This script was directly inspired by the legacy Fortinet tech doc: TCL Decisions.
Below is a quick script utilizing our fairly new grep capabilities in FortiOS.
When launched this script will:
1. Find all policies that match our regex.
2. Store their "edit #" value in a variable named $policyid.
3. Run commands in a foreach loop against those policies.
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# "]
}
foreach line [split [exec "show firewall policy | grep -f deep-inspection\n" "# "] \n] {
if {[regexp {edit[ ]+([0-9]+)} $line match policyid]} {
continue
} elseif {[regexp {set[ ]+(\w+)[ ]+(.*)\r} $line match key value]} {
lappend fw_policy($policyid) "$key $value"
}
}
do_cmd "config firewall policy"
foreach policyid [array names fw_policy] {
do_cmd "edit $policyid"
do_cmd "unset deep-inspection-options"
do_cmd "next"
}
do_cmd "end"
Enjoy and feel free to post and questions or comments below.
No comments:
Post a Comment