Fortinet Document Library

Version:


Table of Contents

Fortinet FortiOS

2.0.1
Copy Link

About the connector

FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.

This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.

Version information

Connector Version: 2.0.1

FortiSOAR™ Version Tested on: 6.0.0

Fortinet Firewall Version Tested on: v5.2.0, v5.4.0, and v5.6.0

Authored By: Fortinet.

Certified: Yes

Release Notes for version 2.0.1

Following enhancements have been made to the Fortinet FortiOS connector in version 2.0.1:

  • Updated the connector logo for the Fortinet FortiOS connector.

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-fortinet-fortios

Prerequisites to configuring the connector

  • You must have the Hostname or the IP address of the FortiOS server to which you will connect and perform the automated operations and the credentials, i.e., the Username-Password pair to access this server.
  • You must have the Private Key to be able to perform SSH authentication on the FortiOS server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
  • To block or unblock IP addresses or URLs, you need to add the necessary configuration to the Fortinet FortiOS. See the Configuring IPv4 Policy and Web Filter Profile for blocking and unblocking IP addresses and URLs section.

Configuring IPv4 Policy and Web Filter Profile for blocking and unblocking IP addresses and URLs

  1. Log on to Fortinet FortiOS server with the necessary credentials.
  2. To block or unblock IP addresses, you must create an IPv4 Policy in the Fortinet FortiOS server as shown in the following image:
    For example, in the above image, we have created two policies for inbound and outbound IP blocking.
    To block inbound traffic of a particular IP Address, you should create a policy indexed for example as "1", and then you should create an IP Address Group such as "CyOPs_IP_Block_Group". Then in the policy whose index is 1 add the CyOPs_IP_Block_Group in the Source column.
    To block outbound traffic of a particular IP Address, you should create a policy indexed for example as "2", and then you should create an IP Address Group such as "CyOPs_Conn_Block_Grp". Then in the policy whose index is 2 add the CyOPs_Conn_Block_Grp in the Destination column. 
  3.  To block or unblock URLs, you must create a Web Filter Profile in the Fortinet FortiOS server as shown in the following image:
    For example, in the above image, we have created a web filter profile named cyops and then selected the Enable URL Filter checkbox. Now, by specifying this web filter profile name in the appropriate operations you can block or unblock URLs from the connector.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the FortiOS connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details. 

Parameter Description
Hostname/IP Address Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations.
Port Port number that is used for connecting to the FortiOS server using SSH.
By default, this is set to 22.
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes:
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.
Username Username to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Password Password to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Private Key Private Key used to perform SSH authentication on the FortiOS server.
Timeout Time, in seconds, after which the execution of the remote command gets timed out.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Policy Retrieves all policies or a specific policy that are configured in the firewall from FortiOS. Specific policy is retrieved based on the policy index that you have specified. get_policy
Investigation
Get Address Group Retrieves all address groups or a specific address that are configured in the firewall from FortiOS. Specific address group is retrieved based on the address group name that you have specified. get_address_group
Investigation
Get Blocked IP Addresses Retrieves a list of all IP addresses that are blocked on the FortiOS server.
Important: The Policy Base Block method to get blocked IP addresses is supported only for FortiOS version 5.2.
get_blocked_ip
Investigation
Get Blocked URLs Retrieves all blocked URLs from FortiOS based on the web filter profile name and optionally the VDOM you have specified. get_blocked_urls
Investigation
Get Web Filter Profiles Retrieves all web filter profiles details from FortiOS. get_url_profiles
Investigation
Block IP Address Blocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified.
Important: The Policy Base Block method to block IP address is supported only for FortiOS version 5.2.
block_ip
Containment
Block URL Blocks the URLs that you have specified using FortiOS based on the input parameters you have specified. block_url
Containment
Unblock URL Unblock URLs that you have specified using FortiOS based on the input parameters you have specified. unblock_urls
Containment
Unblock IP Address Unblocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified.
Important: The Policy Base Block method to unblock IP address is supported only for FortiOS version 5.2.
unblock_ip
Remediation
Purge IP Block List Removes all the IP addresses from the IP Block List on the FortiOS server. unblock_ip
Remediation
Execute Command Executes a command on a remote FortiOS server. remote_command
Investigation

operation: Get Policy

Input parameters

Parameter Description
Policy Index (Optional) Policy index based on which you want to retrieve specific policy details from FortiOS.

Output

The output contains a non-dictionary value.

operation: Get Address Group

Input parameters

Parameter Description
Address Group Name (Optional) Name of the address group based on which you want to retrieve specific address group details from FortiOS.

Output

The output contains a non-dictionary value.

operation: Get Blocked IP Addresses

Input parameters

Parameter Description
Select Block IP Method Method to be used for retrieving blocked IP address from FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
  • If you choose Diagnose Base Block, then you must specify the following parameters:
    • VDOM: (Optional) VDOM that is used to retrieve blocked IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.
  • If you choose Policy Base Block, then you must specify the following parameters:
    • Select In-Bound Blocking or Out-Bound Blocking: Specify whether you want to retrieve blocked inbound or outbound IP addresses.
      Note: You can also select both In-bound and Out-bound. If you select both then you must specify the parameters for both inbound and outbound blocking.
      • If you choose In-Bound, then you must specify the following parameters:
        • In-Bound Policy Index Number: Number of the inbound policy based on which you want to retrieve blocked inbound.
        • In-Bound Address Group Name: Name of the inbound address groups based on which you want to retrieve blocked inbound.
      • If you choose Out-Bound, then you must specify the following parameters:
        • Out-Bound Policy Index Number: Number of the outbound policy based on which you want to retrieve blocked outbound IP addresses.
        • Out-Bound Address Group Name: Name of the outbound address groups based on which you want to retrieve blocked outbound IP addresses.
      • VDOM: (Optional) VDOM that is used to retrieve blocked inbound or outbound IP addresses. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.

Output

The output contains the following populated JSON schema, if you select Diagnose Base Block as the method to be used for retrieving blocked IP address from FortiOS:
{
     "command": "",
     "output": []
}

The output contains the following populated JSON schema, if you select Policy Base Block as the method to be used for retrieving blocked IP address from FortiOS, as this method contains all the blocked IP addresses directly in a list format:
[]

 

operation: Get Blocked URLs

Input parameters

Parameter Description
Profile Name of Web Filter Web filter profile name based on which you want to retrieve blocked URLs using FortiOS.
VDOM (Optional) VDOM that is used to get blocked URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Note: This operation supports only a single VDOM.

Output

No output schema is available at this time.

operation: Get Web Filter Profiles

Input parameters

Parameter Description
VDOM VDOM that is used to retrieve web filter profiles details from FortiOS. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can provide VDOM in the .csv or the list format.

Output

The output contains a non-dictionary value.

operation: Block IP Address

Input parameters

Parameter Description
Select Block IP Method Method to be used for blocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
  • If you choose Diagnose Base Block, then you must specify the following parameters:
    • Source IP Type: Source IP Type that you want to block using FortiOS. You can choose between IPv4 and IPv6.
    • IP Addresses: IP addresses that you want to block using FortiOS, in the .csv or list format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
    • Time to Live: Time till when the IP addresses will remain in the Block status. You can choose between the following options: 1 Hour, 6 Hour, 12 Hour, 1 Day, 6 Months, 1 Year, or Custom Time.
      Note: If you select Custom Time then the Time to Live (Seconds) field is displayed in which you must specify the Time to Live in seconds.
    • Source: Source of the IP that you want to block using FortiOS. You can choose between the following options: ADMIN, DLP, IPS, AV, or DOS.
    • VDOM: (Optional) VDOM that is used to block IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.
  • If you choose Policy Base Block, then you must specify the following parameters:
    • Select In-Bound Blocking or Out-Bound Blocking: Specify whether you want to block inbound or outbound IP addresses.
      Note: You can also select both In-bound and Out-bound. If you select both then you must specify the parameters for both inbound and outbound blocking.
      • If you choose In-Bound, then you must specify the following parameters:
        • In-Bound Policy Index Number: Number of the inbound policy based on which you want to block IP addresses.
          Note: The Policy action should be DENY.
        • In-Bound Address Group Name: Name of the inbound address groups based on which you want to block IP addresses.
          Note: The specified address group is added to the source of specified policy.
      • If you choose Out-Bound, then you must specify the following parameters:
        • Out-Bound Policy Index Number: Number of the outbound policy based on which you want to block IP addresses.
          Note: The Policy action should be DENY.
        • Out-Bound Address Group Name: Name of the outbound address groups based on which you want to block IP addresses.
          Note: The specified address group is added to the source of specified policy.
      • IP Addresses: IP addresses that you want to block using FortiOS in the .csv or list format.
        For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
      • VDOM: (Optional) VDOM that is used to block IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.

Output

Output of the block ip address command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Block URL

Input parameters

Parameter Description
URLs For Block URLs that you want to block using FortiOS, in the .csv or list format.
For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com"
Profile Name of Web Filter Web filter profile name in which you want to block the URLs using FortiOS.
VDOM (Optional) VDOM that is used to block URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Note: This operation supports only a single VDOM.

Output

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Unblock URL

Input parameters

Parameter Description
URLs For Unblock URLs that you want to unblock using FortiOS, in the .csv or list format.
For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com"
Profile Name of Web Filter Web filter profile name from which you want to unblock the URLs using FortiOS.
VDOM (Optional) VDOM that is used to unblock URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Note: This operation supports only a single VDOM.

Output

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Unblock IP Address

Input parameters

Parameter Description
Source IP Type Method to be used for unblocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
  • If you choose Diagnose Base Block, then you must specify the following parameters:
    • Source IP Type: Source IP Type that you want to unblock using FortiOS. You can choose between IPv4 and IPv6.
    • IP Addresses: IP addresses that you want to unblock using FortiOS, in the .csv or list format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
    • VDOM: (Optional) VDOM that is used to unblock IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.
  • If you choose Policy Base Block, then you must specify the following parameters:
    • Select In-Bound Unblocking or Out-Bound Unblocking: Specify whether you want to unblock inbound or outbound IP addresses.
      Note: You can also select both In-bound and Out-bound. If you select both then you must specify the parameters for both inbound and outbound unblocking.
      • If you choose In-Bound, then you must specify the following parameters:
        • In-Bound Policy Index Number: Number of the inbound policy based on which you want to unblock IP addresses.
        • In-Bound Address Group Name: Name of the inbound address groups based on which you want to unblock IP addresses.
      • If you choose Out-Bound, then you must specify the following parameters:
        • Out-Bound Policy Index Number: Number of the outbound policy based on which you want to unblock IP addresses.
        • Out-Bound Address Group Name: Name of the outbound address groups based on which you want to unblock IP addresses.
      • IP Addresses: IP addresses that you want to unblock using FortiOS in the .csv or list format.
        For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
      • VDOM: (Optional) VDOM that is used to unblock IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.

Output

Output of the unblock ip address command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Purge IP Block List

Input parameters

Parameter Description
VDOM VDOM that is used to purge IP block list. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Notes:
- You can specify the VDOM here, as an input parameter, or you can also specify the VDOM as a configuration parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the purge block list command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Execute Command

Input parameters

Parameter Description
Commands Command that you want to execute on the FortiOS console.
You can provide commands in the .csv or the list format.

Output

Output of the specified command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

Included playbooks

The Sample - Fortinet FortiOS - 2.0.1 playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.

  • Block IP Address
  • Block URL
  • Execute Command
  • Get Address Group
  • Get Blocked IP Addresses
  • Get Blocked URLs
  • Get Policy
  • Get Web Filter Profiles
  • Purge IP Block List
  • Unblock IP Address
  • Unblock URL

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

FortiOS is the Fortinet's network security operating system. It expands the Security Fabric to provide broad visibility and control, more powerful performance, and more efficient operations to quickly identify and resolve security issues.

This document provides information about the FortiOS connector, which facilitates automated interactions, with a FortiOS server using FortiSOAR™ playbooks. Add the FortiOS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, blocking and unblocking IP addresses, retrieving a list of IP addresses that are blocked on FortiOS, and executing a command on a remote FortiOS server.

Version information

Connector Version: 2.0.1

FortiSOAR™ Version Tested on: 6.0.0

Fortinet Firewall Version Tested on: v5.2.0, v5.4.0, and v5.6.0

Authored By: Fortinet.

Certified: Yes

Release Notes for version 2.0.1

Following enhancements have been made to the Fortinet FortiOS connector in version 2.0.1:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-fortinet-fortios

Prerequisites to configuring the connector

Configuring IPv4 Policy and Web Filter Profile for blocking and unblocking IP addresses and URLs

  1. Log on to Fortinet FortiOS server with the necessary credentials.
  2. To block or unblock IP addresses, you must create an IPv4 Policy in the Fortinet FortiOS server as shown in the following image:
    For example, in the above image, we have created two policies for inbound and outbound IP blocking.
    To block inbound traffic of a particular IP Address, you should create a policy indexed for example as "1", and then you should create an IP Address Group such as "CyOPs_IP_Block_Group". Then in the policy whose index is 1 add the CyOPs_IP_Block_Group in the Source column.
    To block outbound traffic of a particular IP Address, you should create a policy indexed for example as "2", and then you should create an IP Address Group such as "CyOPs_Conn_Block_Grp". Then in the policy whose index is 2 add the CyOPs_Conn_Block_Grp in the Destination column. 
  3.  To block or unblock URLs, you must create a Web Filter Profile in the Fortinet FortiOS server as shown in the following image:
    For example, in the above image, we have created a web filter profile named cyops and then selected the Enable URL Filter checkbox. Now, by specifying this web filter profile name in the appropriate operations you can block or unblock URLs from the connector.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, select the FortiOS connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details. 

Parameter Description
Hostname/IP Address Hostname or IP address of the FortiOS endpoint server to which you will connect and perform the automated operations.
Port Port number that is used for connecting to the FortiOS server using SSH.
By default, this is set to 22.
VDOM VDOM that is used to perform automated operations in provided VDOMs.
Notes:
- You can specify the VDOM here, as a configuration parameter, or you can also specify the VDOM as a function parameter.
- You can provide VDOM in the .csv or the list format.
Username Username to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Password Password to access the FortiOS endpoint server to which you will connect and perform the automated operations.
Private Key Private Key used to perform SSH authentication on the FortiOS server.
Timeout Time, in seconds, after which the execution of the remote command gets timed out.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

Function Description Annotation and Category
Get Policy Retrieves all policies or a specific policy that are configured in the firewall from FortiOS. Specific policy is retrieved based on the policy index that you have specified. get_policy
Investigation
Get Address Group Retrieves all address groups or a specific address that are configured in the firewall from FortiOS. Specific address group is retrieved based on the address group name that you have specified. get_address_group
Investigation
Get Blocked IP Addresses Retrieves a list of all IP addresses that are blocked on the FortiOS server.
Important: The Policy Base Block method to get blocked IP addresses is supported only for FortiOS version 5.2.
get_blocked_ip
Investigation
Get Blocked URLs Retrieves all blocked URLs from FortiOS based on the web filter profile name and optionally the VDOM you have specified. get_blocked_urls
Investigation
Get Web Filter Profiles Retrieves all web filter profiles details from FortiOS. get_url_profiles
Investigation
Block IP Address Blocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified.
Important: The Policy Base Block method to block IP address is supported only for FortiOS version 5.2.
block_ip
Containment
Block URL Blocks the URLs that you have specified using FortiOS based on the input parameters you have specified. block_url
Containment
Unblock URL Unblock URLs that you have specified using FortiOS based on the input parameters you have specified. unblock_urls
Containment
Unblock IP Address Unblocks the IP addresses that you have specified using FortiOS based on the input parameters you have specified.
Important: The Policy Base Block method to unblock IP address is supported only for FortiOS version 5.2.
unblock_ip
Remediation
Purge IP Block List Removes all the IP addresses from the IP Block List on the FortiOS server. unblock_ip
Remediation
Execute Command Executes a command on a remote FortiOS server. remote_command
Investigation

operation: Get Policy

Input parameters

Parameter Description
Policy Index (Optional) Policy index based on which you want to retrieve specific policy details from FortiOS.

Output

The output contains a non-dictionary value.

operation: Get Address Group

Input parameters

Parameter Description
Address Group Name (Optional) Name of the address group based on which you want to retrieve specific address group details from FortiOS.

Output

The output contains a non-dictionary value.

operation: Get Blocked IP Addresses

Input parameters

Parameter Description
Select Block IP Method Method to be used for retrieving blocked IP address from FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
  • If you choose Diagnose Base Block, then you must specify the following parameters:
    • VDOM: (Optional) VDOM that is used to retrieve blocked IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.
  • If you choose Policy Base Block, then you must specify the following parameters:
    • Select In-Bound Blocking or Out-Bound Blocking: Specify whether you want to retrieve blocked inbound or outbound IP addresses.
      Note: You can also select both In-bound and Out-bound. If you select both then you must specify the parameters for both inbound and outbound blocking.
      • If you choose In-Bound, then you must specify the following parameters:
        • In-Bound Policy Index Number: Number of the inbound policy based on which you want to retrieve blocked inbound.
        • In-Bound Address Group Name: Name of the inbound address groups based on which you want to retrieve blocked inbound.
      • If you choose Out-Bound, then you must specify the following parameters:
        • Out-Bound Policy Index Number: Number of the outbound policy based on which you want to retrieve blocked outbound IP addresses.
        • Out-Bound Address Group Name: Name of the outbound address groups based on which you want to retrieve blocked outbound IP addresses.
      • VDOM: (Optional) VDOM that is used to retrieve blocked inbound or outbound IP addresses. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.

Output

The output contains the following populated JSON schema, if you select Diagnose Base Block as the method to be used for retrieving blocked IP address from FortiOS:
{
     "command": "",
     "output": []
}

The output contains the following populated JSON schema, if you select Policy Base Block as the method to be used for retrieving blocked IP address from FortiOS, as this method contains all the blocked IP addresses directly in a list format:
[]

 

operation: Get Blocked URLs

Input parameters

Parameter Description
Profile Name of Web Filter Web filter profile name based on which you want to retrieve blocked URLs using FortiOS.
VDOM (Optional) VDOM that is used to get blocked URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Note: This operation supports only a single VDOM.

Output

No output schema is available at this time.

operation: Get Web Filter Profiles

Input parameters

Parameter Description
VDOM VDOM that is used to retrieve web filter profiles details from FortiOS. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can provide VDOM in the .csv or the list format.

Output

The output contains a non-dictionary value.

operation: Block IP Address

Input parameters

Parameter Description
Select Block IP Method Method to be used for blocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
  • If you choose Diagnose Base Block, then you must specify the following parameters:
    • Source IP Type: Source IP Type that you want to block using FortiOS. You can choose between IPv4 and IPv6.
    • IP Addresses: IP addresses that you want to block using FortiOS, in the .csv or list format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
    • Time to Live: Time till when the IP addresses will remain in the Block status. You can choose between the following options: 1 Hour, 6 Hour, 12 Hour, 1 Day, 6 Months, 1 Year, or Custom Time.
      Note: If you select Custom Time then the Time to Live (Seconds) field is displayed in which you must specify the Time to Live in seconds.
    • Source: Source of the IP that you want to block using FortiOS. You can choose between the following options: ADMIN, DLP, IPS, AV, or DOS.
    • VDOM: (Optional) VDOM that is used to block IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.
  • If you choose Policy Base Block, then you must specify the following parameters:
    • Select In-Bound Blocking or Out-Bound Blocking: Specify whether you want to block inbound or outbound IP addresses.
      Note: You can also select both In-bound and Out-bound. If you select both then you must specify the parameters for both inbound and outbound blocking.
      • If you choose In-Bound, then you must specify the following parameters:
        • In-Bound Policy Index Number: Number of the inbound policy based on which you want to block IP addresses.
          Note: The Policy action should be DENY.
        • In-Bound Address Group Name: Name of the inbound address groups based on which you want to block IP addresses.
          Note: The specified address group is added to the source of specified policy.
      • If you choose Out-Bound, then you must specify the following parameters:
        • Out-Bound Policy Index Number: Number of the outbound policy based on which you want to block IP addresses.
          Note: The Policy action should be DENY.
        • Out-Bound Address Group Name: Name of the outbound address groups based on which you want to block IP addresses.
          Note: The specified address group is added to the source of specified policy.
      • IP Addresses: IP addresses that you want to block using FortiOS in the .csv or list format.
        For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
      • VDOM: (Optional) VDOM that is used to block IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.

Output

Output of the block ip address command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Block URL

Input parameters

Parameter Description
URLs For Block URLs that you want to block using FortiOS, in the .csv or list format.
For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com"
Profile Name of Web Filter Web filter profile name in which you want to block the URLs using FortiOS.
VDOM (Optional) VDOM that is used to block URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Note: This operation supports only a single VDOM.

Output

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Unblock URL

Input parameters

Parameter Description
URLs For Unblock URLs that you want to unblock using FortiOS, in the .csv or list format.
For example, ["www.demo.com", "www.demo1.com"] or "www.demo.com", "www.demo1.com"
Profile Name of Web Filter Web filter profile name from which you want to unblock the URLs using FortiOS.
VDOM (Optional) VDOM that is used to unblock URLs. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Note: This operation supports only a single VDOM.

Output

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Unblock IP Address

Input parameters

Parameter Description
Source IP Type Method to be used for unblocking the IP address using FortiOS. You can choose from Diagnose Base Block or Policy Base Block.
  • If you choose Diagnose Base Block, then you must specify the following parameters:
    • Source IP Type: Source IP Type that you want to unblock using FortiOS. You can choose between IPv4 and IPv6.
    • IP Addresses: IP addresses that you want to unblock using FortiOS, in the .csv or list format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
    • VDOM: (Optional) VDOM that is used to unblock IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.
  • If you choose Policy Base Block, then you must specify the following parameters:
    • Select In-Bound Unblocking or Out-Bound Unblocking: Specify whether you want to unblock inbound or outbound IP addresses.
      Note: You can also select both In-bound and Out-bound. If you select both then you must specify the parameters for both inbound and outbound unblocking.
      • If you choose In-Bound, then you must specify the following parameters:
        • In-Bound Policy Index Number: Number of the inbound policy based on which you want to unblock IP addresses.
        • In-Bound Address Group Name: Name of the inbound address groups based on which you want to unblock IP addresses.
      • If you choose Out-Bound, then you must specify the following parameters:
        • Out-Bound Policy Index Number: Number of the outbound policy based on which you want to unblock IP addresses.
        • Out-Bound Address Group Name: Name of the outbound address groups based on which you want to unblock IP addresses.
      • IP Addresses: IP addresses that you want to unblock using FortiOS in the .csv or list format.
        For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2".
      • VDOM: (Optional) VDOM that is used to unblock IP address. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter. You can specify VDOM in the .csv or the list format.

Output

Output of the unblock ip address command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Purge IP Block List

Input parameters

Parameter Description
VDOM VDOM that is used to purge IP block list. The VDOM that you specify here will overwrite the VDOM(s) that you have specified as a configuration parameter.
Notes:
- You can specify the VDOM here, as an input parameter, or you can also specify the VDOM as a configuration parameter.
- You can provide VDOM in the .csv or the list format.

Output

Output of the purge block list command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

operation: Execute Command

Input parameters

Parameter Description
Commands Command that you want to execute on the FortiOS console.
You can provide commands in the .csv or the list format.

Output

Output of the specified command in the list format.

The output contains the following populated JSON schema:
{
     "command": "",
     "output": []
}

Included playbooks

The Sample - Fortinet FortiOS - 2.0.1 playbook collection comes bundled with the FortiOS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the FortiOS connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.