06-25-2017, 14:06 +0200
Forum: Overvieweggdrophelp
Script TCL Massive creating objects and Policies
AuthorPost
chema6  06-15-2015, 13:27   | Script TCL for Firewall -help
Member since 06/2015
1 Post
Massive creating objects and Policies
I'm trying to make a migration project and implement massive FW FortiGate Configurations with TCL
I have running this tcl script:


                                                                                                                                 
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
array set objects {

    1.1.1.1  SERVER1
    2.2.2.2  W2012

    3.3.3.3  CORREO
    4.4.4.4  PROXy

    5.5.5.5  DENY-5.5.5.5
    6.6.6.6  DENY-6.6.6.6


}


# array "objects"

foreach {object_ip object_name} [array get objects] {

    puts  \n
    puts  "edit $object_name"
    puts  "set subnet $object_ip 255.255.255.255"
    puts  "next"



}



output

edit DENY-6.6.6.6
set subnet 6.6.6.6 255.255.255.255
next


edit DENY-5.5.5.5
set subnet 5.5.5.5 255.255.255.255
next


edit PROXy
set subnet 4.4.4.4 255.255.255.255
next


edit CORREO
set subnet 3.3.3.3 255.255.255.255
next


edit W2012
set subnet 2.2.2.2 255.255.255.255
next


edit SERVER1
set subnet 1.1.1.1 255.255.255.255
next


All this very well, but when I do one for politicy ....

                                                                                                                              
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#Set the policy ($srcinf-$dstinf-$srcaddr-$dstaddr-$services)

#Example
#port1 port5 10.0.0.1 10.0.0.2 DNS
array set policy {

    port1 port5 10.10.10.1 10.10.1.11 FTP
    port2 port6 10.10.10.2 10.10.1.12 ssh
    port1 port5 10.10.10.1 10.10.1.11 FTP
    port2 port3 10.2.2.1 8.8.8.8 FTP
    port2 port3 10.0.0.0 8.8.8.8 DNS
    any any 10.0.0.0 10.0.27.28  SMTP


}


# array "policy"

foreach {srcf dstf srcadd dstadd services} [array get policy] {

    puts  \n
    puts "edit"
    puts     "set srcintf $srcf"
    puts     "set dstintf $dstf"
    puts     "set srcaddr $srcadd"
    puts     "set dstaddr $dstadd"
    puts     "set action accept"
    puts     "set schedule always"
    puts     "set service $services"
    puts     "set logtraffic enable"
    puts     "set logtraffic-app disable"


}

Output

[Root @ # tclsh mass_create_policy2.tcl

edit
set srcintf port3
set dstintf 10.2.2.1
set srcaddr 10.0.0.0
set dstaddr 8.8.8.8
set action accept
set schedule always
set service DNS
set logtraffic enable
set logtraffic-app disable


edit
set srcintf any
set dstintf 10.10.1.12
set srcaddr ssh
set dstaddr any
set action accept
set schedule always
set service 10.0.0.0
set logtraffic enable
set logtraffic-app disable


edit
set srcintf FTP
set dstintf port2
set srcaddr 8.8.8.8
set dstaddr FTP
set action accept
set schedule always
set service port6"
set logtraffic enable
set logtraffic-app disable


edit
set srcintf 10.10.10.2
set dstintf port1
set srcaddr port5
set dstaddr 10.10.10.1
set action accept
set schedule always
set service 10.10.1.11
set logtraffic enable
set logtraffic-app disable


edit
set srcintf 10.0.27.28
set dstintf SMTP
set srcaddr port2
set dstaddr port3
set action accept
set schedule always
set service
set logtraffic enable
set logtraffic-app disable


As you can see it is incorrect of the declared

I'm not an expert why I tell you what if someone can help me with the Policy scripts.

simeone tcl
Advanced options for this topic:

Ignore this topic (Do not list this topic in the "unread topics" search. You are currently not ignoring this topic.)
Hide this topic (Hidden topics are not displayed in the topics list. This topic is currently not hidden.)
Go to forum

Unclassified NewsBoard 1.5.3-d | © 2003-4 by Yves Goergen