Using the method described here you can import bulk commands through the Fortinet GUI. If you have a long list of IP addresses you want to import and have Microsoft Word handy you can use the following trick to turn your list into a bulk import file:
-copy and paste your IP addresses (one IP address per line) into a new Word document
-bring up the replace dialog in Word and insert the following
-Find what: (<*>).(<*>).(<*>).(<*>)
-Replace with: edit h-\1.\2.\3.\4^lset subnet \1.\2.\3.\4 255.255.255.255^lnext
-check "Use wildcards"
-click "Replace All"
VERY IMPORTANT
-add "config firewall address" to the top of your file
-save your file as plain text
-follow this procedure to import your bulk commands.
Before:
192.168.1.1
After:
edit h-192.168.1.1
set subnet 192.168.1.1 255.255.255.255
next
Obviously you can adjust the h-IP.add.re.ss naming convention to suit your needs. You can also use the above syntax for creating lots of network objects by replacing the netmask with 255.255.255.0 or similar.
3 comments:
This is cool and very useful. These bulk import tips are great. Thanks for the info.
-Matt
Does this need to be updated for 4.3? Having some problems. I wanted to include the interface and the name of a tag:
edit "\1.\2.\3.\4"^lset associated-interface "wan1"^lset color 13^lset tags "61398"^lset subnet \1.\2.\3.\4 255.255.255.255^lnext
CLI didn't like the quotes and now I have 130 bad addresses in the config I can't delete. I will revert to backup config I made before the import :-) I think if I change the quote type it will work. Darn ASCII char set!
Can you import IPs via CLI into FortiManager...?
Post a Comment