Fortimanager TCL Scripting
Has anyone engaged in scripting using TCL to enhance or automate firewall policy creation for multiple devices in an enterprise?
The problem is this:
When creating a firewall policy using a script, you have to enter "Edit #" of the policy to add. When scripting, it would be nice to add a new policy # incremented from a variable set via the last policy ID in the given array. Not being a TCL guru, I have found it difficult to write such script. Anyoen ran into this and/or written said script or know th syntax for such?
I guess the "edit 0" trick doesn't work for you?
With FMG TCL Scripting you can save some data in a FMG file. Please have a look at the Tcl file IO section from the FortiManager Administration Guide. You could save the latest used policyid in such a file.
You could also save the latest used policyid directly in your FGT configuration (for instance a special Firewall Address named POLICY_ID)...
But if you're ready to spend time working with FMG TCL scripting, I would stronlgy advise you to think about FMG APIs too. They are really more powerful and also much simpler to use than TCL in itself.