Scripts – FortiManager 5.2


Scripts must be configured to be displayed to be accessible as described in this chapter. Go to System Settings > Admin > Admin Settings and select Show Script from the Display Options on GUI section to make it visible in the Web-based Manager. For more information, see Administrator settings.

Additional configuration options and short-cuts are available using the right-click menu. Right-click the mouse on different navigation panes in the Web-based Manager page to access these options.

FortiManager scripts enable you to create, execute, and view the results of scripts executed on FortiGate devices, policy packages, the ADOM database, the global policy package, or the DB. Scripts can also be filtered based on different device information, such as OS type and platform.

At least one FortiGate device must be configured in the FortiManager system for you to be able to use scripts.

Scripts can be written in one of two formats:

  • A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.
  • Tcl scripting commands to provide more functionality to your scripts including global variables and decision structures.

When writing your scripts, it is generally easier to write them in a context-sensitive editor, and then cut and paste them into the script editor on your FortiManager system. This can help avoid syntax errors and can reduce the amount of troubleshooting required for your scripts.

For information about scripting commands, see the FortiGate CLI reference.

Configuring scripts

To configure, import, export, or run scripts, go to the Device Manager tab, expand an ADOM view in the tree menu, and then select Scripts > Script. To configure script groups, go to Scripts > CLI Script Group. The script list for the selected ADOM will be displayed.

Script list

The following information is displayed:

Name The user-defined script name.
Type The script type.
Target The script target. One of the following: l Device Database l Policy Package, ADOM Database l Remote FortiGate Directly (via CLI)
Comments User defined comment for the script.
Last Modified The date and time that the script was last modified.

The following options are available:

Create New Select to create a new script.
Import Select to import a script from your management computer. Type a name, description, select Tcl type if applicable, and browse for the file on your management computer. Select submit to import the script to FortiManager.
Run Select a script in the table, right-click, and select Run in the menu to run the script against the target selected. When selecting to run a script against a policy package, select the policy package from the drop-down list in the dialog window. When selecting to run a script against a device or database, select the device in the tree menu in the dialog window.
New Select a script in the table, right-click, and select New in the menu to create a new script.
Edit Select a script in the table, right-click, and select Edit in the menu to clone the script selected.
Clone Select a script in the table, right-click, and select Clone in the menu to clone the script selected.
Delete Select a script in the table, right-click, and select Delete in the menu to delete the script selected.
Export Select a script in the table, right-click, and select Export in the menu to export the script as a .txt file to your management computer.
Select All Select Select All in the right-click menu to select all scripts in the table and select Delete to delete all selected scripts.
Search Search the scripts by typing a search term in the search field.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.