Using the method described here you can import bulk commands through the Fortinet GUI. If you have a long list of IP addresses you want to import and have Microsoft Word handy you can use the following trick to turn your list into a bulk import file:
-copy and paste your IP addresses (one IP address per line) into a new Word document
-bring up the replace dialog in Word and insert the following
-Find what: (<*>).(<*>).(<*>).(<*>)
-Replace with: edit h-\1.\2.\3.\4^lset subnet \1.\2.\3.\4 255.255.255.255^lnext
-check "Use wildcards"
-click "Replace All"
VERY IMPORTANT
-add "config firewall address" to the top of your file
-save your file as plain text
-follow this procedure to import your bulk commands.
Before:
192.168.1.1
After:
edit h-192.168.1.1
set subnet 192.168.1.1 255.255.255.255
next
Obviously you can adjust the h-IP.add.re.ss naming convention to suit your needs. You can also use the above syntax for creating lots of network objects by replacing the netmask with 255.255.255.0 or similar.
This is cool and very useful. These bulk import tips are great. Thanks for the info.
ReplyDelete-Matt
Does this need to be updated for 4.3? Having some problems. I wanted to include the interface and the name of a tag:
ReplyDeleteedit "\1.\2.\3.\4"^lset associated-interface "wan1"^lset color 13^lset tags "61398"^lset subnet \1.\2.\3.\4 255.255.255.255^lnext
CLI didn't like the quotes and now I have 130 bad addresses in the config I can't delete. I will revert to backup config I made before the import :-) I think if I change the quote type it will work. Darn ASCII char set!
Can you import IPs via CLI into FortiManager...?
ReplyDelete