Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

fmscript

Use these commands to perform script related actions:

fmscript clean-sched

fmscript copy

fmscript delete

fmscript import

fmscript list

fmscript run

fmscript

fmscript clean-sched

Clean the script schedule table for all non-existing devices.

Syntax

execute fmscript clean-sched

fmscript copy

Copy a script or scripts between ADOMs.

Syntax

execute fmscript copy <adom_name> <script ID> <adom> [<prefix>]

Variable

Description

<adom_name>

The source ADOM name.

<script ID>

The name of the script to copy (0000 = copy all scripts).

<adom>

The destination ADOM name.

[<prefix>]

Assign the conflict prefix. The default is the ADOM name.

fmscript delete

Delete a script from FortiManager.

Syntax

execute fmscript delete <scriptid>

Variable

Description

<scriptid>

The name of the script to delete.

fmscript import

Import a script from an FTP server to FortiManager.

Syntax

execute fmscript import <ftpserver_ipv4> <filename> <username> <password> <scriptname> <scripttype> <comment> <adom_name> <os_type> <os_version> <platform> <device_name> <build_number> <hostname> <serial_number>

Variable

Description

<ftpserver_ipv4>

The IPv4 address of the FTP server.

<filename>

The filename of the script to be imported to the FortiManager system.

<username>

The user name used to access the FTP server.

<password>

The password used to access the FTP server.

<scriptname>

The name of the script to import.

<scripttype>

The type of script as one of CLI or TCL.

<comment>

A comment about the script being imported, such as a brief description.

<adom_name>

Name of the administrative domain.

<os_type>

The operating system type, such as FortiOS. Options include any, FortiOS, and others.

<os_version>

The operating system version, such as FortiOS. Options include any, 400, and 500.

<platform>

The hardware platform this script can be run on. Options include any, or the model of the device such as Fortigate 60C.

<device_name>

The device name to run this script on. Options include any, or the specific device name as it is displayed on the FortiManager system

<build_number>

The specific build number this script can be run on. Options include any, or the three digit build number. Build numbers can be found in the firmware name for the device.

<hostname>

The host name of the device this script can be run on. Options include any, or the specific host name.

<serial_number>

The serial number of the device this script can be run on. Options include any, or the specific serial number of the device, such as FGT60C3G28033042.

fmscript list

List the scripts on the FortiManager device.

Syntax

execute fmscript list

Example

This is a sample output of the execute fmscript list command.

FMG400C # execute fmscript list

scriptid=8,name=new account profile,type=CLI

scriptid=7,name=import_script,type=CLI

scriptid=6,name=group1,type=CLIGROUP

scriptid=5,name=basic_test,type=CLI

scriptid=3,name=interface info,type=CLI

scriptid=1,name=xml_script1,type=CLI

fmscript run

Run a script on a device, the device’s object database, or on the global database. Only CLI scripts can be run on databases, and they must contain only complete commands. Any scripts that use shortened CLI commands will generate errors.

When a script is run on the database, the device will be updated with any configuration changes the next time the configuration is uploaded from the FortiManager system to the device.

Syntax

execute fmscript run [adom_name] <scriptid_int> <run_on> <dev/grp/pkgid>

Variable

Description

[adom_name]

Name of the administrative domain.

<scriptid_int>

The ID number of the script to run.

<run_on>

Select where to run the script:

  • device: on the device
  • group: on a group
  • devicedb: on the device’s object database
  • adomdb: on a specific package
  • globaldb: on the global database

<dev/grp/pkgid>

Enter the name of the device or group, or the ID of the package, to run the script on.

fmscript showlog

Display the log of scripts that have run on the selected device.

Syntax

execute fmscript showlog <device_name>

Variable

Description

<device_name>

The name of a managed FortiGate device.

Example

This example shows the output of execute fmscript showlog Dev3 that displays the output from a CLI script called xml_script1 that was run on the object database.

execute fmscript showlog Dev3

Starting log

config firewall address

edit 33

set subnet 33.33.33.33 255.255.255.0

config firewall address

edit 33

Running script(xml_script1) on DB success

cdb_find_entry_by_canon,52:parent=1,category=2,key=(null)

fmscript

Use these commands to perform script related actions:

fmscript clean-sched

fmscript copy

fmscript delete

fmscript import

fmscript list

fmscript run

fmscript

fmscript clean-sched

Clean the script schedule table for all non-existing devices.

Syntax

execute fmscript clean-sched

fmscript copy

Copy a script or scripts between ADOMs.

Syntax

execute fmscript copy <adom_name> <script ID> <adom> [<prefix>]

Variable

Description

<adom_name>

The source ADOM name.

<script ID>

The name of the script to copy (0000 = copy all scripts).

<adom>

The destination ADOM name.

[<prefix>]

Assign the conflict prefix. The default is the ADOM name.

fmscript delete

Delete a script from FortiManager.

Syntax

execute fmscript delete <scriptid>

Variable

Description

<scriptid>

The name of the script to delete.

fmscript import

Import a script from an FTP server to FortiManager.

Syntax

execute fmscript import <ftpserver_ipv4> <filename> <username> <password> <scriptname> <scripttype> <comment> <adom_name> <os_type> <os_version> <platform> <device_name> <build_number> <hostname> <serial_number>

Variable

Description

<ftpserver_ipv4>

The IPv4 address of the FTP server.

<filename>

The filename of the script to be imported to the FortiManager system.

<username>

The user name used to access the FTP server.

<password>

The password used to access the FTP server.

<scriptname>

The name of the script to import.

<scripttype>

The type of script as one of CLI or TCL.

<comment>

A comment about the script being imported, such as a brief description.

<adom_name>

Name of the administrative domain.

<os_type>

The operating system type, such as FortiOS. Options include any, FortiOS, and others.

<os_version>

The operating system version, such as FortiOS. Options include any, 400, and 500.

<platform>

The hardware platform this script can be run on. Options include any, or the model of the device such as Fortigate 60C.

<device_name>

The device name to run this script on. Options include any, or the specific device name as it is displayed on the FortiManager system

<build_number>

The specific build number this script can be run on. Options include any, or the three digit build number. Build numbers can be found in the firmware name for the device.

<hostname>

The host name of the device this script can be run on. Options include any, or the specific host name.

<serial_number>

The serial number of the device this script can be run on. Options include any, or the specific serial number of the device, such as FGT60C3G28033042.

fmscript list

List the scripts on the FortiManager device.

Syntax

execute fmscript list

Example

This is a sample output of the execute fmscript list command.

FMG400C # execute fmscript list

scriptid=8,name=new account profile,type=CLI

scriptid=7,name=import_script,type=CLI

scriptid=6,name=group1,type=CLIGROUP

scriptid=5,name=basic_test,type=CLI

scriptid=3,name=interface info,type=CLI

scriptid=1,name=xml_script1,type=CLI

fmscript run

Run a script on a device, the device’s object database, or on the global database. Only CLI scripts can be run on databases, and they must contain only complete commands. Any scripts that use shortened CLI commands will generate errors.

When a script is run on the database, the device will be updated with any configuration changes the next time the configuration is uploaded from the FortiManager system to the device.

Syntax

execute fmscript run [adom_name] <scriptid_int> <run_on> <dev/grp/pkgid>

Variable

Description

[adom_name]

Name of the administrative domain.

<scriptid_int>

The ID number of the script to run.

<run_on>

Select where to run the script:

  • device: on the device
  • group: on a group
  • devicedb: on the device’s object database
  • adomdb: on a specific package
  • globaldb: on the global database

<dev/grp/pkgid>

Enter the name of the device or group, or the ID of the package, to run the script on.

fmscript showlog

Display the log of scripts that have run on the selected device.

Syntax

execute fmscript showlog <device_name>

Variable

Description

<device_name>

The name of a managed FortiGate device.

Example

This example shows the output of execute fmscript showlog Dev3 that displays the output from a CLI script called xml_script1 that was run on the object database.

execute fmscript showlog Dev3

Starting log

config firewall address

edit 33

set subnet 33.33.33.33 255.255.255.0

config firewall address

edit 33

Running script(xml_script1) on DB success

cdb_find_entry_by_canon,52:parent=1,category=2,key=(null)