FortiGate Scripting

A bit about TCL and FortiManager and a Conversion Script I wrote

FortiGate Scripts

I’ve been doing quite a bit of scripting for FortiGates recently. Much of it in TCL.
FortiManager is capapble of running TCL scripts, which allow for the script to make decisions.
For example, I have a script that will check the name of the FortiGate it is running on, then based on the hostname, it will assign different values to the device. I needed to write this script so I could roll out ADVPN to multiple sites, for a client.

While I can’t publish the ADVPN script, I have put a CLI to TCL conversion script up on GitHub. This script will take a text file and wrap uncommented lines, so they can be processed by TCL.

TCL/FortiManager require each line of CLI command to be executed to be wrapped in some annoying to type and annoying to read additonal character. By running the CLI commands through my converter script - and adding a Procedure to the output - the TCL script is easier to read/understand.

Let me point it out again - the conversion script doesn’t add the procedure, it only wraps the CLI commands in the text required for the procedure to run the commands. The output file has one specific job - take CLI commands and turn them into something FortiManager can run as TCL.

It won’t perform any further logic - you will need to supply that, and you should probably write it in after you run the conversion script, otherwise your output will look weird and probably not run.

I’ve created a new, currently public, repo for Fortinet related scripts. I will probably add some more scripts to this repo. I think I can add some scripts I’ve been using in my lab.

comments powered by Disqus