What scripts are you always running? Can you use this feature to make your life easier? It is time to focus on the bigger issues while the little ones get done automagically!
Always great content! Thanks for sharing! Would love to see video on multicast forwarding between VLANs (something a bit more indepth than the one on printing between VLANs).
Thanks for sharing! It would be feasible to use this to import new AD users (creating local users via Ldap) to use two factor authentication (fortitokens)? And the other way around; to get rid of local users if they are no longer present in AD. We know that Fortiauthenticator is the best option, but I'm asking just in case it can be done without it. Regards,
Hi, On the Windows \ client side computer ONLY (forticlient 6.0.9), from a command line (cmd) I can run a "start / w FCVbltScan.exe" which searches for security vulnerabilities. Then I would like to launch a command line which would automatically correct the flaws found, what should I type? It's to automate all this in a script...
Hi is possibile creat a autmation trigger for this event: if type="event" subtype="system" level="critical" msg="Kernel enters memory conserve mode" logdesc="Memory conserve mode entered" conserve="on" then diag sys top 1 10 get sys perf stat diag debug crashlog read and send the output of this commands? thanks so much,
The easiest way is to go to the GUI and start it there. Auto is what most folks end up using though. Use case for manual is that you don’t want it to happen right away so you can kick it off at a specific time.
I wanted to do a script to update my sit-tunnel automatically. I use my 60F at home with my DSL and PPPoE gets a different public IP sometimes. IPv6 is provided using 6rd (IPv6 rapid depoyment), works fine with a sit-tunnel on the Fortigate. Only problem is when the public IP changes, I have to manually update the sit-tunnel with the new IPv6 address. You take the 4 octets from the IPv4 address, convert to hex, add the prefix and assign that IP to the sit-tunnel. Not sure how I'd do that with a script on the Fortigate itself.
Awesome videos Mike, I do have 1 question. Is it possible to create a script to backup configuration automatically & save it to custom destination like OneDrive folder or something?
I have a video coming about backups specifically but yes you can backup to a remote location. Needs to be a command the device can execute though. So backup to ftp/sftp etc is supported.
So if you wanted to run every day at a specific time, say 10pm, would you have to add that to the config at 10pm and then it would run for the first time 24 hours later?
Fortinet support has told me to restart the wad daemon you need to use wad 99 and they've also told me wad 97. I've gotten conflicting information from multiple engineers....
Fortinet Guru you will be better for sure just play and play. Just like you do on fortigates when you are still starting and look at you now an expert already on “playing” fortigates 😎👌 now many viewers learned a lot from your videos.
What scripts are you always running? Can you use this feature to make your life easier? It is time to focus on the bigger issues while the little ones get done automagically!
I would like to see one arm sniffer video
Sounds like a plan
Awesome and highly useful video, mate!!! I think we all want more and more of those. Short, to the point and sweet 😉
Thanks. Trying to be as helpful as possible!
Always great content! Thanks for sharing! Would love to see video on multicast forwarding between VLANs (something a bit more indepth than the one on printing between VLANs).
Will add it to the list sir!
Your tshirt is on-point!
Thanks for the video, is it possible to automate the configuration backup of the fortimanager? If yes. How?
Thanks for sharing! It would be feasible to use this to import new AD users (creating local users via Ldap) to use two factor authentication (fortitokens)? And the other way around; to get rid of local users if they are no longer present in AD. We know that Fortiauthenticator is the best option, but I'm asking just in case it can be done without it. Regards,
HI @Fortinet Guru, is there possible automate configure interface via fortimanager with scripts? so call zero touch provision.
I love your t-shirt!
Thanks Nazareno!
Hi,
On the Windows \ client side computer ONLY (forticlient 6.0.9), from a command line (cmd) I can run a "start / w FCVbltScan.exe" which searches for security vulnerabilities.
Then I would like to launch a command line which would automatically correct the flaws found, what should I type?
It's to automate all this in a script...
Great stuff. It will help me on a project I am working on. Thanks Mike
Hi is possibile creat a autmation trigger for this event:
if
type="event" subtype="system" level="critical" msg="Kernel enters memory conserve mode" logdesc="Memory conserve mode entered" conserve="on"
then
diag sys top 1 10
get sys perf stat
diag debug crashlog read
and send the output of this commands?
thanks so much,
Excellent video. Was wondering how would I trigger a manual script (forgive the basic question but I just starting down this road)?
The easiest way is to go to the GUI and start it there. Auto is what most folks end up using though. Use case for manual is that you don’t want it to happen right away so you can kick it off at a specific time.
I wanted to do a script to update my sit-tunnel automatically. I use my 60F at home with my DSL and PPPoE gets a different public IP sometimes. IPv6 is provided using 6rd (IPv6 rapid depoyment), works fine with a sit-tunnel on the Fortigate. Only problem is when the public IP changes, I have to manually update the sit-tunnel with the new IPv6 address. You take the 4 octets from the IPv4 address, convert to hex, add the prefix and assign that IP to the sit-tunnel. Not sure how I'd do that with a script on the Fortigate itself.
How do you run the script at a specific time ?
Awesome videos Mike, I do have 1 question.
Is it possible to create a script to backup configuration automatically & save it to custom destination like OneDrive folder or something?
I have a video coming about backups specifically but yes you can backup to a remote location. Needs to be a command the device can execute though. So backup to ftp/sftp etc is supported.
@@FortinetGuru Thanks mike
LOL! Your shirt is amazing!
Do you have a script to help me check all VPN tunnels and then up the tunnels which are down daily automatically? Thanks in advance!
Awesome!
So if you wanted to run every day at a specific time, say 10pm, would you have to add that to the config at 10pm and then it would run for the first time 24 hours later?
You would set the mode to manual and start it at 10PM the first time.
@@FortinetGuru hm..not easy when i want to start the script at midnight..e.g. backup
Where the conf file saves?
Fortinet support has told me to restart the wad daemon you need to use wad 99 and they've also told me wad 97. I've gotten conflicting information from multiple engineers....
I have always used 99. I believe most Fortinet documentation in their KB articles claims the same.
Nice one mate
Thanks!
Can you share the GUI part as well?
I will be
Thank you for sharing
No problem at all
how to take a fortigate backup everyday by auto script
Fortinet guro + guitar = fortinet guitarist guro 🤔👌👌👌👌
I need to get better at playing it before I go that far LOL
Fortinet Guru you will be better for sure just play and play. Just like you do on fortigates when you are still starting and look at you now an expert already on “playing” fortigates 😎👌 now many viewers learned a lot from your videos.