the FMG is the first step to a global migration to 5.4. In 5.0 and 5.2, we were heavy users of object colors to denote different object types in our firewalls. 5.4 has put that in complete chaos. Forti[Gate]OS 5.4 has different colors versus 5.0/5.2, and for some even more bizzare reason, FortiManager 5.4.1's object color assignments are different that what shows up in FortiGate FortiOS 5.4.1. I really don't know what they were thinking.
Anyways, we now have a 5.0 ADOM with tens of thousands of firewall address objects of varying colors. Since Fortinet teams can't decide between themselves what color pallet to use, I want to just remove the "set color" line en masse from the objects so all of our objects are the standard default color. What is the best way to accomplish this? Is it possible to script on the FortiManager? Can I get an example script?
Probably the easiest way to obtain a list of objects in an ADOM is to use "execute fmpolicy print-adom-object" command (use question marks to complete syntax with ADOM ID and object ID). Then you can use some Python or any other scripting language to generate correct syntax from the list of objects.
Sorry for the different color issue on FMG side and we will fix this for FMG 5.4.2
for run script, please go to System Settings - Admin - Admin Settings, enable "Show Scripts", then go to "Device Manager", you will see a new tab on top "Scripts" and go to script page, you can create a CLI script, for device db, or remote device, or package db
so if you want to modify address config on FMG db, you choose package db, and then copy the address CLI config into script, save script, then in script list page, you will see your newly created script, right click, you can then run script on package/ADOM db to modify the addresses
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.