Fortinet black logo

Script

5.4.1
Copy Link
Copy Doc ID bff5dd85-753a-11ea-9384-00505692583a:34063
Download PDF

Script

FortiADC provides the method to execute any AWS API for users – Users can upload Python script to FortiADC (system > AWS Scripting page)with traffic group setting and execute this script on the FortiADC to which its traffic group belongs.

If two FortiADCs are in different traffic groups for HA-VRRP mode, they can execute script individually, and communicate with AWS when doing the HA switch.

Run script:

  • Execute manually from GUI, upload scripts, choose traffic-group, click “Run”
  • Traffic-group takes effect in new device and will execute scripts after doing HA switch

Command to check which traffic-group this device belongs: get system traffic-group-status detail

To execute AWS API, set the following on FortiADC:

config system aws

set region us-west-1 (set region name as need)

set accesskey XXXXXXXXXX (get from .csv file when create user on AWS)

set secretkey XXXXXXXXXX (get from .csv file when create user on AWS)

end

Example: This script modifies the default rout in the AWS route table, when the default traffic group works in the new ADC

#!/bin/sh

traffic_group=${TRAFFIC_GROUP_NAME}

eni_id="XXXXXXXXXX"

route_table_id="XXXXXXXXXX"

echo ${TRAFFIC_GROUP_NAME}

if [$traffic_group="default"]

then

aws ec2 replace-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --network-interface-id $eni_id

else

echo "do noting"

fi

Script

FortiADC provides the method to execute any AWS API for users – Users can upload Python script to FortiADC (system > AWS Scripting page)with traffic group setting and execute this script on the FortiADC to which its traffic group belongs.

If two FortiADCs are in different traffic groups for HA-VRRP mode, they can execute script individually, and communicate with AWS when doing the HA switch.

Run script:

  • Execute manually from GUI, upload scripts, choose traffic-group, click “Run”
  • Traffic-group takes effect in new device and will execute scripts after doing HA switch

Command to check which traffic-group this device belongs: get system traffic-group-status detail

To execute AWS API, set the following on FortiADC:

config system aws

set region us-west-1 (set region name as need)

set accesskey XXXXXXXXXX (get from .csv file when create user on AWS)

set secretkey XXXXXXXXXX (get from .csv file when create user on AWS)

end

Example: This script modifies the default rout in the AWS route table, when the default traffic group works in the new ADC

#!/bin/sh

traffic_group=${TRAFFIC_GROUP_NAME}

eni_id="XXXXXXXXXX"

route_table_id="XXXXXXXXXX"

echo ${TRAFFIC_GROUP_NAME}

if [$traffic_group="default"]

then

aws ec2 replace-route --route-table-id $route_table_id --destination-cidr-block 0.0.0.0/0 --network-interface-id $eni_id

else

echo "do noting"

fi