Wednesday, January 14, 2009

Bulk Host/Network Object Import

Using the method described here you can import bulk commands through the Fortinet GUI. If you have a long list of IP addresses you want to import and have Microsoft Word handy you can use the following trick to turn your list into a bulk import file:

-copy and paste your IP addresses (one IP address per line) into a new Word document
-bring up the replace dialog in Word and insert the following
-Find what: (<*>).(<*>).(<*>).(<*>)
-Replace with: edit h-\1.\2.\3.\4^lset subnet \1.\2.\3.\4 255.255.255.255^lnext
-check "Use wildcards"
-click "Replace All"

VERY IMPORTANT
-add "config firewall address" to the top of your file
-save your file as plain text
-follow this procedure to import your bulk commands.

Before:
192.168.1.1

After:
edit h-192.168.1.1
set subnet 192.168.1.1 255.255.255.255
next

Obviously you can adjust the h-IP.add.re.ss naming convention to suit your needs. You can also use the above syntax for creating lots of network objects by replacing the netmask with 255.255.255.0 or similar.

3 comments:

Anonymous said...

This is cool and very useful. These bulk import tips are great. Thanks for the info.

-Matt

Anonymous said...

Does this need to be updated for 4.3? Having some problems. I wanted to include the interface and the name of a tag:

edit "\1.\2.\3.\4"^lset associated-interface "wan1"^lset color 13^lset tags "61398"^lset subnet \1.\2.\3.\4 255.255.255.255^lnext

CLI didn't like the quotes and now I have 130 bad addresses in the config I can't delete. I will revert to backup config I made before the import :-) I think if I change the quote type it will work. Darn ASCII char set!

toffitomek said...

Can you import IPs via CLI into FortiManager...?