Using custom properties profiles to upload custom scripts

If you use custom scripts that you manually upload to the Engine, you can instead add the scripts to Custom Properties Profile elements.

If the custom properties profile is referenced in the configuration of the Engine, the script is automatically uploaded to all the Engine nodes when the policy is installed.

For example, if you use a custom script for the External Test for the Engine, you can use a custom properties profile to upload the script to the Engine. If the script is uploaded to the default location, you can refer to /data/config/policy/latest/scripts/[script_name] in the properties of the External Test.

This feature is supported on the Engine in the Firewall, IPS, and Layer 2 Firewall roles. For Virtual Engines, add the custom properties profile to the Master Engine.

You can upload custom scripts to the following paths:

/data
/data/config/base
/data/config/hooks/online
/data/config/hooks/offline
/data/config/hooks/standby
/data/config/hooks/policy-applied
/data/config/hooks/ve-active
/data/config/hooks/ve-deactive

Note: The scripts are not encrypted, even if the Engine configuration is otherwise encrypted.

In the custom properties profile, you can define additional attributes that your script can use. Additional attributes and their values are saved to the same location as your custom script in a file named <script_name>_allow. One attribute per line is stored in the file in the following format:

<attribute name>:<attribute value>

In this example, /data/my_script.sh has the additional attributes test_attribute1 with the value 1 and test_attribute2 with the value 2. In the /data directory, there are two files:

my_script.sh
my_script.sh_allow

The file my_script.sh_allow contains the following:

test_attribute1:1
test_attribute2:2

For script examples, see Knowledge Base article 18290.

Note: Custom scripts for the Engine and custom scripts for Alert Chains in the Secure SD-WAN Manager are configured separately and are separate scripts.