Fortinet black logo

Administration Guide

Home FortiManager 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

Using FortiManager device database variables in Jinja

Using FortiManager device database variables in Jinja

You can use FortiManager variables in Jinja script to retrieve data from the FortiManager Device Database.

The following FortiManager variables are supported:

Supported Device Database Variables

Supported System Interface Variables
  • Name: {{DVMDB.name}}
  • Serial: {{DVMDB.serial}}
  • OS TYPE: {{DVMDB.os_type}}
  • Platform: {{DVMDB.platform}}
  • Version: {{DVMDB.version}}
  • Hostname: {{DVMDB.hostname}}
  • UUID: {{DVMDB.mgmt_uuid}}
  • Mgmt Interface IP : {{DVMDB.mgmt_if}}
  • IP: {{DVMDB.ip}}
  • Tunnel IP: {{DVMDB.tunnel_ip}}
  • Description: {{DVMDB.description}}
  • Interface Name: {{intf.name}}
  • Interface Alias: {{intf.alias}}
  • Interface Allowaccess: {{intf.allowaccess}}
  • Interface Type: {{intf.type}}
  • Interface IP: {{intf.ip}}
  • Interface Mode: {{intf.mode}}
  • Interface VDOM: {{intf.vdom}}

This topic includes the following:

Using FortiManager variables
To use variables in a Jinja template:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Create a new CLI template.
  3. Select the Type as Jinja Script.
  4. Configure the Script Details with FortiManager variables. For example, you can use DVMDB.name as a variable to get the device name from the Device Database:

    config system global

    set hostname {{DVMDB.name}}

    end


    When viewing the Install Preview for the CLI Template, the variable DVMDB.name is replaced with the Name value for the selected device.

Example 1: Creating physical interfaces for FortiGate-VMs

A user is setting up a FGT-VM64 model device on FortiManager. When setting up a FortiGate-VM, the user needs to execute a script to create the physical interfaces, however, when deploying a FortiGate hardware platform, generating physical interfaces is not necessary. Previously, the user needed to create a separate device group for their FortiGate-VM devices and then runs a script to create the physical interfaces for VM devices inside the device group.

Using Jinja, the same CLI template can be applied to ANY new devices (hardware or VM-based) by using a script with FortiManager variables to determine the platform of the device and using an "if" statement to ensure that the script runs only on FortiGate-VM devices.

Example script:

{% if 'FortiGate-VM64' in DVMDB.platform -%}

config system interface

{%- for i in range(0, vm_interface_number|int) %}

edit port{{i+1}}

set vdom root

set type physical

next

{%- endfor %}

end

{%- endif %}

Previewing the script on a device shows how the variables are applied.

Example 2: View the device attributes for FortiGate-VMs
Example script:

{%- if DVMDB.platform == 'FortiGate-VM64' %}

Name: {{DVMDB.name}}

Serial: {{DVMDB.serial}}

OS TYPE: {{DVMDB.os_type}}

Platform: {{DVMDB.platform}}

Version: {{DVMDB.version}}

hostname: {{DVMDB.hostname}}

UUID: {{DVMDB.mgmt_uuid}}

Mgmt Interface IP : {{DVMDB.mgmt_if}}

IP: {{DVMDB.ip}}

Tunnel IP : {{DVMDB.tunnel_ip}}

Description: {{DVMDB.description}}

os_type: {{DVMDB.os_type}}

{%- endif %}

The rendered result for the script:

=======================

Name: vlan171_0040

Serial: FGVM08HZ20311040

OS TYPE: FortiGate

Platform: FortiGate-VM64

Version: 7.4.0

hostname: 3456-abc

UUID: 9c50812a-caa8-51ed-958a-4e7800e5139a

Mgmt Interface IP : port1

IP: 10.8.71.40

Tunnel IP : 169.254.0.12

Description:

os_type: FortiGate

Example 3: View the interface attributes for each physical interface on a device
Example script:

{%- for intf in DEVDB_system_interface %}

{%- if intf.type == 'physical' %}

Interface Name: {{intf.name}}

-- Interface Allowaccess: {{intf.allowaccess}}

-- Interface Type: {{intf.type}}

-- Interface IP: {{intf.ip}}

-- Interface Mode: {{intf.mode}}

-- Interface VDOM: {{intf.vdom}}

{%- endif %}

{%- endfor %}

The rendered result for the script:

===============================

Interface Name: port1

-- Interface Allowaccess: ping

-- Interface Type: physical

-- Interface IP: 10.8.71.40

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port2

-- Interface Allowaccess: https

-- Interface Type: physical

-- Interface IP: 101.71.40.1

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port3

-- Interface Allowaccess: ping

-- Interface Type: physical

-- Interface IP: 200.71.40.1

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port4

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port5

-- Interface Allowaccess: ping

-- Interface Type: physical

-- Interface IP: 172.71.40.1

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port6

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port7

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port8

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port9

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port10

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Previous
Next

Using FortiManager device database variables in Jinja

You can use FortiManager variables in Jinja script to retrieve data from the FortiManager Device Database.

The following FortiManager variables are supported:

Supported Device Database Variables

Supported System Interface Variables
  • Name: {{DVMDB.name}}
  • Serial: {{DVMDB.serial}}
  • OS TYPE: {{DVMDB.os_type}}
  • Platform: {{DVMDB.platform}}
  • Version: {{DVMDB.version}}
  • Hostname: {{DVMDB.hostname}}
  • UUID: {{DVMDB.mgmt_uuid}}
  • Mgmt Interface IP : {{DVMDB.mgmt_if}}
  • IP: {{DVMDB.ip}}
  • Tunnel IP: {{DVMDB.tunnel_ip}}
  • Description: {{DVMDB.description}}
  • Interface Name: {{intf.name}}
  • Interface Alias: {{intf.alias}}
  • Interface Allowaccess: {{intf.allowaccess}}
  • Interface Type: {{intf.type}}
  • Interface IP: {{intf.ip}}
  • Interface Mode: {{intf.mode}}
  • Interface VDOM: {{intf.vdom}}

This topic includes the following:

Using FortiManager variables
To use variables in a Jinja template:
  1. Go to Device Manager > Provisioning Templates > CLI Template.
  2. Create a new CLI template.
  3. Select the Type as Jinja Script.
  4. Configure the Script Details with FortiManager variables. For example, you can use DVMDB.name as a variable to get the device name from the Device Database:

    config system global

    set hostname {{DVMDB.name}}

    end


    When viewing the Install Preview for the CLI Template, the variable DVMDB.name is replaced with the Name value for the selected device.

Example 1: Creating physical interfaces for FortiGate-VMs

A user is setting up a FGT-VM64 model device on FortiManager. When setting up a FortiGate-VM, the user needs to execute a script to create the physical interfaces, however, when deploying a FortiGate hardware platform, generating physical interfaces is not necessary. Previously, the user needed to create a separate device group for their FortiGate-VM devices and then runs a script to create the physical interfaces for VM devices inside the device group.

Using Jinja, the same CLI template can be applied to ANY new devices (hardware or VM-based) by using a script with FortiManager variables to determine the platform of the device and using an "if" statement to ensure that the script runs only on FortiGate-VM devices.

Example script:

{% if 'FortiGate-VM64' in DVMDB.platform -%}

config system interface

{%- for i in range(0, vm_interface_number|int) %}

edit port{{i+1}}

set vdom root

set type physical

next

{%- endfor %}

end

{%- endif %}

Previewing the script on a device shows how the variables are applied.

Example 2: View the device attributes for FortiGate-VMs
Example script:

{%- if DVMDB.platform == 'FortiGate-VM64' %}

Name: {{DVMDB.name}}

Serial: {{DVMDB.serial}}

OS TYPE: {{DVMDB.os_type}}

Platform: {{DVMDB.platform}}

Version: {{DVMDB.version}}

hostname: {{DVMDB.hostname}}

UUID: {{DVMDB.mgmt_uuid}}

Mgmt Interface IP : {{DVMDB.mgmt_if}}

IP: {{DVMDB.ip}}

Tunnel IP : {{DVMDB.tunnel_ip}}

Description: {{DVMDB.description}}

os_type: {{DVMDB.os_type}}

{%- endif %}

The rendered result for the script:

=======================

Name: vlan171_0040

Serial: FGVM08HZ20311040

OS TYPE: FortiGate

Platform: FortiGate-VM64

Version: 7.4.0

hostname: 3456-abc

UUID: 9c50812a-caa8-51ed-958a-4e7800e5139a

Mgmt Interface IP : port1

IP: 10.8.71.40

Tunnel IP : 169.254.0.12

Description:

os_type: FortiGate

Example 3: View the interface attributes for each physical interface on a device
Example script:

{%- for intf in DEVDB_system_interface %}

{%- if intf.type == 'physical' %}

Interface Name: {{intf.name}}

-- Interface Allowaccess: {{intf.allowaccess}}

-- Interface Type: {{intf.type}}

-- Interface IP: {{intf.ip}}

-- Interface Mode: {{intf.mode}}

-- Interface VDOM: {{intf.vdom}}

{%- endif %}

{%- endfor %}

The rendered result for the script:

===============================

Interface Name: port1

-- Interface Allowaccess: ping

-- Interface Type: physical

-- Interface IP: 10.8.71.40

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port2

-- Interface Allowaccess: https

-- Interface Type: physical

-- Interface IP: 101.71.40.1

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port3

-- Interface Allowaccess: ping

-- Interface Type: physical

-- Interface IP: 200.71.40.1

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port4

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port5

-- Interface Allowaccess: ping

-- Interface Type: physical

-- Interface IP: 172.71.40.1

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port6

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port7

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port8

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port9

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Interface Name: port10

-- Interface Allowaccess:

-- Interface Type: physical

-- Interface IP: 0.0.0.0

-- Interface Mode: static

-- Interface VDOM: "root"

Previous
Next