Alan's sysadmin Blog

Working smarter not harder

Posts Tagged ‘FortiGate’

Bulk addition of Fortigate Firewall Addresses

Posted by Alan McBurney on September 24, 2015

During a recent Office 365 Exchange Hybrid project I had the need to lock down the on-premises Exchange servers to the Exchange Online IP addresses.

The published list from Microsoft is quite long and I didn’t fancy adding the address manually to the firewall, so I decided to use regex to edit the list into a format that I could then paste directly to the firewall via SSH.

I took the list from Microsoft and added this to NotePad++, where I then did a find and replace using the below Regex commands. (The inital list of IPs need to be in the format x.x.x.x/x for this to work properly)

Find
(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})(/\d{2})

Replace
edit ExchangeOnline-$1.$2.$3.$4\nset subnet $1.$2.$3.$4$5\nnext\n

Using the above regex commands takes a list of IP’s in the format

23.103.160.0/20
23.103.224.0/19
40.96.0.0/16
40.97.0.0/16
40.98.0.0/16

and creates the necessary Fortigate commands

edit ExchangeOnline-23.103.160.0
set subnet 23.103.160.0/20
next

edit ExchangeOnline-23.103.224.0
set subnet 23.103.224.0/19
next

edit ExchangeOnline-40.96.0.0
set subnet 40.96.0.0/16
next

edit ExchangeOnline-40.97.0.0
set subnet 40.97.0.0/16
next

edit ExchangeOnline-40.98.0.0
set subnet 40.98.0.0/16
next

edit ExchangeOnline-40.99.0.0
set subnet 40.99.0.0/16
next

edit ExchangeOnline-40.100.0.0
set subnet 40.100.0.0/16
next

edit ExchangeOnline-40.101.0.0
set subnet 40.101.0.0/16
next

Once SSH’d onto the Fortigate, the command to create the object is

config firewall address

Then simply copy and paste the code from Notepad++ and the end result is as below.

2015-09-24_11-50-34

Posted in Exchange 2013, Exchange Online, FortiGate, Office 365 | Tagged: , , , | Leave a Comment »

The CMDB Entry Failed

Posted by Alan McBurney on September 23, 2011

OK, so I’ve been trying to add some Virtual IP Mappings on a FortiGate 200A running firmware v4.0,build0441,110318 (MR3)

Everytime I try to add a VIP via the web interface I get the following error

The cmdb add entry failed

The firewall still allows the rules to be added via the CLI but the web interface is a no go.

The solution for me was to reboot the FortiGate

Posted in FortiGate | Tagged: , | 7 Comments »