Example: Configure common global settings.
Script:
#!
#Run on FortiOS v5.00
#This script will configure common global, user group and ntp settings
#if you do not want to set a parameter, comment the
#corresponding set command
#if you want to reset a parameter to it’s default
#value, set it an empty string
puts [exec “# This is an example Tcl script to configure global, user group and ntp setting of FortiGate\n” “# ” 15 ]
# global set sys_global(admintimeout) “”
# user group set sys_user_group(authtimeout) 20
# ntp set sys_ntp(source-ip) “0.0.0.0” set sys_ntp(ntpsync) “enable” #procedure to execute FortiGate command proc fgt_cmd cmd {
puts -nonewline [exec “$cmd\n” “# ” 30]
}
#config system global—begin fgt_cmd “config global” fgt_cmd “config system global” foreach key [array names sys_global] { if {$sys_global($key) ne “”} {
fgt_cmd “set $key $sys_global($key)”
} else { fgt_cmd “unset $key”
} } fgt_cmd “end” fgt_cmd “end”
#config system global—end
#config system user group—begin fgt_cmd “config vdom” fgt_cmd “edit root” fgt_cmd “config user group” fgt_cmd “edit groupname” foreach key [array names sys_user_group] { if {$sys_user_group($key) ne “”} {
fgt_cmd “set $key $sys_user_group($key)”
} else { fgt_cmd “unset $key”
} } fgt_cmd “end” fgt_cmd “end”
#config system user group—end
#config system ntp—begin fgt_cmd “config global” fgt_cmd “config system ntp” foreach key [array names sys_ntp] { if {$sys_ntp($key) ne “”} {
fgt_cmd “set $key $sys_ntp($key)”
} else { fgt_cmd “unset $key”
}
}
fgt_cmd “end” fgt_cmd “end”
#config system ntp—end
Output:
——- Executing time: 2013-10-22 09:12:57 ——
Starting log (Run on device)
FortiGate-VM64 # config global
FortiGate-VM64 (global) # config system global
FortiGate-VM64 (global) # unset admintimeout
FortiGate-VM64 (global) # end
FortiGate-VM64 (global) # end
FortiGate-VM64 # config vdom FortiGate-VM64 (vdom) # edit root
current vf=root:0
FortiGate-VM64 (root) # config user group
FortiGate-VM64 (group) # edit groupname
FortiGate-VM64 (groupname) # set authtimeout 20
FortiGate-VM64 (groupname) # end
FortiGate-VM64 (root) # end
FortiGate-VM64 # config global
FortiGate-VM64 (global) # config system ntp
FortiGate-VM64 (ntp) # set ntpsync enable
FortiGate-VM64 (ntp) # set source-ip 0.0.0.0
FortiGate-VM64 (ntp) # end
FortiGate-VM64 (global) # end
FortiGate-VM64 #
——- The end of log ———-
Example: Configure syslogd settings and filters.
Script:
#!
#Run on FortiOS v5.00
#This script will configure log syslogd setting and
#filter
#key-value pairs for ‘config log syslogd setting’, no #value means default value. set setting_list {{status enable} {csv enable}
{facility alert} {port} {server 1.1.1.2}}
#key-value pairs for ‘config log syslogd filter’, no #value means default value. puts [exec “# This is an example Tcl script to configure log syslogd setting and filter setting of FortiGate\n” “# ” 15 ]
set filter_list {{attack enable} {email enable} {severity} {traffic enable} {virus disable}
{web enable}}
#set the number of syslogd server, “”, “2” or “3” set syslogd_no “2”
#procedure to execute FortiGate CLI command proc fgt_cmd cmd {
puts -nonewline [exec “$cmd\n” “# “]
}
#procedure to set a series of key-value pairs proc set_kv kv_list {
foreach kv $kv_list {
set len [llength $kv]
if {$len == 0} {
continue
} elseif {$len == 1} { fgt_cmd “unset [lindex $kv 0]”
} else {
fgt_cmd “set [lindex $kv 0] [lindex $kv 1]”
} } }
#configure log syslogd setting—begin fgt_cmd “config global”
fgt_cmd “config log syslogd$syslogd_no setting”
set_kv $setting_list
fgt_cmd “end”
#configure log syslogd setting—end #configure log syslogd filter—begin fgt_cmd “config log syslogd$syslogd_no filter”
set_kv $filter_list
fgt_cmd “end”
#configure log syslogd filter—end
Output:
Starting log (Run on device)
FortiGate-VM64 # config global
FortiGate-VM64 (global) # config log syslogd2 setting
FortiGate-VM64 (setting) # set status enable
FortiGate-VM64 (setting) # set csv enable
FortiGate-VM64 (setting) # set facility alert
FortiGate-VM64 (setting) # unset port
FortiGate-VM64 (setting) # set server 1.1.1.2 FortiGate-VM64 (setting) # end
FortiGate-VM64 (global) # config log syslogd2 filter
FortiGate-VM64 (filter) # set attack enable
FortiGate-VM64 (filter) # set email enable
FortiGate-VM64 (filter) # unset severity
FortiGate-VM64 (filter) # set traffic enable
FortiGate-VM64 (filter) # set virus disable
FortiGate-VM64 (filter) # set web enable
FortiGate-VM64 (filter) # end FortiGate-VM64 (global) #
——- The end of log ———-
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!