Management & Analytics

Expand all | Collapse all

FortiManager TCL Scripting

  • 1.  FortiManager TCL Scripting

    Posted Sep 30, 2015 04:57 AM

    Fortimanager TCL Scripting

    Has anyone engaged in scripting using TCL to enhance or automate firewall policy creation for multiple devices in an enterprise?

    The problem is this:

    When creating a firewall policy using a script, you have to enter "Edit #" of the policy to add.  When scripting, it would be nice to add a new policy # incremented from a variable set via the last policy ID in the given array.   Not being a TCL guru, I have found it difficult to write such script.  Anyoen ran into this and/or written said script or know th syntax for such?

  • 2.  RE: FortiManager TCL Scripting

    Posted Sep 30, 2015 08:55 PM

    I guess the "edit 0" trick doesn't work for you?

    With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.

    You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...

    But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.

    Best Regards.