NGFW Engine scripts run when the NGFW Engine changes its state.
The script names and locations cannot be changed. If the scripts are not found, engine operation continues as normal. If a script is found, it is executed and a log entry is created. To stop scripts from running, you must delete or move the script.
Note: If you want to use a script in a cluster, create or copy the script on all nodes in the cluster. Then all nodes function in the same way when their state changes.
Steps
-
Create a text file with the commands you want the engine to execute (the first line of the script must be
#!/bin/sh) in one of the following ways:
- Create and edit the script on the engine’s command line using the vi text editor.
- Create and edit the script on a different host and transfer the file to the engine, for example, using SSH.
-
Save the script in the correct folder on the engine.
Table 1. Possible scripts on the engines
| Triggering event |
Script location and name |
| Engine operating system boots |
/data/run-at-boot |
| Administrator refreshes or installs the policy |
/data/run-at-policy-apply |
| Engine enters the Online state |
/data/run-at-online |
| Administrator issued the ‘Lock Online’ command |
/data/run-at-locked-online |
| Engine enters the Offline state |
/data/run-at-offline |
| Administrator issued the ‘Lock Offline’ command |
/data/run-at-locked-offline |
| Engine enters the Standby state |
/data/run-at-standby |
-
Make the file executable by typing the following command:
chmod a+x /data/<script name>
Result
The script is executed whenever the engine encounters the triggering event for running the script.