Jinja Filters and Functions in
CLI Templates
FortiManager 7.4
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com
FORTINET VIDEO GUIDE
https://video.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT
https://support.fortinet.com
FORTINET TRAINING & CERTIFICATION PROGRAM
https://www.fortinet.com/training-certification
FORTINET TRAINING INSTITUTE
https://training.fortinet.com
FORTIGUARD CENTER
https://www.fortiguard.com
END USER LICENSE AGREEMENT
https://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK
Email: techdoc@fortinet.com
August 31, 2023
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
05-740-916620-20230831
TABLE OF CONTENTS
Change Log
Introduction
Supported filters and functions
4
5
6
Basic syntax
StrictUndefined
Whitepsace control
Escaping
Control structure
Assignment
If statements
For loop
Macros
Call
Import and Include
IP address filter modules
6
7
7
8
9
9
10
10
12
13
14
15
FortiManager meta variables in Jinja
References
26
27
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
3
Change Log
Date
Change Description
2023-08-31
Initial release.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
4
Introduction
Introduction
What is Jinja?
Jinja is a fast and extensible templating engine. It utilizes special placeholders, or variables, in templates with a Pythonlike syntax. Once data is passed to the template, the variables are replaced with values and a final template is rendered.
How FortiManager supports Jinja
Beginning in version 7.0.1, FortiManager's CLI templates include support for Jinja 2.11 and Ansible's ipaddr filter
module. When creating CLI templates, you can use Jinja and ipaddr filters with metadata variables to create scalable,
dynamic templates which can be applied to managed devices.
Various Jinja utilities are supported within FortiManager CLI templates including built-in filters and tests.
For information on how to configure FortiManager CLI templates using Jinja, see the FortiManager Admin Guide.
For an example of how Jinja can be used to configure SD-WAN branch devices in FortiManager, see Branch
configuration using FortiManager Jinja2 CLI templates.
Notations used in this document
In this document, the following notations are used:
l
Text: indicates a script component.
l
# Text: indicates a comment within the script.
l
>> Text: indicates the execution result of the script.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
5
Supported filters and functions
Supported filters and functions
The following utilities are supported on FortiManager:
l
All of Jinja 2.11 operations, built-in filters and tests.
l
Ansible's ipaddr filters.
l
Python 3.8's built-in functions.
l
Jinja’s import and include.
A Jinja template can only import other Jinja templates from the same ADOM on FortiManager.
This section includes the following:
l
Basic syntax on page 6
l
StrictUndefined on page 7
l
Whitepsace control on page 7
l
Escaping on page 8
l
Control structure on page 9
l
IP address filter modules on page 15
Basic syntax
The following basic Jinja syntax is supported in CLI templates:
l
Expressions (printed to template outputs): {{ ... }}
l
Statements (not printed to outputs): {% ...%}
l
Comments: {# ... #}
l
Line statements are not supported.
Example
# print a variable within a sentence:
# var = 'username'
Please input {{var}}:
>> Please input username
# use a filter:
{{ var | capitalize }}
>> Username
# use a filter with arguments
{{ "%s, %s!"|format("Hello", "world") }}
>> Hello, world!
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
6
Supported filters and functions
# if statement
{% if stmt == True $}
Print this sentence only when stmt is True
{% endif %}
# Comment
{# This is a comment #}
This line is printed.
>> This line is printed
StrictUndefined
On FortiManager, Jinja has the StrictUndefined option enabled.
Under this setting, metadata variables without a value will result in errors during runtime. If a variable may be undefined,
the check for its value should be explicit, otherwise it will result in an error.
Example
{% if var is defined %}
{{ var }}
{% endif %}
Whitepsace control
FortiManager uses the default Jinja configuration for whitespace control:
l
A single trailing newline is stripped if present.
l
Other whitespace (spaces, tabs, and newlines) are returned unchanged.
To manually strip whitespace characters, a minus sign (-) can be added to the start or end of a block, a comment, or a
variable expression to remove the whitespace before or after the block.
Example
{% set seq = ['a', 'b', 'c'] %}
No Strip:
{% for item in seq %}
{{ item }}
{% endfor %}
>>
No Strip:
a
b
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
7
Supported filters and functions
c
Strip empty lines:
{% for item in seq -%}
{{ item }}
{% endfor %}
>>
Strip empty lines:
a
b
c
Strip both start and end spaces:
{% for item in seq -%}
{{ item }}
{%- endfor %}
>>
Strip both start and end spaces:
abc
Print loop result in same line:
{%- for item in seq -%}
{{ item }}
{%- endfor %}
>>
Print loop result in same line:abc
Escaping
Keyword escaping follows Jinja’s rule for escaping.
Example
# escape {{ by using variable expression
{{ "{{" }}
>> {{
# escape the whole section
{% raw %}
<ul>
{% for item in seq %}
<li>{{ item }}</li>
{% endfor %}
</ul>
{% endraw %}
>>
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
8
Supported filters and functions
<ul>
{% for item in seq %}
<li>{{ item }}</li>
{% endfor %}
</ul>
To escape special characters in a string, the same rule for Python's escaping character applies by adding \ before the
special characters.
You can also use tojson to render the string as a JSON string:
Example
{% set f = "Function(\"a\", \"b\")" %}
{{f}}
{{f|tojson}}
>>
Function("a", "b")
"Function(\"a\", \"b\")"
Control structure
FortiManager supports the following Jinja control structures:
l
Assignment on page 9
l
If statements on page 10
l
For loop on page 10
l
Macros on page 12
l
Call on page 13
l
Import and Include on page 14
Assignment
Aside from using Meta Variables from FortiManager, Jinja allows users to define new variable or change variables'
values within the template.
Variables created within a scope cannot be used outside the scope.
Example
# assign a string value
{% set var = "This is a string" %}
# assign a number
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
9
Supported filters and functions
{% set var = 42 %}
# assign a list
{% set var = [1,2,3] %}
# assign a dict
{% set var = {'name':'username', 'type':'string'} %}
If statements
Comparable with Python's if statement. It can be used to test if a variable is defined.
Example
{% if var is defined %}
Var has value: {{var}}
{% endif %}
Due to the StrictUndefined option, syntax like {% if var%} is not allowed and will
cause an exception to be raised.
elif and else can be used for multiple branches.
Example
{% if var.attr0 is defined %}
attribute 0 is defined for var.
{% elif var.attr1 is defined %}
attribute 1 is defined for var.
{% else %}
Neither attribute is defined for var.
{% endif %}
In line syntax is also supported
Example
{{ "Print this sentence" if var is defined }}
For loop
Loop over each item in a sequence. It's also used to loop through list or dict.
Example
# for loop with list
# list = ["item0", "item1", "item2"]
{% for item in list %}
{{item}}
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
10
Supported filters and functions
{% endfor %}
>>
item0
item1
item2
# for loop with dict
# dc = {'key0':'val0;, 'key1':'val1'}
{% for key, val in dc.items() %}
{{key}}:{{val}}
{% endfor %}
>>
key0:val1
key1:val2
Note that Python's dict isn't sorted. To output sorted result, the dictsort filter is available
There's no break or continue within the loop, but conditions can be used in the loop to skip certain elements.
Example
{% for user in users if not user.hidden %}
{{user.username}}
{% endfor %}
Built-in Variables:
Within the loop, a set of variables are available:
Variable
Description
loop.index
The current iteration of the loop. (1 indexed)
loop.index0
The current iteration of the loop. (0 indexed)
loop.revindex
The number of iterations from the end of the loop. (1 indexed)
loop.revindex0
The number of iterations from the end of the loop. (0 indexed)
loop.first
True if first iteration.
loop.last
True if last iteration.
loop.length
The number of items in the sequence.
loop.cycle
Cycle through a list of items within the loop. See below
loop.depth
Indicates how deep in a recursive loop the rendering currently is. Starts
at level 1
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
11
Supported filters and functions
Variable
Description
loop.depth0
Indicates how deep in a recursive loop the rendering currently is. Starts
at level 0
loop.previtem
The item from the previous iteration of the loop. Undefined during the
first iteration.
loop.nextitem
The item from the following iteration of the loop. Undefined during the
last iteration.
loop.changed(*val)
True if previously called with a different value (or not called at all).
loop.cycle can be used to cycle through a list of entries within the loop each time it's executed.
Example
{% for i in range(4) %}
{{i}}:{{loop.cycle("even","odd")}}
{% endfor %}
>>
0:even
1:odd
2:even
3:odd
Macros
Macros are comparable to functions in other programming languages.
Example
{% macro input(name, value='', type='text', size=20) -%}
<input type="{{ type }}" name="{{ name }}" value="{{
value|e }}" size="{{ size }}">
{%- endmacro %}
<p>{{ input('username') }}</p>
<p>{{ input('password', type='password') }}</p>
>>
'<p><input type="text" name="username" value="" size="20"></p>'
'<p><input type="password" name="password" value="" size="20"></p>'
Similar to loop, some predefined variables are available within macros.
Variable
Description
varargs
If more positional arguments are passed to the macro than accepted by the
macro, they end up in the special varargs variable as a list of values.
kwargs
Like varargs but for keyword arguments. All unconsumed keyword arguments
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
12
Supported filters and functions
Variable
Description
are stored in this special variable.
caller
If the macro was called from a call tag, the caller is stored in this variable as a
callable macro.
These attributes of macro are also available to use:
Variable
Description
name
The name of the macro. e.g. {{input.name}} will print input
arguments
A tuple of the names of arguments the macro accepts.
defaults
A tuple of default values.
catch_kwargs
This is true if the macro accepts extra keyword arguments (i.e.: accesses the
special kwargs variable)
catch_varargs
This is true if the macro accepts extra positional arguments (i.e.: accesses the
special varargs variable)
caller
This is true if the macro accesses the special caller variable and may be
called from a call tag.
Call
call is used to pass a macro into another macro.
Example
{% macro prompt_message(prompt) -%}
{{ prompt }}: {{ caller() }}
{%- endmacro %}
{% call prompt_message('message')%}
This is a test message
{% endcall %}
>>
message:
This is a test message
call can also be used within arguments.
Example
{% macro dump_users(profiles) -%}
config system interface
{%- for p in profiles %}
{%- set ip = "192.168.1"~p %}
{%- set profile = "port"~p %}
edit "{{profile}}"
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
13
Supported filters and functions
{{ caller(ip) }}
next
{%- endfor %}
end
{%- endmacro %}
{% call(ip) dump_users(range(2,4)) -%}
set vdom root
set ip {{ip}} 255.255.255.0
{%- endcall %}
>>
config system interface
edit "port2"
set vdom root
set ip 192.168.12 255.255.255.0
next
edit "port3"
set vdom root
set ip 192.168.13 255.255.255.0
next
end
Import and Include
With Jinja, it is possible to import another template into the current template by using import and include
functionality.
Import is used to import predefined macros into the current template, by putting the whole content into a variable:
Example
# Template Name: header
{% macro wrap(text, num)-%}
edit port{{num}}
{{text}}
next
{%- endmacro %}
# Template Name: main
{% import 'header' as header %}
config system interface
{% for i in range(2,4) -%}
{{header.wrap("set status down", i)}}
{% endfor -%}
end
An alternative way of writing it by only loading specific macros into variables:
Example
{% from 'header' import wrap as port_wrap %}
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
14
Supported filters and functions
config system interface
{% for i in range(2,4) -%}
{{port_wrap("set status down", i)}}
{% endfor -%}
end
include directly renders the included template in the current location:
Example
{% include 'header' %}
text here
{% include 'footer' %}
If the included template isn't guaranteed to exist, ignore missing can be used to skip the include:
Example
{% include 'extra' ignore missing %}
Several templates can be included in order by putting them into a list:
Example
{% include ['temp0', 'temp1'] ignore missing %}
On FortiManager, if a template is a Jinja template, it can import or include other Jinja templates, and be
imported/included as well.
IP address filter modules
ipaddr is a Jinja filter provided by Ansible, serving as an interface to the netaddr Python package. With this module,
various filters can be used to modify or filter strings or lists of items, testing to check if they are valid IP addresses,
hostnames and more, and manipulating input data to extract required information. It comes with a list of Jinja filters that
can easily manipulate with IP addresses.
Example
{{ “192.168.1.24” | ipaddr }}
>> "192.168.1.24"
# var = " 192.168.0.37/24 "
{{ var | trim | ipaddr }}
>> "192.168.0.37/24"
{{ ["192.168.1.15/24", "host.fqdn", 19274058] | ipaddr }}
>> ['192.168.2.1/24', '1.38.25.74']
{{ "random_string" | ipaddr }}
>> False
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
15
Supported filters and functions
ipaddr API list:
l
cidr_merge(action) on page 16
l
ipaddr([action[, arg]]) on page 16
l
ipmath(arg) on page 21
l
ipwrap on page 22
l
ip4_hex([delimiter]) on page 22
l
ipv4 on page 22
l
ipv6 on page 22
l
ipsubnet([subnet/prefix]) / ipsubnet([cidr[, index]]) on page 22
l
ipaddr([action[, arg]]) on page 16
l
next_nth_usable(n) / previous_nth_usable(n) on page 24
l
network_in_network(arg) / network_in_usable(arg) on page 24
l
reduce_on_network(arg) on page 24
l
nthhost(n) on page 25
l
slaac(arg) on page 25
l
hwaddr([arg]) on page 25
l
macaddr([arg]) on page 25
cidr_merge(action)
This filter merges subnets and addresses into a minimal representation. The default action is merge. If span is used, it
instead returns the smallest subnet which contains all inputs.
action: merge, span
Example
{{ ['192.168.0.0/17', '192.168.128.0/17', '192.168.128.1' ] | cidr_merge }}
>> ['192.168.0.0/16']
{{ ['192.168.0.0/24', '192.168.1.0/24', '192.168.3.0/24'] | cidr_merge }}
>> ['192.168.0.0/23', '192.168.3.0/24']
{{ ['192.168.0.0/24', '192.168.3.0/24'] | cidr_merge('span') }}
>> '192.168.0.0/22'
{{ ['192.168.1.42', '192.168.42.1'] | cidr_merge('span') }}
>> '192.168.0.0/18'
ipaddr([action[, arg]])
Return the value if query is true, and False if otherwise.
action: 6to4, address, bool, broadcast, cidr, first_usable, host, hostmask, int, ip, ip/prefix, ip_
netmask, #, ip_wildcard, ipv4, ipv6, last_usable, link-local, lo, loopback, multicast, net, next_
usable, netmask, network, network_id, network/prefix, network_netmask, network_wildcard, peer,
prefix, previous_usable, private, public, range_usable, revdns, size, size_usable, subnet, type,
unicast, v4, v6, version, wildcard, wrap.
deprecated: address/prefix, gateway, gw, host/prefix, hostnet, router
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
16
Supported filters and functions
Action:
l
6to4: Convert IPv4 address to equivalent IPv6 address in 2002::/16 range.
Example
{{ '193.0.2.0' | ipaddr('6to4') }}
>> '2002:c100:0200::1/48'
l
address: Return only IP address. Return False when input is an IP network.
Example
{{ '192.168.2.3' | ipaddr('address') }}
>> '192.168.2.3'
{{ 'random string' | ipaddr('address') }}
>> False
l
bool: Return True when the value is an IP address or network.
Example
{{ '192.168.2.3' | ipaddr('bool') }}
>> True
l
broadcast: Return the broadcast address of the given IP address.
Example
{{ '192.168.2.3' | ipaddr('broadcast') }}
>> None
{{ '192.168.2.3/16' | ipaddr('broadcast') }}
>> '192.168.255.255'
l
cidr: Return the CIDR address representation of the given IP address.
Example
{{ '192.168.2.3' | ipaddr('cidr') }}
>> '192.168.2.3/32'
{{ "3232236057/16" | ipaddr('cidr')}}
>> '192.168.2.25/16'
l
first_usable / last_usable / next_usable / previous_usable: Return the first/last/next/previous
usable IP address in the given subnet. Return None when no usable IP can be found.
Example
{{ '192.168.2.25/16' | ipaddr('first_usable') }}
>> '192.168.0.1'
{{ '192.168.2.25/16' | ipaddr('last_usable') }}
>> '192.168.255.254'
{{ '192.168.2.25/16' | ipaddr('next_usable') }}
>> '192.168.2.26'
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
17
Supported filters and functions
{{ '192.168.2.25/16' | ipaddr('previous_usable') }}
>> '192.168.2.24'
l
host: Automatically calculate the CIDR prefix of the given IP address.
Example
{{ ['192.24.2.1', '::1', 'fe80::100'] | ipaddr('host') }}
>> ['192.24.2.1/32', '::1/128', 'fe80::100/10']
l
hostmask: Return the host mask of the given IP address.
Example
{{ '192.24.2.1/16' | ipaddr('host') }}
>> '0.0.255.255'
{{ '192.24.2.1' | ipaddr('host') }}
>> '0.0.0.0'
l
int / ip / ip/prefix / ip_netmask: Return int representation / IP address only / as IP/prefix representation / as
'IP netmask' representation of an IP address.
Example
{{ '192.168.2.25/24' | ipaddr('int') }}
>> '3232236057/24'
{{ '192.168.2.25/24' | ipaddr('ip') }}
>> '192.169.2.25'
{{ '192.168.2.25/24' | ipaddr('ip/prefix') }}
>> '192.169.2.25/24'
{{ '192.168.2.25/24' | ipaddr('ip_netmask') }}
>> '192.169.2.25 255.255.255.0'
l
ipv4: Return the IP address if it can be converted to IPv4 address. Return False if otherwise. Note that this is
different from ipv4 filter.
Example
{{ ['192.24.2.1', '::1', 'fe80::100'] | ipaddr('ipv4') }}
>>['192.24.2.1/24', '0.0.0.1/32']
l
ipv6: Return the IP address if it can be converted to IPv6 address. Return False if otherwise. Note this is different
from ipv6 filter.
Example
{{ ['192.24.2.1', '::1', 'fe80::100'] | ipaddr('ipv6') }}
>>['::ffff:192.24.2.1/120', '::1', 'fe80::100']
l
link-local: Return the IP address if it is a Link Local address. Return False if otherwise.
Example
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
18
Supported filters and functions
{{ ['192.16.3.47', '169.254.0.4', 'fe80:45::', 'aa7f:ca49::c225:3dc7:40cb:8377'] |
ipaddr('link-local') }}
>> ['169.254.0.4', 'fe80:45::']
l
lo / loopback: Return the IP address if it is a loopback address. Return False if otherwise.
Example
{{ ['10.2.88.15', '127.0.0.2', '::1', '::2'] | ipaddr('loopback') }}
>> ['127.0.0.2', '::1']
l
multicast / unicast: Return the IP address if it is a multicast/unicast address. Return False if otherwise.
Example
{{ ['245.3.0.24', '224.0.1.22', 'ffa4::/16', 'fda8::/16'] | ipaddr('multicast') }}
>> ['224.0.1.22', 'ffa4::/16']
{{ ['245.3.0.24', '224.0.1.22', 'ffa4::/16', 'fda8::/16'] | ipaddr('unicast') }}
>> ['245.3.0.24', 'fda8::/16']
l
net: Return the IP address if it represents a network. Return False if otherwise.
Example
{{ ['192.168.1.0/24', '23.75.40.2/16'] | ipaddr('net') }}
>> ['192.168.1.0/24']
l
netmask: Return the netmask of the given IP address.
Example
{{ '192.168.23.2/16' | ipaddr('netmask') }}
>> '255.255.0.0'
l
network / network_id: Return the network of the given IP address.
Example
{{ '192.168.2.14/16' | ipaddr('network')}}
>> '192.168.0.0'
l
network/prefix / subnet: Return the network/prefix representation of the given IP address.
Example
{{ '192.168.5.3/16' | ipaddr('subnet') }}
>> '192.168.0.0/16'
l
network_netmask: Return the "network netmask" representation of the given IP address.
Example
{{ '192.168.5.3/16' | ipaddr('network_netmask') }}
>> '192.168.0.0 255.255.0.0'
l
network_wildcard: Return the "network wildcard" representation of the given IP address.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
19
Supported filters and functions
Example
{{ '192.168.5.3/16' | ipaddr('network_wildcard') }}
>> '192.168.0.0 0.0.255.255'
l
peer: Return the peer IP address for a point-to-point link. Raise an error if the given IP address isn't a point-to-point
network.
Example
{{ '192.168.122.1/31' | ipaddr('peer') }}
>> 192.168.122.0
{{ '192.168.122.1/30' | ipaddr('peer') }}
>> 192.168.122.2
l
prefix: Return the prefix of the given IP address.
Example
{{ '192.169.2.32/24' | ipaddr('prefix') }}
>> 24
l
private / public: Return the IP address if it is accessible from public Internet, or is in private networks. Return
False if otherwise.
Example
{{ ['10.2.3.44', '8.8.8.8'] | ipaddr('private') }}
>> ['10.2.3.44']
{{ ['10.2.3.44', '8.8.8.8'] | ipaddr('public') }}
>> ['8.8.8.8']
l
range_usable: Return the range of usable IP range of the given IP address. The result is in the form of "First_IPLast_IP".
Example
{{ '10.2.5.10/31' | ipaddr('range_usable') }}
>> '10.2.5.10-10.2.5.11'
l
revdns: Convert IP address to PTR record.
Example
{{ ['192.168.2.32', '1169:90f1::7165:b50d:a937:2e2e', ] | ipaddr('revdns') }}
>> ['32.2.168.192.in-addr.arpa.',
'e.2.e.2.7.3.9.a.d.0.5.b.5.6.1.7.0.0.0.0.0.0.0.0.1.f.0.9.9.6.1.1.ip6.arpa.']
l
size / size_usable: Return the size/usable size of the IP range.
Example
{{ '192.168.3.47/16' | ipaddr('size') }}
>> 65536
{{ '192.168.3.47/16' | ipaddr('size_usable') }}
>> 65534
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
20
Supported filters and functions
l
type: Return address if it is an IP address; return network when it represents a network.
Example
{{ ['10.5.33.47', '192.168.0.0/16', 'bbcf:24::/128'] | ipaddr('type') }}
>> ['address', 'network', 'address']
l
version: Return 4 for IPv4 addresses, and 6 for IPv6 addresses.
Example
{{ ['10.5.33.47', '192.168.0.0/16', 'bbcf:24::/128'] | ipaddr('version') }}
>> ['address', 'network', 'address']
l
wildcard: Return the wildcard address for the given IP address.
Example
{{ ['192.168.2.1/16', 'ffa4::/48', ] | ipaddr('wildcard') }}
>> ['0.0.255.255', '::ffff:ffff:ffff:ffff:ffff']
l
wrap: Some configuration files require IPv6 addresses to be “wrapped” in square brackets ([ ]). This argument
wraps the addresses within square brackets.
Example
{{ '886c:a3d0:bf1e:ef67:79bd:9835:0a8f:0f74' | ipaddr('wrap') }}
>> '[886c:a3d0:bf1e:ef67:79bd:9835:a8f:f74]'
ipmath(arg)
This is used to do simple IP math/arithmetic.
Example
# Get the next five addresses based on an IP address
{{ '192.168.1.5' | ipmath(5) }}
>> '192.168.1.10'
# Get the ten previous addresses based on an IP address
{{ '192.168.0.5' | ipmath(-10) }}
>> '192.167.255.251'
# Get the next five addresses using CIDR notation
{{ '192.168.1.1/24' | ipmath(5) }}
>> '192.168.1.6'
# Get the previous five addresses using CIDR notation
{{ '192.168.1.6/24' | ipmath(-5) }}
>> '192.168.1.1'
# Get the previous ten address using cidr notation
# It returns a address of the previous network range
{{ '192.168.2.6/24' | ipmath(-10) }}
>> '192.168.1.252'
# Get the next ten addresses in IPv6
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
21
Supported filters and functions
{{ '2001::1' | ipmath(10) }}
>> '2001::b'
# Get the previous ten address in IPv6
{{ '2001::5' | ipmath(-10) }}
>> '2000:ffff:ffff:ffff:ffff:ffff:ffff:fffb'
ipwrap
Alias of ipaddr('wrap'). Works with both single address and lists.
Example
{{ ['d477:1d43::f868:5b57', '90df:55d2::b50d:a937:2e2e'] | ipwrap }}
>> ['[d477:1d43::f868:5b57]', '[90df:55d2::b50d:a937:2e2e]']
ip4_hex([delimiter])
Returns the hexadecimal representation of IPv4 address, with optional delimiter.
Example
{{ '192.168.1.5' | ip4_hex }}
>> 'c0a80105'
{{ '192.168.1.5' | ip4_hex(':') }}
>> 'c0:a8:01:05'
ipv4
Return IPv4 addresses only. Note this is different from ipaddr('ipv4').
Example
{{ ['192.24.2.1/24', '::1', 'fe80::100'] | ipv4 }}
>> ['192.24.2.1/24']
ipv6
Return IPv6 addresses only. Note this is different from ipaddr('ipv6').
Example
{{ ['192.24.2.1/24', '::1', 'fe80::100'] | ipv6 }}
>> ['::1', 'fe80::100']
ipsubnet([subnet/prefix]) / ipsubnet([cidr[, index]])
Can be used to manipulate subnets in multiple ways.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
22
Supported filters and functions
l
#### address or address/prefix | ipsubnet returns CIDR subnet of a given input.
Example
{{ '192.168.144.5' | ipsubnet }}
>> 192.168.144.5/32
{{ '192.168.0.0/16' | ipsubnet }}
>> 192.168.0.0/16
l
#### subnet/prefix | ipsubnet(cidr) returns number of subnets a given subnet can be split into.
Example
{{ '192.168.0.0/16' | ipsubnet(20) }}
>> 16
l
#### address/prefix | ipsubnet(cidr, index) returns new subnet with given CIDR prefix.
Example
{{ '192.168.0.0/16' | ipsubnet(20, 0) }}
>> '192.168.0.0/20'
{{ '192.168.0.0/16' | ipsubnet(20, -1) }}
>> '192.168.240.0/20'
{{ '192.168.0.0/16' | ipsubnet(20, 5) }}
>> '192.168.80.0/20'
{{ '192.168.0.0/16' | ipsubnet(20, -5) }}
>> '192.168.176.0/20'
l
#### address | ipsubnet(cidr) returns the biggest subnet with given CIDR prefix that address belongs to.
Example
{{ '192.168.144.5' | ipsubnet(20) }}
>> '192.168.144.0/20'
l
#### address | ipsubnet(cidr, index) returns next indexed subnet which contains given address.
Example
{{ '192.168.144.5' | ipsubnet(18, 0) }}
>> '192.168.128.0/18'
{{ '192.168.144.5' | ipsubnet(18, -1) }}
>> '192.168.144.4/31'
{{ '192.168.144.5' | ipsubnet(18, 5) }}
>> '192.168.144.0/23'
{{ '192.168.144.5' | ipsubnet(18, -5) }}
>> '192.168.144.0/27'
l
#### address/prefix | ipsubnet(subnet/prefix) returns the index of the address in the subnet.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
23
Supported filters and functions
Example
# The IP is 36870th /32 in /16 range
{{ '192.168.144.5' | ipsubnet('192.168.0.0/16') }}
>> 36870
# The IP is the 6th /32 in /24 range
{{ '192.168.144.5' | ipsubnet(('192.168.144.0/24') }}
>> 6
# The IP is within the 1st /30 subnet in /24 range
{{ '192.168.144.1/30' | ipsubnet('192.168.144.0/24') }}
>> 1
# The IP is within the 5th /30 subnet in /24 range.
{{ '192.168.144.16/30' | ipsubnet('192.168.144.0/24') }}
>> 5
next_nth_usable(n) / previous_nth_usable(n)
Return the n-th usable IP address after/before the given IP address within the same network.
Example
{{ '192.168.144.16/24' | next_nth_usable(2) }}
>> '192.168.144.18'
{{ '192.168.144.16/24' | previous_nth_usable(2) }}
>> '192.168.144.14'
network_in_network(arg) / network_in_usable(arg)
arguments: IP address/network
Return True if argument is within/usable within the network range. Return False if otherwise.
Example
{{ '192.168.0.0/24' | network_in_usable('192.168.0.1') }}
>> True
{{ '192.168.0.0/24' | network_in_usable('192.168.0.255') }}
>> False
reduce_on_network(arg)
Check whether multiple addresses belong to a network.
Example
{{ ['192.168.0.34', '10.3.0.3', '192.168.2.34'] | reduce_on_network( '192.168.0.0/24' )
}}
>> ['192.168.0.34']
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
24
Supported filters and functions
nthhost(n)
Return the n-th IP address within the network. Also supports negative n.
Example
{{ '192.168.2.1/16' | nthhost(5) }}
>> '192.168.0.5'
{{ '192.168.2.1/16' | nthhost(-5) }}
>> '192.168.255.251'
slaac(arg)
Generates an IPv6 address for a given network and a MAC address in Stateless configuration.
Example
{{ 'fdcf:1894:23b5:d38c:0000:0000:0000:0000' | slaac('c2:31:b3:83:bf:2b') }}
>> 'fdcf:1894:23b5:d38c:c031:b3ff:fe83:bf2b'
hwaddr([arg])
arguments: bare, bool, int, cisco, eui48, linux, pgsql, postgresql, psql, unix, win
Check if the given address is a MAC address, or convert it between various formats.
Example
# Example MAC address
macaddress = '1a:2b:3c:4d:5e:6f'
# Check if given string is a MAC address
{{ macaddress | hwaddr }}
>> '1a:2b:3c:4d:5e:6f'
# Convert MAC address to PostgreSQL format
{{ macaddress | hwaddr('pgsql') }}
>> '1a2b3c:4d5e6f'
# Convert MAC address to Cisco format
{{ macaddress | ('cisco') }}
>> '1a2b.3c4d.5e6f'
macaddr([arg])
Same as hwaddr.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
25
FortiManager meta variables in Jinja
FortiManager meta variables in Jinja
On FortiManager, all meta variables are stored as strings. If a meta variable is intended to be used as other types, it is
strongly recommended to manually enforce their types using filters.
Example
# Meta variable var0 = "25", var1 = "abcd", var2 = "192.168.0.2/24"
# use as int:
{{var|int}}
# create an array 'arr'
{% set arr = [var0, var1, var2] %}
# temporary variable used in loop
{% for i in range(2,5) %}
Current loop index: {{i}}
{% endfor %}
Variables created within Jinja templates do not become meta variables on FortiManager. If a
variable is intended to be used in several Jinja templates, it is recommended that you use
Jinja's Import functionality.
Naming convention for meta variables
Meta variables should follow Python's naming convention to be used within Jinja templates:
l
Meta variable names must start with a letter or the underscore character, and cannot start with a number.
l
Meta variable names can only contain alpha-numeric characters and underscores (A-z, 0-9, and _ ).
l
Meta variable names are case sensitive.
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
26
References
References
l
Jinja 2.11 documentation
l
Ansible ipaddr filter documentation
l
Python netaddr documentation
FortiManager 7.4 Jinja Filters and Functions in CLI Templates
Fortinet Inc.
27
www.fortinet.com
Copyright© 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were
attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance
results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.