Using Variable Modifiers with CLI Templates

Jonathan Torian

Jonathan Torian, senior sales engineer for a industry leading machine data processing company, is a Fortinet Network Security Expert 8 (NSE 8) certified professional. In addition to obtaining the highest certification for Fortinet, he also possesses the Certified Information Systems Security Professional (CISSP) since 2011 and has more than 10 years experience in Networking and Security. He is an avid technologist and is loves helping people by solving hard problems with great technology solutions.

You may also like...

Subscribe
Notify of
guest
6 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
hoosee
hoosee
1 year ago

Hi!

Do you have any good tips on how to deploy changes created by an external script?

Currently I have a script what creates a config which I can copy & paste directly to a Fortigate and it creates interfaces, SD-WAN, IPSec, BGP, switch & AP -config. The only way I can get this in via FortiManager is to use direct CLI -method. Is this the only way to go?

hoosee
hoosee
1 year ago

I was thinking about a combination of options 1&3.

Populating those meta fields by hand is a pain in the butt and FortiManager functions don’t provide enough flexibility compared to python scripts. However I was thinking that instead of generating direct configuration with python, I could just use it to create a new device with those meta fields over the API and then let FMG take care of the rest.

Thank you for the input! Also reading your articles gave me a lot of valuable insight about the possibilities and the restrictions ZTP with Fortinet. I’ll keep you posted! 🙂

hoosee
hoosee
1 year ago

Hi! After holidays and other work stuff, it’s time to get back to the topic! Currently I have two ways of generating the ZTP-config: 1) Create ‘model device’ and populate it’s meta-fields by using Ansible This is pretty straightforward and I would pretty much suggest using this method if your configuration is simple and uniform. I’m also able to assign policy packages, system templates etc. via Ansible so this is really simple. Just provide Ansible with all data required (how to connect to FMG, device data such as serial number, subnets…) and it will take care of everything. 2) Create… Read more »