Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Handbook

    Home FortiADC 7.4.3 Handbook
    7.4.3
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.1
    6.0.0
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.7

    Configuring OpenAPI Detection

    Configuring OpenAPI Detection

    The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs, which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, you can understand and interact with the remote service with a minimal amount of implementation logic.

    FortiADC can parse the OpenAPI description file and provide additional security to APIs by making sure that access is based on the definitions described in the OpenAPI file.

    Note: FortiADC supports OpenAPI 3.0.

    To configure OpenAPI Detection:
    1. Go to Web Application Firewall > OpenAPI Validation.
    2. Click the OpenAPI Detection tab.
    3. Click Create New to display the configuration editor and set up the configuration.
    4. Save the configuration.
    API Detection Configuration
    Settings Guidelines
    Name

    Configure the name. Valid characters are A-Z, a-z, 0-9, _, and -. Whitespaces not allowed.

    Note: Once saved, the name cannot be changed.
    OpenAPI Schema Check Before enabling OpenAPI Schema Check, you must upload an OpenAPI schema file to check whether OpenAPI content is permitted. Enable to use OpenAPI schema to validate OpenAPI content. See Importing OpenAPI schema.
    OpenAPI Schema Select the OpenAPI schema file that you want to use to check whether OpenAPI content is valid.
    Action

    Select the action profile that you want to apply. See Configuring WAF Action objects.

    The default is Alert.
    Severity

    When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select the severity level FortiADC uses when using Input Validation:

    • Low
    • Medium
    • High

    The default is Low.
    Exception Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.
    Previous
    Next

    Configuring OpenAPI Detection

    Configuring OpenAPI Detection

    The OpenAPI Specification (OAS) defines a standard, language-agnostic interface to RESTful APIs, which allows both humans and computers to discover and understand the capabilities of the service without access to source code, documentation, or through network traffic inspection. When properly defined, you can understand and interact with the remote service with a minimal amount of implementation logic.

    FortiADC can parse the OpenAPI description file and provide additional security to APIs by making sure that access is based on the definitions described in the OpenAPI file.

    Note: FortiADC supports OpenAPI 3.0.

    To configure OpenAPI Detection:
    1. Go to Web Application Firewall > OpenAPI Validation.
    2. Click the OpenAPI Detection tab.
    3. Click Create New to display the configuration editor and set up the configuration.
    4. Save the configuration.
    API Detection Configuration
    Settings Guidelines
    Name

    Configure the name. Valid characters are A-Z, a-z, 0-9, _, and -. Whitespaces not allowed.

    Note: Once saved, the name cannot be changed.
    OpenAPI Schema Check Before enabling OpenAPI Schema Check, you must upload an OpenAPI schema file to check whether OpenAPI content is permitted. Enable to use OpenAPI schema to validate OpenAPI content. See Importing OpenAPI schema.
    OpenAPI Schema Select the OpenAPI schema file that you want to use to check whether OpenAPI content is valid.
    Action

    Select the action profile that you want to apply. See Configuring WAF Action objects.

    The default is Alert.
    Severity

    When FortiADC records violations of this rule in the attack log, each log message contains a Severity Level (severity_level) field. Select the severity level FortiADC uses when using Input Validation:

    • Low
    • Medium
    • High

    The default is Low.
    Exception Select an exception configuration object. Exceptions identify specific hosts or URL patterns that are not subject to processing by this rule.
    Previous
    Next