Fortimanager TCL Scripting
Has anyone engaged in scripting using TCL to enhance or automate firewall policy creation for multiple devices in an enterprise?
The problem is this:
When creating a firewall policy using a script, you have to enter "Edit #" of the policy to add. When scripting, it would be nice to add a new policy # incremented from a variable set via the last policy ID in the given array. Not being a TCL guru, I have found it difficult to write such script. Anyoen ran into this and/or written said script or know th syntax for such?
I guess the "edit 0" trick doesn't work for you?
With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.
You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...
But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.
Products Solutions Support Partners Threat Research Contact Us