See how Insoft Services is responding to COVID-19

Executing FortiGate REST API Requests

Executing FortiGate REST API Requests

Execute-FortiGate-Rest-API-Requests

Executing FortiGate REST API Requests

19 May 2020

In this article, we’re going to test out our first firewall address REST API requests. First, log into the FortiGate GUI under Policy & Objects > Addresses. Here you will see all your firewall addresses.

NOTE: Access token is the API key associated with the REST API admin.”firewall/address” maps to “config firewall address” in the CLI.

The exercises below must be performed in a private browsing window.

To ensure maximum security, only HTTPS access is allowed.

Get started with your FortiGate training: Become a certified Fortinet NSE 4 Professional

Return all firewall addresses

Step 1: To return all firewall addresses, open a private browser window, Open a new incognito window to retrieve the same object list by sending requests.

Step 2: Into the URL field type in the protocol, IP address of your FortiGate; including the port number ending with the firewall address question mark (?).

Step 3: To make the request valid, you have to include the previously generated API token. The URL should take the format like the one below:

https://<YOUR-FORTGATE-ADDRESS>/api/v2/cmdb/firewall/address/?access_token=<YOUR-API-TOKEN>

Step 4: Replace the placeholders with values for your FortiGate:

  • <YOUR-FORTGATE-ADDRESS> is the IP address or hostname of your FortiGate as well as the HTTPS port number.
  • <YOUR-API-TOKEN> is the token you generated in Generate an API token.

Step 5: Hit Enter to send the request. The complete entry list will be displayed as a result in your browser window. If you want a filtered response, type in the filtering parameter after the API key starting with an ‘n’ symbol. Your browser will display results that start out similar to the following:

{
  "http_method": "GET",
  "revision": "51.0.135.9536802507053456306.1586267865",
  "results": [
    {
      "q_origin_key": "FABRIC_DEVICE",
      "name": "FABRIC_DEVICE",
      "uuid": "0dbba182-679d-51e9-e734-450162bcc3cc",
      "subnet": "0.0.0.0 0.0.0.0",
      "type": "ipmask",
      "start-mac": "00:00:00:00:00:00",
      "end-mac": "00:00:00:00:00:00",
      "start-ip": "0.0.0.0",
      "end-ip": "0.0.0.0",
      "fqdn": "",
      "country": "",
      "wildcard-fqdn": "",
      "cache-ttl": 0,
      "wildcard": "0.0.0.0 0.0.0.0",
      "sdn": "",
      "interface": "",
      "tenant": "",
      "organization": "",
      "epg-name": "",
      "subnet-name": "",
      "sdn-tag": "",
      "policy-group": "",
      "comment": "IPv4 addresses of Fabric Devices.",
      "visibility": "enable",
      "associated-interface": "",
      "color": 0,
      "filter": "",
      "sdn-addr-type": "private",
      "obj-id": "",
      "list": [],
      "tagging": [],
      "allow-routing": "disable"
    },

You can compare these results with what you see in the FortiGate GUI under Policy & Objects > Addresses.

Return only the name and comment for all firewall addresses

To return only the name and comment for all firewall addresses, update the URL to add the “format” parameter; &format=name|comment (returns only entries with ‘name’ and ‘comment’, now the response is reduced to entries with name and comment.

Compare the results with the listings of your FortiGate to see a complete match.

https://<YOUR-FORTGATE-ADDRESS>/api/v2/cmdb/firewall/address/?access_token=<YOUR-API-TOKEN>&format=name|comment

Your browser will display results that start out similar to the following:

{
  "http_method": "GET",
  "revision": "51.0.135.9536802507053456306.1586267865",
  "results": [
    {
      "q_origin_key": "FABRIC_DEVICE",
      "name": "FABRIC_DEVICE",
      "comment": "IPv4 addresses of Fabric Devices."
    },
    {
      "q_origin_key": "FIREWALL_AUTH_PORTAL_ADDRESS",
      "name": "FIREWALL_AUTH_PORTAL_ADDRESS",
      "comment": ""
    },
    {
      "q_origin_key": "LOCAL_SUBNET",
      "name": "LOCAL_SUBNET",
      "comment": ""
    },
  ],

Return only those entries with “SSLVPN_TUNNEL_ADDR1” in the name

To return only the name and comment for firewall addresses that include “SSLVPN_TUNNEL_ADDR1” in the name, you’ll need the “format” parameter as well as the “filter” parameter in the URL. Confirm the results by hitting Enter. Your response will only have entries with sales in it.

https://<YOUR-FORTGATE-ADDRESS>/api/v2/cmdb/firewall/address/?access_token=<YOUR-API-TOKEN>&format=name|comment&[email protected]_TUNNEL_ADDR1

Your browser will display results similar to the following:

{
  "http_method": "GET",
  "revision": "51.0.135.9536802507053456306.1586267865",
  "results": [
    {
      "q_origin_key": "SSLVPN_TUNNEL_ADDR1",
      "name": "SSLVPN_TUNNEL_ADDR1",
      "uuid": "7bc707ce-7916-51e7-8d08-5a142c3eef19",
      "subnet": "10.212.134.200 10.212.134.210",
      "type": "iprange",
      "start-mac": "00:00:00:00:00:00",
      "end-mac": "00:00:00:00:00:00",
      "start-ip": "10.212.134.200",
      "end-ip": "10.212.134.210",
      "fqdn": "",
      "country": "",
      "wildcard-fqdn": "",
      "cache-ttl": 0,
      "wildcard": "10.212.134.200 10.212.134.210",
      "sdn": "",
      "interface": "",
      "tenant": "",
      "organization": "",
      "epg-name": "",
      "subnet-name": "",
      "sdn-tag": "",
      "policy-group": "",
      "comment": "",
      "visibility": "enable",
      "associated-interface": "ssl.root",
      "color": 0,
      "filter": "",
      "sdn-addr-type": "private",
      "obj-id": "",
      "list": [],
      "tagging": [],
      "allow-routing": "disable"
    }
  ],

No Comments

Comments are closed.