Adding firewall objects in FortiManager through scripting

In order to enable the use of scripts, you have to enable it in FortiManager. You can run scripts directly to a FortiGate, Device Database or you can run it on a policy package.
The following guide is for version 5.4

Enable script in FortiManager

Go to System Settings > Admin Settings and tick off “show scripts”
fmg-script-1

Write a script

Go to Device Manager > Script > Create New Script
Point the script to Policy Package, ADOM Database and script whatever to your liking
fmg-script-2

Sample Script

config firewall address
edit ” test-address-1″
set subnet 10.1.1.0 255.255.255.0
set color 1
next
edit “test-address-2”
set subnet 10.2.2.0 255.255.255.0
set associated-interface “port2”
next
edit “test-address-3”
set subnet 10.3.3.0 255.255.255.0
set associated-interface “port2”
next
edit “test-address-host-1”
set subnet 10.1.1.10 255.255.255.255
set associated-interface “port2”
set comment “This is a host object”
next
end
 
config firewall addrgrp
edit “grp.my-test-addresses”
set member “test-address-1” “test-address-2” “test-address-3” “test-address-host-1”
set comment “Group object”
next
end

Run the script

When done editing, just simply right click and run the script against default values.

fmg-script-3

fmg-script-4

5.00 avg. rating (99% score) - 1 vote

2 Responses to Adding firewall objects in FortiManager through scripting

  1. Hay there,

    Thanks for your awesome article, I used it on FMG 5.2.7 and manager to import stuff that wouldve taken me 3 days to manually do.

    Regards

Leave a Reply to Gos Cancel reply

Your email address will not be published. Required fields are marked *