edit HOST-1 set type ipmask set subnet 111.111.111.111/255.255.255.255 set associated-interface OUTSIDE next edit HOST-2 set type ipmask set subnet 222.222.222.222/255.255.255.255 set associated-interface OUTSIDE next edit HOST-3 set type ipmask set subnet 333.333.333.333/255.255.255.255 set associated-interface OUTSIDE end
Hi,
I know this is an old post - but I made a TCL-script to create firewall objects when I had the same scenario. I had a bunch of host addresses I needed to create a deny policy for.
You can read about it on my blog:
http://exceededintransit.net/?p=191
.. If you want to use more variables, you can create more variables by simply adding a new section to the array. Eg. if you want a variable subnet mask, you could do this:
array set objects {
10.0.0.0 "H-DENY-1.1.1.1" 255.255.255.0
2.2.2.0 "H-DENY-2.2.2.2" 255.255.254.0
3.3.3.0 "H-DENY-3.3.3.3" 255.255.255.128
}
foreach {object_ip object_name object_subnet}
Now you should be able to use the $object_subnet variable as well when creating the object. The config would look like this:
# lookup in array "objects"
foreach {object_ip object_name} [array get objects] {
puts \n
puts "edit $object_name"
puts "set subnet $object_ip $object_subnet"
puts "next"
}
When creating the array, you should use excel for the production of the rows. You should be able to copy the cells from excel directly to your script.
Regards,
Martin Karlsen
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.