Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiManager 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Scripts

    Scripts

    FortiManager scripts enable you to create, execute, and view the results of scripts executed on FortiGate devices, policy packages, the ADOM database, the global policy package, or the device database. Scripts can also be filtered based on different device information, such as OS type and platform.

    At least one FortiGate device must be configured in the FortiManager system before you can use scripts.

    Additional configuration options and short-cuts are available using the right-click menu. Right-click the mouse on different navigation panes in the GUI page to access these options.

    Any scripts that are run on the global database must use complete commands. For example, if the full command is config system global, do not use conf sys glob.

    Scripts can be written in one of the following formats:

    • CLI Script: A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.

    • TCL Script: Tcl scripting commands to provide more functionality to your scripts including global variables and decision structures.

    • Jinja Script: Jinja scripts can be used to create scalable, dynamic scripts which can be applied to the FortiManager ADOM database.

    When writing your scripts, it is generally easier to write them in a context-sensitive editor, and then cut and paste them into the script editor on your FortiManager system. This can help avoid syntax errors and can reduce the amount of troubleshooting required for your scripts.

    CLI scripts can be grouped together, allowing multiple scripts to be run on a target at the same time. See CLI script group for information.

    Go to Device Manager > Scripts to view the Script and Script Group entries.

    For information about scripting commands, see the FortiGate CLI reference.

    Before using scripts, ensure the console-output function has been set to standard in the FortiGate CLI. Otherwise, scripts and other output longer than a screen in length will not execute or display correctly.

    When pushing a script from the FortiManager to the FortiGate with workspace enabled, you must save the changes in the Policy & Objects tab.
    Caution

    By design, the following FortiOS settings under system central-management cannot be modified using FortiManager database scripts or CLI templates: fmg, fmg-source-ip, fmg-source-ip6, serial-number, type, and vdom.

    Attempting to commit changes to these fields will result in the following error: not allowed to change.

    If you need to apply changes to these fields using FortiManager, a CLI Script can be used and run against the Remote FortiGate Directly (via CLI).
    Note

    After running a script with configuration changes directly on a FortiGate, you can import the configuration from the FortiGate to FortiManager in order to bring the script's changes into the FortiManager database.
    Previous
    Next

    Scripts

    Scripts

    FortiManager scripts enable you to create, execute, and view the results of scripts executed on FortiGate devices, policy packages, the ADOM database, the global policy package, or the device database. Scripts can also be filtered based on different device information, such as OS type and platform.

    At least one FortiGate device must be configured in the FortiManager system before you can use scripts.

    Additional configuration options and short-cuts are available using the right-click menu. Right-click the mouse on different navigation panes in the GUI page to access these options.

    Any scripts that are run on the global database must use complete commands. For example, if the full command is config system global, do not use conf sys glob.

    Scripts can be written in one of the following formats:

    • CLI Script: A sequence of FortiGate CLI commands, as you would type them at the command line. A comment line starts with the number sign (#). A comment line will not be executed.

    • TCL Script: Tcl scripting commands to provide more functionality to your scripts including global variables and decision structures.

    • Jinja Script: Jinja scripts can be used to create scalable, dynamic scripts which can be applied to the FortiManager ADOM database.

    When writing your scripts, it is generally easier to write them in a context-sensitive editor, and then cut and paste them into the script editor on your FortiManager system. This can help avoid syntax errors and can reduce the amount of troubleshooting required for your scripts.

    CLI scripts can be grouped together, allowing multiple scripts to be run on a target at the same time. See CLI script group for information.

    Go to Device Manager > Scripts to view the Script and Script Group entries.

    For information about scripting commands, see the FortiGate CLI reference.

    Before using scripts, ensure the console-output function has been set to standard in the FortiGate CLI. Otherwise, scripts and other output longer than a screen in length will not execute or display correctly.

    When pushing a script from the FortiManager to the FortiGate with workspace enabled, you must save the changes in the Policy & Objects tab.
    Caution

    By design, the following FortiOS settings under system central-management cannot be modified using FortiManager database scripts or CLI templates: fmg, fmg-source-ip, fmg-source-ip6, serial-number, type, and vdom.

    Attempting to commit changes to these fields will result in the following error: not allowed to change.

    If you need to apply changes to these fields using FortiManager, a CLI Script can be used and run against the Remote FortiGate Directly (via CLI).
    Note

    After running a script with configuration changes directly on a FortiGate, you can import the configuration from the FortiGate to FortiManager in order to bring the script's changes into the FortiManager database.
    Previous
    Next