Using custom properties profiles to upload custom scripts
If you use custom scripts that you manually upload to the NGFW Engine, you can instead add the scripts to Custom Properties Profile elements.
If the custom properties profile is referenced in the configuration of the NGFW Engine, the script is automatically uploaded to all the NGFW Engine nodes when the policy is installed.
For example, if you use a custom script for the External Test for the NGFW Engine, you can use a custom properties profile to upload the script to the NGFW Engine. If the script is uploaded to the default location, you can refer to /data/config/policy/latest/scripts/[script_name] in the properties of the External Test.
This feature is supported on the NGFW Engine in the Firewall, IPS, and Layer 2 Firewall roles. For Virtual NGFW Engines, add the custom properties profile to the Master NGFW Engine.
You can upload custom scripts to the following paths:
/data
/data/config/base
/data/config/hooks/online
/data/config/hooks/offline
/data/config/hooks/standby
/data/config/hooks/policy-applied
/data/config/hooks/ve-active
/data/config/hooks/ve-deactive
In the custom properties profile, you can define additional attributes that your script can use. Additional attributes and their values are saved to the same location as your custom script in a file named <script_name>_allow. One attribute per line is stored in the file in the following format:
<attribute name>:<attribute value>
my_script.sh
my_script.sh_allow
The file
my_script.sh_allow contains the following: test_attribute1:1
test_attribute2:2
For script examples, see Knowledge Base article 18290.