Monday, June 2, 2008

How to create quick scripts using the CLI

For those of you who are too lazy or just simply dont feel like learning another scripting language, I will now show you how to get any script you want for the Fortigate units using the CLI. We are going to use the Diagnose Debug branch commands in order to accomplish this.

You will need an SSH client to do this. [Ex. Putty]

1. Start an SSH session to your box.
If SSH is not enabled then log into the GUI and enable it under System>Network>[Interface]

2. Run > Diag debug enable

3. Run > Diag debug cli 7


4. Now just keep this window open and log into the GUI and make changes to your config that you would like scripted.
This will allow all changes made in the gui to output the corresponding CLI commands in your SSH client.



In the above example I have created a new Firewall Address called "Local" and then added it to a new Firewall Policy for "Internal>WAN1".
In order to make this into a usable script you will have to copy the script into a text file and edit out the "O: " that precedes the commands.

I hope that you have found this useful.... :-)