Fortinet Document Library

Version:


Table of Contents

Fortinet FortiOS

1.0.0
Copy Link

About the connector

FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.

This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.12.1-253

FortiOS Version Tested on: v5.4.0 and v5.6.0

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-fortios

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

  • You must have the Hostname or the IP address of the FortiOS server to which you will connect and perform the automated operations and the credentials, i.e., the Username-Password pair to access this server.
  • You must have the Private Key to be able to perform SSH authentication on the FortiOS server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the FortiOS connector row, and in the Configure tab enter the required configuration details. 

Parameter Description
Hostname/IP Address Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations.
Port Port number that is used for connecting to the FortiOS server using SSH.
By default, this is set to 22.
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.
Username Username to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Password Password to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Private Key Private Key used to perform SSH authentication on the FortiOS server.
Timeout Time, in seconds, after which the execution of the remote command gets timed out.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Block IP Address Blocks the IP addresses that you have specified on the FortiOS server. block_ip
Containment
Unblock IP Address Unblocks the IP addresses that you have specified from the FortiOS server. unblock_ip
Remediation
Get list of all blocked IP addresses Retrieves a list of all IP addresses that are blocked on the FortiOS server. get_blocked_ip
Investigation
Purge IP Block List Removes all the IP addresses from the IP Block List on the FortiOS server. unblock_ip
Remediation
Execute Command Executes a command on a remote FortiOS server. remote_command
Investigation

operation: Block IP Address

Input parameters

Parameter Description
Source IP Type Source IP Type that you want to block on the FortiOS server.
You can choose between IPv4 and IPv6.
IP Addresses IP addresses that you want to block on the FortiOS server, in the .csv or list format.
For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
Time to Live Time till when the IP addresses are in the Block status.
You can choose between the following options: 1 Hour, 6 Hour, 12 Hour, 1 Day, 6 Months, 1 Year, or Custom Time.
Note: If you select Custom Time then the Time to Live (Seconds) field is displayed in which you must specify the Time to Live in seconds.
Source Source of the IP that you want to block on the FortiOS server.
You can choose between the following options: ADMIN, DLP, IPS, AV, or DOS.
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the block ip address command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Unblock IP Address

Input parameters

Parameter Description
Source IP Type Source IP Type that you want to unblock from the FortiOS server.
You can choose between IPv4 and IPv6.
IP Addresses IP addresses that you want to unblock from the FortiOS server in the .csv or list format.
For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the unblock ip address command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Get Blocked IP Addresses

Input parameters

Parameter Description
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the get block ip address command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Purge IP Block List

Input parameters

Parameter Description
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the purge block list command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Execute Command

Input parameters

Parameter Description
Commands Command that you want to execute on the FortiOS console.
You can provide commands in the .csv or the list format.

Output

Output of the specified command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

Included playbooks

The Sample - FortiOS - 1.0.0 playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.

  • Block IP Address
  • Execute Command
  • Get Blocked IP Addresses
  • Purge IP Block List
  • Unblock IP Address

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.

This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 4.12.1-253

FortiOS Version Tested on: v5.4.0 and v5.6.0

Authored By: Fortinet

Certified: Yes

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-fortios

For the detailed procedure to install a connector, click here.

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the FortiOS connector row, and in the Configure tab enter the required configuration details. 

Parameter Description
Hostname/IP Address Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations.
Port Port number that is used for connecting to the FortiOS server using SSH.
By default, this is set to 22.
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.
Username Username to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Password Password to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Private Key Private Key used to perform SSH authentication on the FortiOS server.
Timeout Time, in seconds, after which the execution of the remote command gets timed out.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Block IP Address Blocks the IP addresses that you have specified on the FortiOS server. block_ip
Containment
Unblock IP Address Unblocks the IP addresses that you have specified from the FortiOS server. unblock_ip
Remediation
Get list of all blocked IP addresses Retrieves a list of all IP addresses that are blocked on the FortiOS server. get_blocked_ip
Investigation
Purge IP Block List Removes all the IP addresses from the IP Block List on the FortiOS server. unblock_ip
Remediation
Execute Command Executes a command on a remote FortiOS server. remote_command
Investigation

operation: Block IP Address

Input parameters

Parameter Description
Source IP Type Source IP Type that you want to block on the FortiOS server.
You can choose between IPv4 and IPv6.
IP Addresses IP addresses that you want to block on the FortiOS server, in the .csv or list format.
For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
Time to Live Time till when the IP addresses are in the Block status.
You can choose between the following options: 1 Hour, 6 Hour, 12 Hour, 1 Day, 6 Months, 1 Year, or Custom Time.
Note: If you select Custom Time then the Time to Live (Seconds) field is displayed in which you must specify the Time to Live in seconds.
Source Source of the IP that you want to block on the FortiOS server.
You can choose between the following options: ADMIN, DLP, IPS, AV, or DOS.
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the block ip address command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Unblock IP Address

Input parameters

Parameter Description
Source IP Type Source IP Type that you want to unblock from the FortiOS server.
You can choose between IPv4 and IPv6.
IP Addresses IP addresses that you want to unblock from the FortiOS server in the .csv or list format.
For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the unblock ip address command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Get Blocked IP Addresses

Input parameters

Parameter Description
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the get block ip address command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Purge IP Block List

Input parameters

Parameter Description
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes: 
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the purge block list command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

operation: Execute Command

Input parameters

Parameter Description
Commands Command that you want to execute on the FortiOS console.
You can provide commands in the .csv or the list format.

Output

Output of the specified command in the list format.

The output contains the following populated JSON schema:

     "command": "", 
     "output": [] 
}

Included playbooks

The Sample - FortiOS - 1.0.0 playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.