too bad fortinet doesn' t have a shell or tcl scripting :)
I can tell you that one is never happening directly on the box as it represents a real and present risk to security on a hardened security device.
Before working with Fortinet gear (and following, the company itself), I worked for several years with Cisco ASA and CheckPoint. And part of me loved that I could go into expert mode on CheckPoint and run whatever scripts I wanted and have root level access to the OS, such as it is..
But the truth is that by removing that access from FortiGate and relegating them to debug versions, it makes the device much more stable and secure.
To add some substantive content to this discussion, there are many tools out there to automate SSH sessions.
You can also do this with FortiManager based on a schedule, or using API if triggered by an external monitoring system. If using FMGR you can use CLI scripts or TCL scripting and either add to the config DB for next policy push, or have it go directly to the device CLI.
One last thing is you mentioned running a script if a port fails - if you mean a WAN port, the " virtual-wan-link" functionality in FortiOS will likely do what you want it to, which is to healthcheck a WAN link and automatically fail over if needed.
< Message edited by Sean_Toomey_FTNT -- 8/5/2014 9:00:12 AM >