Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.6.1 Administration Guide
    7.6.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Using FortiManager device database variables in Jinja

    Using FortiManager device database variables in Jinja

    You can use FortiManager variables in Jinja script to retrieve data from the FortiManager Device Database.

    The following FortiManager variables are supported:

    Supported Device Database Variables

    Supported System Interface Variables
    • Name: {{DVMDB.name}}
    • Serial: {{DVMDB.serial}}
    • OS TYPE: {{DVMDB.os_type}}
    • Platform: {{DVMDB.platform}}
    • Version: {{DVMDB.version}}
    • Hostname: {{DVMDB.hostname}}
    • UUID: {{DVMDB.mgmt_uuid}}
    • Mgmt Interface IP : {{DVMDB.mgmt_if}}
    • IP: {{DVMDB.ip}}
    • Tunnel IP: {{DVMDB.tunnel_ip}}
    • Description: {{DVMDB.description}}
    • Interface Name: {{intf.name}}
    • Interface Alias: {{intf.alias}}
    • Interface Allowaccess: {{intf.allowaccess}}
    • Interface Type: {{intf.type}}
    • Interface IP: {{intf.ip}}
    • Interface Mode: {{intf.mode}}
    • Interface VDOM: {{intf.vdom}}

    This topic includes the following:

    Using FortiManager variables
    To use variables in a Jinja template:
    1. Go to Device Manager > Provisioning Templates > CLI Template.
    2. Create a new CLI template.
    3. Select the Type as Jinja Script.
    4. Configure the Script Details with FortiManager variables. For example, you can use DVMDB.name as a variable to get the device name from the Device Database:

      config system global

      set hostname {{DVMDB.name}}

      end


      When viewing the Install Preview for the CLI Template, the variable DVMDB.name is replaced with the Name value for the selected device.

    Example 1: Creating physical interfaces for FortiGate-VMs

    A user is setting up a FGT-VM64 model device on FortiManager. When setting up a FortiGate-VM, the user needs to execute a script to create the physical interfaces, however, when deploying a FortiGate hardware platform, generating physical interfaces is not necessary. Previously, the user needed to create a separate device group for their FortiGate-VM devices and then runs a script to create the physical interfaces for VM devices inside the device group.

    Using Jinja, the same CLI template can be applied to ANY new devices (hardware or VM-based) by using a script with FortiManager variables to determine the platform of the device and using an "if" statement to ensure that the script runs only on FortiGate-VM devices.

    Example script:

    {% if 'FortiGate-VM64' in DVMDB.platform -%}

    config system interface

    {%- for i in range(0, vm_interface_number|int) %}

    edit port{{i+1}}

    set vdom root

    set type physical

    next

    {%- endfor %}

    end

    {%- endif %}

    Previewing the script on a device shows how the variables are applied.

    Example 2: View the device attributes for FortiGate-VMs
    Example script:

    {%- if DVMDB.platform == 'FortiGate-VM64' %}

    Name: {{DVMDB.name}}

    Serial: {{DVMDB.serial}}

    OS TYPE: {{DVMDB.os_type}}

    Platform: {{DVMDB.platform}}

    Version: {{DVMDB.version}}

    hostname: {{DVMDB.hostname}}

    UUID: {{DVMDB.mgmt_uuid}}

    Mgmt Interface IP : {{DVMDB.mgmt_if}}

    IP: {{DVMDB.ip}}

    Tunnel IP : {{DVMDB.tunnel_ip}}

    Description: {{DVMDB.description}}

    os_type: {{DVMDB.os_type}}

    {%- endif %}

    The rendered result for the script:

    =======================

    Name: vlan171_0040

    Serial: FGVM08HZ20311040

    OS TYPE: FortiGate

    Platform: FortiGate-VM64

    Version: 7.4.0

    hostname: 3456-abc

    UUID: 9c50812a-caa8-51ed-958a-4e7800e5139a

    Mgmt Interface IP : port1

    IP: 10.8.71.40

    Tunnel IP : 169.254.0.12

    Description:

    os_type: FortiGate

    Example 3: View the interface attributes for each physical interface on a device
    Example script:

    {%- for intf in DEVDB_system_interface %}

    {%- if intf.type == 'physical' %}

    Interface Name: {{intf.name}}

    -- Interface Allowaccess: {{intf.allowaccess}}

    -- Interface Type: {{intf.type}}

    -- Interface IP: {{intf.ip}}

    -- Interface Mode: {{intf.mode}}

    -- Interface VDOM: {{intf.vdom}}

    {%- endif %}

    {%- endfor %}

    The rendered result for the script:

    ===============================

    Interface Name: port1

    -- Interface Allowaccess: ping

    -- Interface Type: physical

    -- Interface IP: 10.8.71.40

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port2

    -- Interface Allowaccess: https

    -- Interface Type: physical

    -- Interface IP: 101.71.40.1

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port3

    -- Interface Allowaccess: ping

    -- Interface Type: physical

    -- Interface IP: 200.71.40.1

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port4

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port5

    -- Interface Allowaccess: ping

    -- Interface Type: physical

    -- Interface IP: 172.71.40.1

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port6

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port7

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port8

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port9

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port10

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Previous
    Next

    Using FortiManager device database variables in Jinja

    Using FortiManager device database variables in Jinja

    You can use FortiManager variables in Jinja script to retrieve data from the FortiManager Device Database.

    The following FortiManager variables are supported:

    Supported Device Database Variables

    Supported System Interface Variables
    • Name: {{DVMDB.name}}
    • Serial: {{DVMDB.serial}}
    • OS TYPE: {{DVMDB.os_type}}
    • Platform: {{DVMDB.platform}}
    • Version: {{DVMDB.version}}
    • Hostname: {{DVMDB.hostname}}
    • UUID: {{DVMDB.mgmt_uuid}}
    • Mgmt Interface IP : {{DVMDB.mgmt_if}}
    • IP: {{DVMDB.ip}}
    • Tunnel IP: {{DVMDB.tunnel_ip}}
    • Description: {{DVMDB.description}}
    • Interface Name: {{intf.name}}
    • Interface Alias: {{intf.alias}}
    • Interface Allowaccess: {{intf.allowaccess}}
    • Interface Type: {{intf.type}}
    • Interface IP: {{intf.ip}}
    • Interface Mode: {{intf.mode}}
    • Interface VDOM: {{intf.vdom}}

    This topic includes the following:

    Using FortiManager variables
    To use variables in a Jinja template:
    1. Go to Device Manager > Provisioning Templates > CLI Template.
    2. Create a new CLI template.
    3. Select the Type as Jinja Script.
    4. Configure the Script Details with FortiManager variables. For example, you can use DVMDB.name as a variable to get the device name from the Device Database:

      config system global

      set hostname {{DVMDB.name}}

      end


      When viewing the Install Preview for the CLI Template, the variable DVMDB.name is replaced with the Name value for the selected device.

    Example 1: Creating physical interfaces for FortiGate-VMs

    A user is setting up a FGT-VM64 model device on FortiManager. When setting up a FortiGate-VM, the user needs to execute a script to create the physical interfaces, however, when deploying a FortiGate hardware platform, generating physical interfaces is not necessary. Previously, the user needed to create a separate device group for their FortiGate-VM devices and then runs a script to create the physical interfaces for VM devices inside the device group.

    Using Jinja, the same CLI template can be applied to ANY new devices (hardware or VM-based) by using a script with FortiManager variables to determine the platform of the device and using an "if" statement to ensure that the script runs only on FortiGate-VM devices.

    Example script:

    {% if 'FortiGate-VM64' in DVMDB.platform -%}

    config system interface

    {%- for i in range(0, vm_interface_number|int) %}

    edit port{{i+1}}

    set vdom root

    set type physical

    next

    {%- endfor %}

    end

    {%- endif %}

    Previewing the script on a device shows how the variables are applied.

    Example 2: View the device attributes for FortiGate-VMs
    Example script:

    {%- if DVMDB.platform == 'FortiGate-VM64' %}

    Name: {{DVMDB.name}}

    Serial: {{DVMDB.serial}}

    OS TYPE: {{DVMDB.os_type}}

    Platform: {{DVMDB.platform}}

    Version: {{DVMDB.version}}

    hostname: {{DVMDB.hostname}}

    UUID: {{DVMDB.mgmt_uuid}}

    Mgmt Interface IP : {{DVMDB.mgmt_if}}

    IP: {{DVMDB.ip}}

    Tunnel IP : {{DVMDB.tunnel_ip}}

    Description: {{DVMDB.description}}

    os_type: {{DVMDB.os_type}}

    {%- endif %}

    The rendered result for the script:

    =======================

    Name: vlan171_0040

    Serial: FGVM08HZ20311040

    OS TYPE: FortiGate

    Platform: FortiGate-VM64

    Version: 7.4.0

    hostname: 3456-abc

    UUID: 9c50812a-caa8-51ed-958a-4e7800e5139a

    Mgmt Interface IP : port1

    IP: 10.8.71.40

    Tunnel IP : 169.254.0.12

    Description:

    os_type: FortiGate

    Example 3: View the interface attributes for each physical interface on a device
    Example script:

    {%- for intf in DEVDB_system_interface %}

    {%- if intf.type == 'physical' %}

    Interface Name: {{intf.name}}

    -- Interface Allowaccess: {{intf.allowaccess}}

    -- Interface Type: {{intf.type}}

    -- Interface IP: {{intf.ip}}

    -- Interface Mode: {{intf.mode}}

    -- Interface VDOM: {{intf.vdom}}

    {%- endif %}

    {%- endfor %}

    The rendered result for the script:

    ===============================

    Interface Name: port1

    -- Interface Allowaccess: ping

    -- Interface Type: physical

    -- Interface IP: 10.8.71.40

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port2

    -- Interface Allowaccess: https

    -- Interface Type: physical

    -- Interface IP: 101.71.40.1

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port3

    -- Interface Allowaccess: ping

    -- Interface Type: physical

    -- Interface IP: 200.71.40.1

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port4

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port5

    -- Interface Allowaccess: ping

    -- Interface Type: physical

    -- Interface IP: 172.71.40.1

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port6

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port7

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port8

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port9

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Interface Name: port10

    -- Interface Allowaccess:

    -- Interface Type: physical

    -- Interface IP: 0.0.0.0

    -- Interface Mode: static

    -- Interface VDOM: "root"

    Previous
    Next