Thursday, January 23, 2014

TCL {fortiManager} $script | grep continued

Please refer to my last post on FortiManager scripting for more info.

This script was directly inspired by the legacy Fortinet tech doc: TCL Decisions.

Below is a quick script utilizing our fairly new grep capabilities in FortiOS.

When launched this script will:

1. Find all policies that match our regex.
2. Store their "edit #" value in a variable named $policyid.
3. Run commands in a foreach loop against those policies.

















proc do_cmd {cmd} {
  puts [exec "$cmd\n" "# "]
}
foreach line [split [exec "show firewall policy | grep -f deep-inspection\n" "# "] \n] {
  if {[regexp {edit[ ]+([0-9]+)} $line match policyid]} {
    continue
  } elseif {[regexp {set[ ]+(\w+)[ ]+(.*)\r} $line match key value]} {
    lappend fw_policy($policyid) "$key $value"
  }
}
do_cmd "config firewall policy"
foreach policyid [array names fw_policy] {
    do_cmd "edit $policyid"
    do_cmd "unset deep-inspection-options"
    do_cmd "next"
}
do_cmd "end"


Enjoy and feel free to post and questions or comments below.