FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.
This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
Fortinet Firewall Version Tested on: v5.2.0, v5.4.0, and v5.6.0
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Fortinet FortiOS connector in version 2.0.0:
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-fortinet-fortios
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the FortiOS connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Hostname/IP Address | Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations. |
Port | Port number that is used for connecting to the FortiOS server using SSH. By default, this is set to 22 . |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Username | Username to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Password | Password to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Private Key | Private Key used to perform SSH authentication on the FortiOS server. |
Timeout | Time, in seconds, after which the execution of the remote command gets timed out. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Policy | Retrieves all policies or a specific policy that are configured in the firewall from FortiOS. Specific policy is retrieved based on the policy index that you have specified. | get_policy Investigation |
Get Address Group | Retrieves all address groups or a specific address that are configured in the firewall from FortiOS. Specific address group is retrieved based on the address group name that you have specified. | get_address_group Investigation |
Get Blocked IP Addresses | Retrieves a list of all IP addresses that are blocked on the FortiOS server. Important: The Policy Base Block method to get blocked IP addresses is supported only for FortiOS version 5.2. |
get_blocked_ip Investigation |
Get Blocked URLs | Retrieves all blocked URLs from FortiOS based on the web filter profile name and optionally the VDOM you have specified. | get_blocked_urls Investigation |
Get Web Filter Profiles | Retrieves all web filter profiles details from FortiOS. | get_url_profiles Investigation |
Block IP Address | Blocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified. Important: The Policy Base Block method to block IP address is supported only for FortiOS version 5.2. |
block_ip Containment |
Block URL | Blocks the URLs that you have specified using FortiOS based on the input parameters you have specified. | block_url Containment |
Unblock URL | Unblock URLs that you have specified using FortiOS based on the input parameters you have specified. | unblock_urls Containment |
Unblock IP Address | Unblocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified. Important: The Policy Base Block method to unblock IP address is supported only for FortiOS version 5.2. |
unblock_ip Remediation |
Purge IP Block List | Removes all the IP addresses from the IP Block List on the FortiOS server. | unblock_ip Remediation |
Execute Command | Executes a command on a remote FortiOS server. | remote_command Investigation |
Parameter | Description |
---|---|
Policy Index | (Optional) Policy index based on which you want to retrieve specific policy details from FortiOS. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Address Group Name | (Optional) Name of the address group based on which you want to retrieve specific address group details from FortiOS. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Select Block IP Method | Method to be used for retrieving blocked IP address from FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
|
The output contains the following populated JSON schema, if you select Diagnose Base Block as the method to be used for retrieving blocked IP address from FortiOS:
{
"command": "",
"output": []
}
The output contains the following populated JSON schema, if you select Policy Base Block as the method to be used for retrieving blocked IP address from FortiOS, as this method contains all the blocked IP addresses directly in a list format:
[]
Parameter | Description |
---|---|
Profile Name of Web Filter | Web filter profile name based on which you want to retrieve blocked URLs using FortiOS. |
VDOM | (Optional) VDOM that is used to get blocked URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Note: This operation supports only a single VDOM. |
No output schema is available at this time.
Parameter | Description |
---|---|
VDOM | VDOM that is used to retrieve web filter profiles details from FortiOS. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can provide VDOM in the .csv or the list format. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Select Block IP Method | Method to be used for blocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
|
Output of the block ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
URLs For Block | URLs that you want to block using FortiOS, in the .csv or list format. For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com" |
Profile Name of Web Filter | Web filter profile name in which you want to block the URLs using FortiOS. |
VDOM | (Optional) VDOM that is used to block URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Note: This operation supports only a single VDOM. |
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
URLs For Unblock | URLs that you want to unblock using FortiOS, in the .csv or list format. For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com" |
Profile Name of Web Filter | Web filter profile name from which you want to unblock the URLs using FortiOS. |
VDOM | (Optional) VDOM that is used to unblock URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Note: This operation supports only a single VDOM. |
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Source IP Type | Method to be used for unblocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
|
Output of the unblock ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
VDOM | VDOM that is used to purge IP block list. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Notes: - You can specify the VDOM here, as an input parameter, or you can also specify the VDOM as a configuration parameter. - You can provide VDOM in the .csv or the list format. |
Output of the purge block list
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Commands | Command that you want to execute on the FortiOS console. You can provide commands in the .csv or the list format. |
Output of the specified command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
The Sample - Fortinet FortiOS - 2.0.0
playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.
This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.
Connector Version: 2.0.0
FortiSOAR™ Version Tested on: 4.12.1-253
Fortinet Firewall Version Tested on: v5.2.0, v5.4.0, and v5.6.0
Authored By: Fortinet
Certified: Yes
Following enhancements have been made to the Fortinet FortiOS connector in version 2.0.0:
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum
command to install connectors:
yum install cyops-connector-fortinet-fortios
For the detailed procedure to install a connector, click here.
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, select the FortiOS connector row, and in the Configure tab enter the required configuration details.
Parameter | Description |
---|---|
Hostname/IP Address | Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations. |
Port | Port number that is used for connecting to the FortiOS server using SSH. By default, this is set to 22 . |
VDOM | VDOM that is used to perform automated operations in provided VDOMs. Notes: - You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter. - You can provide VDOM in the .csv or the list format. |
Username | Username to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Password | Password to access the FortiOS endpoint server to which you will connect and perform the automated operations. |
Private Key | Private Key used to perform SSH authentication on the FortiOS server. |
Timeout | Time, in seconds, after which the execution of the remote command gets timed out. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True . |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
Function | Description | Annotation and Category |
---|---|---|
Get Policy | Retrieves all policies or a specific policy that are configured in the firewall from FortiOS. Specific policy is retrieved based on the policy index that you have specified. | get_policy Investigation |
Get Address Group | Retrieves all address groups or a specific address that are configured in the firewall from FortiOS. Specific address group is retrieved based on the address group name that you have specified. | get_address_group Investigation |
Get Blocked IP Addresses | Retrieves a list of all IP addresses that are blocked on the FortiOS server. Important: The Policy Base Block method to get blocked IP addresses is supported only for FortiOS version 5.2. |
get_blocked_ip Investigation |
Get Blocked URLs | Retrieves all blocked URLs from FortiOS based on the web filter profile name and optionally the VDOM you have specified. | get_blocked_urls Investigation |
Get Web Filter Profiles | Retrieves all web filter profiles details from FortiOS. | get_url_profiles Investigation |
Block IP Address | Blocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified. Important: The Policy Base Block method to block IP address is supported only for FortiOS version 5.2. |
block_ip Containment |
Block URL | Blocks the URLs that you have specified using FortiOS based on the input parameters you have specified. | block_url Containment |
Unblock URL | Unblock URLs that you have specified using FortiOS based on the input parameters you have specified. | unblock_urls Containment |
Unblock IP Address | Unblocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified. Important: The Policy Base Block method to unblock IP address is supported only for FortiOS version 5.2. |
unblock_ip Remediation |
Purge IP Block List | Removes all the IP addresses from the IP Block List on the FortiOS server. | unblock_ip Remediation |
Execute Command | Executes a command on a remote FortiOS server. | remote_command Investigation |
Parameter | Description |
---|---|
Policy Index | (Optional) Policy index based on which you want to retrieve specific policy details from FortiOS. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Address Group Name | (Optional) Name of the address group based on which you want to retrieve specific address group details from FortiOS. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Select Block IP Method | Method to be used for retrieving blocked IP address from FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
|
The output contains the following populated JSON schema, if you select Diagnose Base Block as the method to be used for retrieving blocked IP address from FortiOS:
{
"command": "",
"output": []
}
The output contains the following populated JSON schema, if you select Policy Base Block as the method to be used for retrieving blocked IP address from FortiOS, as this method contains all the blocked IP addresses directly in a list format:
[]
Parameter | Description |
---|---|
Profile Name of Web Filter | Web filter profile name based on which you want to retrieve blocked URLs using FortiOS. |
VDOM | (Optional) VDOM that is used to get blocked URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Note: This operation supports only a single VDOM. |
No output schema is available at this time.
Parameter | Description |
---|---|
VDOM | VDOM that is used to retrieve web filter profiles details from FortiOS. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can provide VDOM in the .csv or the list format. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Select Block IP Method | Method to be used for blocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
|
Output of the block ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
URLs For Block | URLs that you want to block using FortiOS, in the .csv or list format. For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com" |
Profile Name of Web Filter | Web filter profile name in which you want to block the URLs using FortiOS. |
VDOM | (Optional) VDOM that is used to block URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Note: This operation supports only a single VDOM. |
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
URLs For Unblock | URLs that you want to unblock using FortiOS, in the .csv or list format. For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com" |
Profile Name of Web Filter | Web filter profile name from which you want to unblock the URLs using FortiOS. |
VDOM | (Optional) VDOM that is used to unblock URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Note: This operation supports only a single VDOM. |
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Source IP Type | Method to be used for unblocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
|
Output of the unblock ip address
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
VDOM | VDOM that is used to purge IP block list. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. Notes: - You can specify the VDOM here, as an input parameter, or you can also specify the VDOM as a configuration parameter. - You can provide VDOM in the .csv or the list format. |
Output of the purge block list
command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
Parameter | Description |
---|---|
Commands | Command that you want to execute on the FortiOS console. You can provide commands in the .csv or the list format. |
Output of the specified command in the list format.
The output contains the following populated JSON schema:
{
"command": "",
"output": []
}
The Sample - Fortinet FortiOS - 2.0.0
playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.