This article describes how to configure an automation script for moving an address object from one group to another group at a specified time.
Scope
FortiGate.
Solution
Present address groups:
fermion-kvm26 (addrgrp) # show config firewall addrgrp edit "Before" set uuid 28c35ce8-5317-51ef-2bbb-2dc1e3a54755 set member "gmail.com" "testchange" next edit "After" set uuid 30ec5c44-5317-51ef-95b5-2b38a79a2a87 next end
Requirement:
Move the address object ‘testchange’ from address group ‘Before’ to address group ‘After’ on 5th Aug, 2024 at 3:46 AM.
Step 1: Configure Automation Trigger for a specific time as per the requirement.
From GUI: go under Security Fabric > Automation > Trigger and select ‘Create New‘.
From CLI:
config system automation-trigger edit "Change addressgroup" set trigger-type scheduled set trigger-frequency once set trigger-datetime 2024-08-05 03:46:00 next end
Step 2: Configure Automation Action with the action-type as cli-script:
FromGUI: under Security Fabric > Automation > Action, select ‘Create New‘ > CLI Script.
From CLI:
config system automation-action edit "Change_addressobject" set action-type cli-script set script "config firewall addrgrp edit \"Before\" set member \"gmail.com\" next edit \"After\" set member \"testchange\" next end" set accprofile "super_admin" next end
Step 3: Create an Automation Stitch to use the trigger and action configured above.
From GUI: under Security Fabric > Automation > Stitch, select ‘Create New‘.
From CLI:
config system automation-stitch edit "Change addressgroup" set trigger "Change addressgroup" config actions edit 1 set action "Change_addressobject" set required enable next end next end
Script execution as per the specified time:
Address groups after the script is executed:
fermion-kvm26 (addrgrp) # show config firewall addrgrp edit "Before" set uuid 28c35ce8-5317-51ef-2bbb-2dc1e3a54755 set member "gmail.com" next edit "After" set uuid 30ec5c44-5317-51ef-95b5-2b38a79a2a87 set member "testchange" next end