Bulk Rule Modifying

Author
jkrbber
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2021/06/11 09:21:41
  • Status: offline
2021/06/11 09:31:34 (permalink)
0

Bulk Rule Modifying

Hi everyone,
 
Looking for some advise.  I recently imported from another vendor and in to Fortigate a bit over 1000 rules.  The conversion disabled logging on all of the rules.  I would like a simple way, maybe via a script in FortiManager, to update all 1000 rules in one shot.  I would like to:
 
1. Enable "Log all sessions", along with enabling "Generate Logs when Session Starts"
2. Enable "Security Profiles" - "Use Standard Security profiles" - IPS Profile - "Monitor Mode" - Proxy Options "Default"
 
Any help would be appreciated, thank you!
#1

2 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2597
    • Scores: 255
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: Bulk Rule Modifying 2021/06/11 14:13:14 (permalink)
    0
    It's just CLI config like
      config firewall policy
        edit n
          set logtraffic all
          set utm-status enable
          set ips-sensor "sensor_name"
          set av-profile "profile_name"
          and so on...
        next
       ....
      end
     
    For UTM, nothing is set by default so you have to name them. But I think you meant "Protocol Options", which is already set "default" by default. So you shouldn't touch it.
    But in FMG script, there is no control flow statements available like "for-loop". So you still have to type 1000 of them (just copy one set to 1000 times and modify "edit n"). Then if you use a policy package, you have to apply it to ("Run against on") "Policy Package or ADOM". If not, to "Device Database".
    If you want to use iteration, you have to use API, which someone else might be able to provide some ideas.
     
       
    #2
    jkrbber
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2021/06/11 09:21:41
    • Status: offline
    Re: Bulk Rule Modifying 2021/06/13 09:41:20 (permalink)
    0
    Thanks a lot for the response.
     
    I was hoping there would be an easier way than to manually script up the editing of 1000 rules! If I went this route, then yes, I believe I can create the script in FortiManager, run against Policy Package or Adom, then head over to Policies and Objects tab, and run the script directly on the policy package.
    #3
    Jump to:
    © 2021 APG vNext Commercial Version 5.5