Fortinet Document Library

Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

CLI Template improvements 7.0.1

In FortiManager 7.0.1, CLI templates include the following improvements:

  • Jinja2 language support
  • Validation check and preview
  • Device and device-VDOM meta variables
To create an IPsec VPN using Jinja in the CLI Template:
  1. Create a new meta field in FortiManager
    1.  Go to System > Advanced > Meta Fields and create a new meta field.
    2. Enter a name for the meta field, for example outgoing_int.
    3. Enter the meta field object. In this example, the Object can be Device or DeviceVDOM.
    4. Click OK.
  2. Create the CLI Jinja Template:
    1. Go to Device Manager > Provisioning Templates > CLI Template, and create a new CLI Template.
    2. Enter a name for the template, for example IPSEC_VPN.
    3. Select Jinja Script as the Type.
    4. Enter the Script Details. In this example, the following jinja script is used to create the IPsec phase1-interface and phase 2-interface. Jinja2 uses {{ ... }} for the expression of variables.

      config vpn ipsec phase1-interface

      edit tohub1

      set remote-gw 101.71.49.4

      set interface {{ outgoing_int }}

      set peertype any

      set proposal aes128-sha256

      set psksecret fortinet

      next

      end

      config vpn ipsec phase2-interface

      edit tohub1

      set phase1name tohub1

      set proposal aes128-sha256

      set auto-negotiate enable

      next

      end

    5. Click OK.
  3. Assign a port to the new meta field.
    1. Go to Device Managerand edit your device.
    2. In the previously created meta field, enter a port. In this example, port2 is assigned to the outgoing_int field.
  4. Assign the CLI Jinja template to a device and execute device installation. The following configuration is pushed to the FortiManager.

    config vpn ipsec phase1-interface

    edit tohub1

    set remote-gw 101.71.49.4

    set interface port2

    set peertype any

    set proposal aes128-sha256

    set psksecret ENC Z8Zpc61yyxOe2K5QsJbYr7gRiykPe0EjU+e+TLSz12BucSSA6DfXPd23wnhkb560RSK92hqBpFHtC3/g1fopSKt80jn1G+I/0YMlNty6aoiyrDx5duo0g5cL4rB7UuT8TmmyeCDeUVy5wyT4afglm5P9Q8IzkY2P3D5/FG5DIuYHMZZg

    next

    end

    config vpn ipsec phase2-interface

    edit tohub1

    set phase1name tohub1

    set proposal aes128-sha256

    set auto-negotiate enable

    next

    end

To validate a CLI Template:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Once the template is assigned to a device, click Validate.

    If there are any errors, for example missing values for meta fields, you can click View Validation Result.

    You will have the opportunity to input the value for the missing meta fields in the dialog box.
To preview a CLI Template script:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Once the template is assigned, click Validate.
  3. Click View Validation Result when the script validation is completed, and then click Preview Result.
    The CLI Template is replaced with the value or values seen by the end user. For example, in the example below the variable {{outgoing_int}} is replaced by port2 in the script.

CLI Template improvements 7.0.1

In FortiManager 7.0.1, CLI templates include the following improvements:

  • Jinja2 language support
  • Validation check and preview
  • Device and device-VDOM meta variables
To create an IPsec VPN using Jinja in the CLI Template:
  1. Create a new meta field in FortiManager
    1.  Go to System > Advanced > Meta Fields and create a new meta field.
    2. Enter a name for the meta field, for example outgoing_int.
    3. Enter the meta field object. In this example, the Object can be Device or DeviceVDOM.
    4. Click OK.
  2. Create the CLI Jinja Template:
    1. Go to Device Manager > Provisioning Templates > CLI Template, and create a new CLI Template.
    2. Enter a name for the template, for example IPSEC_VPN.
    3. Select Jinja Script as the Type.
    4. Enter the Script Details. In this example, the following jinja script is used to create the IPsec phase1-interface and phase 2-interface. Jinja2 uses {{ ... }} for the expression of variables.

      config vpn ipsec phase1-interface

      edit tohub1

      set remote-gw 101.71.49.4

      set interface {{ outgoing_int }}

      set peertype any

      set proposal aes128-sha256

      set psksecret fortinet

      next

      end

      config vpn ipsec phase2-interface

      edit tohub1

      set phase1name tohub1

      set proposal aes128-sha256

      set auto-negotiate enable

      next

      end

    5. Click OK.
  3. Assign a port to the new meta field.
    1. Go to Device Managerand edit your device.
    2. In the previously created meta field, enter a port. In this example, port2 is assigned to the outgoing_int field.
  4. Assign the CLI Jinja template to a device and execute device installation. The following configuration is pushed to the FortiManager.

    config vpn ipsec phase1-interface

    edit tohub1

    set remote-gw 101.71.49.4

    set interface port2

    set peertype any

    set proposal aes128-sha256

    set psksecret ENC Z8Zpc61yyxOe2K5QsJbYr7gRiykPe0EjU+e+TLSz12BucSSA6DfXPd23wnhkb560RSK92hqBpFHtC3/g1fopSKt80jn1G+I/0YMlNty6aoiyrDx5duo0g5cL4rB7UuT8TmmyeCDeUVy5wyT4afglm5P9Q8IzkY2P3D5/FG5DIuYHMZZg

    next

    end

    config vpn ipsec phase2-interface

    edit tohub1

    set phase1name tohub1

    set proposal aes128-sha256

    set auto-negotiate enable

    next

    end

To validate a CLI Template:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Once the template is assigned to a device, click Validate.

    If there are any errors, for example missing values for meta fields, you can click View Validation Result.

    You will have the opportunity to input the value for the missing meta fields in the dialog box.
To preview a CLI Template script:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Once the template is assigned, click Validate.
  3. Click View Validation Result when the script validation is completed, and then click Preview Result.
    The CLI Template is replaced with the value or values seen by the end user. For example, in the example below the variable {{outgoing_int}} is replaced by port2 in the script.