Using custom properties profiles to upload custom scripts

If you use custom scripts that you manually upload to the NGFW Engine, you can instead add the scripts to Custom Properties Profile elements.

If the custom properties profile is referenced in the configuration of the NGFW Engine, the script is automatically uploaded to all the NGFW Engine nodes when the policy is installed.

For example, if you use a custom script for the External Test for the NGFW Engine, you can use a custom properties profile to upload the script to the NGFW Engine. If the script is uploaded to the default location, you can refer to /data/config/policy/latest/scripts/[script_name] in the properties of the External Test.

This feature is supported on the NGFW Engine in the Firewall, IPS, and Layer 2 Firewall roles. For Virtual NGFW Engines, add the custom properties profile to the Master NGFW Engine.

You can upload custom scripts to the following paths:

/data
/data/config/base
/data/config/hooks/online
/data/config/hooks/offline
/data/config/hooks/standby
/data/config/hooks/policy-applied
/data/config/hooks/ve-active
/data/config/hooks/ve-deactive
Note: The scripts are not encrypted, even if the NGFW Engine configuration is otherwise encrypted.

In the custom properties profile, you can define additional attributes that your script can use. Additional attributes and their values are saved to the same location as your custom script in a file named <script_name>_allow. One attribute per line is stored in the file in the following format:

<attribute name>:<attribute value>
In this example, /data/my_script.sh has the additional attributes test_attribute1 with the value 1 and test_attribute2 with the value 2. In the /data directory, there are two files:
my_script.sh
my_script.sh_allow
The file my_script.sh_allow contains the following:
test_attribute1:1
test_attribute2:2

For script examples, see Knowledge Base article 18290.

Note: Custom scripts for the NGFW Engine and custom scripts for Alert Chains in the SMC are configured separately and are separate scripts.