Fortinet Document Library

Version:

Version:


Table of Contents

Download PDF
Copy Link

Script

FortiADC provides the method to execute any AWS API for users – Users can upload Python script to FortiADC (system > AWS Scripting page)with traffic group setting and execute this script on the FortiADC to which its traffic group belongs.

If two FortiADCs are in different traffic groups for HA-VRRP mode, they can execute script individually, and communicate with AWS when doing the HA switch.

Run script:

  • Execute manually from GUI, upload scripts, choose traffic-group, click “Run”
  • Traffic-group takes effect in new device and will execute scripts after doing HA switch

Command to check which traffic-group this device belongs: get system traffic-group-status detail

To execute AWS API, set the following on FortiADC:

config system aws

set region us-west-1 (set region name as need)

set accesskey XXXXXXXXXX (get from .csv file when create user on AWS)

set secretkey XXXXXXXXXX (get from .csv file when create user on AWS)

end

 

Example: This script modifies the default rout in the AWS route table, when the default traffic group works in the new ADC

#!/bin/sh

traffic_group=${TRAFFIC_GROUP_NAME}

eni_id="XXXXXXXXXX"

route_table_id="XXXXXXXXXX"

echo ${TRAFFIC_GROUP_NAME}

if [$traffic_group="default"]

then

aws ec2 replace-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --network-interface-id $eni_id

else

echo "do noting"

fi

Script

FortiADC provides the method to execute any AWS API for users – Users can upload Python script to FortiADC (system > AWS Scripting page)with traffic group setting and execute this script on the FortiADC to which its traffic group belongs.

If two FortiADCs are in different traffic groups for HA-VRRP mode, they can execute script individually, and communicate with AWS when doing the HA switch.

Run script:

  • Execute manually from GUI, upload scripts, choose traffic-group, click “Run”
  • Traffic-group takes effect in new device and will execute scripts after doing HA switch

Command to check which traffic-group this device belongs: get system traffic-group-status detail

To execute AWS API, set the following on FortiADC:

config system aws

set region us-west-1 (set region name as need)

set accesskey XXXXXXXXXX (get from .csv file when create user on AWS)

set secretkey XXXXXXXXXX (get from .csv file when create user on AWS)

end

 

Example: This script modifies the default rout in the AWS route table, when the default traffic group works in the new ADC

#!/bin/sh

traffic_group=${TRAFFIC_GROUP_NAME}

eni_id="XXXXXXXXXX"

route_table_id="XXXXXXXXXX"

echo ${TRAFFIC_GROUP_NAME}

if [$traffic_group="default"]

then

aws ec2 replace-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --network-interface-id $eni_id

else

echo "do noting"

fi