Alan's sysadmin Blog

Working smarter not harder

Bulk addition of Fortigate Firewall Addresses

Posted by Alan McBurney on September 24, 2015


During a recent Office 365 Exchange Hybrid project I had the need to lock down the on-premises Exchange servers to the Exchange Online IP addresses.

The published list from Microsoft is quite long and I didn’t fancy adding the address manually to the firewall, so I decided to use regex to edit the list into a format that I could then paste directly to the firewall via SSH.

I took the list from Microsoft and added this to NotePad++, where I then did a find and replace using the below Regex commands. (The inital list of IPs need to be in the format x.x.x.x/x for this to work properly)

Find
(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(/\d{2})

Replace
edit ExchangeOnline-$1.$2.$3.$4\nset subnet $1.$2.$3.$4$5\nnext\n

Using the above regex commands takes a list of IP’s in the format

23.103.160.0/20
23.103.224.0/19
40.96.0.0/16
40.97.0.0/16
40.98.0.0/16

and creates the necessary Fortigate commands

edit ExchangeOnline-23.103.160.0
set subnet 23.103.160.0/20
next

edit ExchangeOnline-23.103.224.0
set subnet 23.103.224.0/19
next

edit ExchangeOnline-40.96.0.0
set subnet 40.96.0.0/16
next

edit ExchangeOnline-40.97.0.0
set subnet 40.97.0.0/16
next

edit ExchangeOnline-40.98.0.0
set subnet 40.98.0.0/16
next

edit ExchangeOnline-40.99.0.0
set subnet 40.99.0.0/16
next

edit ExchangeOnline-40.100.0.0
set subnet 40.100.0.0/16
next

edit ExchangeOnline-40.101.0.0
set subnet 40.101.0.0/16
next

Once SSH’d onto the Fortigate, the command to create the object is

config firewall address

Then simply copy and paste the code from Notepad++ and the end result is as below.

2015-09-24_11-50-34

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: