AnsweredHot!Mass create or bulk import users

Author
Adonist
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/22 08:18:16
  • Status: offline
2018/09/14 01:18:04 (permalink)
0

Mass create or bulk import users

Hi,
 
We are switching our firewall to Fortigate and will be using SSLVPN with local users.
Is there a way to mass create users or import it from a csv ?
 
Thanks
#1
xsilver_FTNT
Expert Member
  • Total Posts : 340
  • Scores: 57
  • Reward points: 0
  • Joined: 2015/02/02 03:22:58
  • Status: offline
Re: Mass create or bulk import users 2018/09/14 03:16:58 (permalink) ☼ Best Answerby Adonist 2018/09/17 09:07:13
0
Sure, every user is just record in 'config user local'.
Have s look into CLI or CLI guide on http://docs.fortinet.com  for more details.
So you can prepare those configs in advance and then drop them to console.
Preparation can range from utilizing any text processing tool to make a template and fill those variables as usernames, to programming languages like Perl or Python to gather user data from LDAP reform them to text output written directly to FortiGate's command line via SSH session opened by your small coded tool.

Kind Regards,
Tomas
#2
Adonist
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/22 08:18:16
  • Status: offline
Re: Mass create or bulk import users 2018/09/14 04:52:05 (permalink)
0
Thank you for the reply Tomas!
If i can prepare like a template with them and drop in the cli that would be great.
Thank you again for that!
#3
ede_pfau
Expert Member
  • Total Posts : 5680
  • Scores: 385
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: Mass create or bulk import users 2018/09/14 08:57:40 (permalink) ☄ Helpfulby Adonist 2018/09/17 09:03:59
5 (2)
Two hints:
 
1- if you have a long user list, don't directly paste it to the CLI. Chances are high that you will get a timing error, and that not all of the input is actually 'taken'. Rather, submit the same file (which is a partial config file) via 'Advanced > Batch command'. This will upload all data first, and then import into the running config.
 
2- if you have along user list, consider adding your LDAP (or MS-AD) as a 'remote user'. User management (who is granted SSLVPN access, who is removed from SSLVPN etc.) is then done via LDAP management. For instance, if you connect the FGT to your MS-AD, and create a user group in the MS-AD like 'SSLVPN users', you grant VPN access by dropping a user into this group. User management is completely independent of the Fortigate, and the config on your FGT is not touched in the future.
 
Of course, this only pays out if you already manage users by LDAP or MS-AD.
 
BTW, you can also grant admin access via LDAP, using a 'remote admin wildcard account'. Sound difficult but isn't.
 
These methods are well documented in the Cookbook or KB.

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#4
rwpatterson
Expert Member
  • Total Posts : 8275
  • Scores: 181
  • Reward points: 0
  • Joined: 2006/08/08 10:08:18
  • Location: Long Island, New York, USA
  • Status: online
Re: Mass create or bulk import users 2018/09/14 10:40:35 (permalink)
0
+1 to Ede_phau
 
Managing from Active directory means that any non Fortigate admin can add and remove users easily to your SSL VPN group without your intervention. That's how I always set it up.
post edited by rwpatterson - 2018/09/14 10:45:44

-Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

-4.3.19-b0694
FWF60B
FWF80CM (4)
FWF81CM (2)
 
#5
Adonist
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/22 08:18:16
  • Status: offline
Re: Mass create or bulk import users 2018/09/17 09:03:07 (permalink)
0
Thanks Bob! Unfortunately we don't want to integrate with Active Directory (what would make my life a lot easier).
#6
Adonist
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/22 08:18:16
  • Status: offline
Re: Mass create or bulk import users 2018/09/17 09:05:23 (permalink)
0
Thank you for that.
I had to do with a bunch each time not to have the issues you mentioned. Unfortunately we don't want to integrate with LDAP which would make my life a lot easier. I managed to do it with a template and some scripting to populate the users.
#7
Adonist
New Member
  • Total Posts : 8
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/03/22 08:18:16
  • Status: offline
Re: Mass create or bulk import users 2018/09/17 09:08:04 (permalink)
0
I used a template and replicated it a hundred times as suggested. I used some scripting to populate it with the right names and it worked perfectly.
#8
xsilver_FTNT
Expert Member
  • Total Posts : 340
  • Scores: 57
  • Reward points: 0
  • Joined: 2015/02/02 03:22:58
  • Status: offline
Re: Mass create or bulk import users 2018/09/17 23:24:16 (permalink)
0
+5 Ede
well done. It's way beyond the original question but good point. Just in case someone uses FAC (FortiAuthenticator), that can even sync users and automatically sort them to groups based on LDAP filters or provision FortiTokens to those users.

Kind Regards,
Tomas
#9
Jump to:
© 2018 APG vNext Commercial Version 5.5