Fortinet FortiManager provides easy centralized configuration, policy-based provisioning, update management, and end-to-end network monitoring for your Fortinet installed environment.
This document provides information about the Fortinet FortiManager Connector, which facilitates automated interactions with your Fortinet FortiManager server using FortiSOAR™ playbooks. Add the Fortinet FortiManager connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all devices configured on the Fortinet FortiManager server, creating and updating incidents on the Fortinet FortiManager server, and retrieving a list of all incidents from the Fortinet FortiManager server.
You can use FortiSOAR™'s Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling incidents from Fortinet FortiManager. For more information, see the Data Ingestion Support section.
Connector Version: 3.0.0
FortiSOAR™ Version Tested on: 7.0.2-664
Fortinet FortiManager Version Tested on: FortiManager VM64-KVM v7.0.1 Interim build4653
Authored By: Fortinet
Certified: Yes
Following changes have been made to the Fortinet FortiManager Connector in version 3.0.0:
Use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-fortinet-fortimanager
Log on to the Fortinet FortiManager server with the necessary credentials.
To block or unblock an IP address, you must create a policy for IP addresses on the Fortinet FortiManager server. The following steps define the process of adding a policy:
Policy & Objects > Policy Packages
, click IPv4 Policy or Firewall Policy to create a policy for IPv4 with the following conditions.Policy & Objects > Object Configuration
, click Address Group to create an address group with the following conditions.The minimum privileges that require to be assigned to users who are going to use this connector and run actions on Fortinet FortiManager are:
Admin Profile - Super User
JSON API Access - Read & Write
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Fortinet FortiManager connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details.
Parameter | Description |
---|---|
Hostname | IP address or Hostname of the Fortinet FortiManager endpoint server to which you will connect and perform the automated operations. |
Username | Username to access the Fortinet FortiManager server to which you will connect and perform the automated operations. |
Password | Password to access the Fortinet FortiManager server to which you will connect and perform the automated operations. |
ADOM | Administrative domain names (ADOMs) of the Fortinet FortiManager server to which you will connect and perform the automated operations. Enter the ADOMs, in the CSV or List format. |
Port | Port number used to access the Fortinet FortiManager server to which you will connect and perform the automated operations. By default, this is set to 443. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations:
Function | Description | Annotation and Category |
---|---|---|
Create Incident | Creates an incident in Fortinet FortiManager based on the reporter name, endpoint name, and other input parameters you have specified. | create_incident Investigation |
List Incident | Retrieves a list of all incidents or specific incidents from Fortinet FortiManager based on the search parameters you have specified. | get_incidents Investigation |
Get Events Related to Incident | Retrieves details of events associated with a Fortinet FortiManager incident, based on the incident ID and other input parameters you have specified. | get_incident_events Investigation |
Get Device List | Retrieves a list of all devices or specific devices from Fortinet FortiManager based on the search parameters you have specified. Note: If a parameter is left blank or null, then this operation will return devices matching all values. |
get_devices Investigation |
Get Events | Retrieves a list of all events or specific events from Fortinet FortiManager based on the search parameters you have specified. Note: If a parameter is left blank or null, then this operation will return events matching all values. |
get_alert_event Investigation |
Get Event Details | Retrieves a list of event details (logs) from Fortinet FortiManager based on the alert IDs and other search parameters you have specified. | get_alert_logs Investigation |
Update Incident | Update an incident in Fortinet FortiManager based on the incident ID and other input parameters you have specified. | create_incident Investigation |
List ADOM Policy Package | Retrieves a list of all ADOM policy packages or specific ADOM policy packages from Fortinet FortiManager based on the search parameters you have specified. | get_adom_policy_package Investigation |
List ADOM Firewall Policies | Retrieves a list of all ADOM firewall policies or specific ADOM firewall policies from Fortinet FortiManager based on the search parameters you have specified. | get_adom_policy Investigation |
ADOM Level Get Blocked IP Addresses | Retrieves a list of ADOM level IP Addresses that are blocked on Fortinet FortiGate through Fortinet FortiManager based on the firewall policy, address group name, and other input parameters you have specified. | get_blocked_ip Investigation |
ADOM Level Block IP Address | Blocks IP addresses at the ADOM level on Fortinet FortiGate based on the Firewall policy, address group name, and other input parameters you have specified. | block_ip Containment |
ADOM Level Unblock IP Address | Unlocks IP addresses at the ADOM level on Fortinet FortiGate based on the Firewall policy, address group name, and other input parameters you have specified. | unblock_ip Remediation |
Re-install Policy | Reinstalls a Firewall Policy in Fortinet FortiManager based on the ADOM Name and policy package name you have specified. | reinstall_policy Investigation |
List Global Policy Package | Retrieves a list of all policy packages or specific policy packages from Fortinet FortiManager based on the search parameters you have specified. | get_global_policy_package Investigation |
List Global Firewall Policies | Retrieves a list of all global firewall policies or specific firewall policies from Fortinet FortiManager based on the search parameters you have specified. | get_global_policy Investigation |
Global Level Get Blocked IP Addresses | Retrieves a list of Global (header/footer policy) level IP Addresses that are blocked on Fortinet FortiGate through Fortinet FortiManager based on the firewall policy, address group name, and other input parameters you have specified. | get_blocked_ip Investigation |
Global Level Block IP Address | Blocks IP addresses at the global level on Fortinet FortiGate based on the firewall header/footer policy, address group name, and other input parameters you have specified. | block_ip Containment |
Global Level Unblock IP Address | Unblocks IP addresses at the global level on Fortinet FortiGate based on the firewall header/footer policy, address group name, and other input parameters you have specified. | unblock_ip Remediation |
Assign Global Policy Package | Assigns a global policy package to ADOM packages in Fortinet FortiManager based on the policy package name, ADOM devices, and other input parameters you have specified. | global_assign_policy Investigation |
Get Device Groups List | Retrieves a list of all device groups or specific device groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_device_groups Investigation |
Create Address | Creates an address in Fortinet FortiManager based on the address name, level type, and other input parameters you have specified. | create_address Investigation |
Get Addresses List | Retrieves a list of addresses or specific addresses from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_addresses Investigation |
Update Address | Updates an address in Fortinet FortiManager based on the address name, level type, and other input parameters you have specified. | update_address Investigation |
Delete Address | Deletes an address from Fortinet FortiManager based on the level type you have specified. | delete_address Investigation |
Create Address Group | Creates an address group in Fortinet FortiManager based on the address name, level type, and other input parameters you have specified. | create_address_group Investigation |
Get Address Groups List | Retrieves a list of address groups or specific address groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_address_groups Investigation |
Update Address Group | Updates an existing address group in Fortinet FortiManager based on the level type, method, and other input parameters you have specified. | update_address_group Investigation |
Delete Address Group | Deletes an address group from Fortinet FortiManager based on the level type you have specified. | delete_address_group Investigation |
Get Service Categories List | Retrieves a list of service categories or specific service categories from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_service_categories Investigation |
Create Service Group | Creates a service group in Fortinet FortiManagerin Fortinet FortiManager based on the level type, members, and other input parameters you have specified. | create_service_group Investigation |
Get Service Groups List | Retrieves a list of address groups or specific address groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_service_group Investigation |
Update Service Group | Updates an existing service group in Fortinet FortiManager based on the level type, method, and other input parameters you have specified. | update_service_group Investigation |
Delete Service Group | Deletes a service group from Fortinet FortiManager based on the level type you have specified. | delete_service_group Investigation |
Create Custom Service | Creates a custom service in Fortinet FortiManager based on the level type and other input parameters you have specified. | create_custom_service Investigation |
Get Custom Services List | Retrieves a list of custom services or specific custom services from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_custom_service Investigation |
Update Custom Service | Updates an existing custom service in Fortinet FortiManager based on the level type and other input parameters you have specified. | update_custom_service Investigation |
Delete Custom Service | Deletes a custom service from Fortinet FortiManager based on the level type you have specified. | delete_custom_service Investigation |
Create Policy Package | Creates a policy package in Fortinet FortiManager based on the level type, package type, and other input parameters you have specified. | create_policy_package Investigation |
Update Policy Package | Updates a policy package in Fortinet FortiManager based on the level type and other input parameters you have specified. | update_policy_package Investigation |
Delete Policy Package | Deletes a policy package from Fortinet FortiManager based on the level type and other input parameters you have specified. | delete_policy_package Investigation |
Create Firewall Policy | Creates a firewall policy in Fortinet FortiManager based on the level type, package type, policy package name, and other input parameters you have specified. | create_policy Investigation |
Update Firewall Policy | Updates a firewall policy in Fortinet FortiManager based on the level type, package type, policy package name, and other input parameters you have specified. | update_policy Investigation |
Delete Firewall Policy | Deletes a firewall policy in Fortinet FortiManager based on the level type, policy ID, policy package name, and other input parameters you have specified. | delete_policy Investigation |
Move Firewall Policy | Moves a firewall policy in Fortinet FortiManager based on the level type, policy ID, policy package name, target, and other input parameters you have specified. | move_policy Investigation |
Get Dynamic Interface List | Retrieves a list of all dynamic interfaces or specific dynamic interfaces from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_dynamic_interface Investigation |
Install Policy | Installs a policy package on Fortinet FortiManager based on the ADOM, policy package name, and other input parameters you have specified. | install_policy Investigation |
Get Installation Policy Package Status | Retrieves the status of installation for a specific policy package from Fortinet FortiManager based on the task ID you have specified. | install_policy_status Investigation |
Create LDAP Server | Creates an LDAP server in Fortinet FortiManager based on the level type, LDAP server name, username, password, and other input parameters you have specified. | create_ldap_server Investigation |
Get LDAP Server List | Retrieves a list of LDAP servers or specific LDAP servers from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_ldap_server Investigation |
Update LDAP Server | Updates an LDAP server in Fortinet FortiManager based on the level type, LDAP server name, and other input parameters you have specified. | update_ldap_server Investigation |
Delete LDAP Server | Deletes an LDAP server from Fortinet FortiManager based on the level type, LDAP server name, and other input parameters you have specified. | delete_ldap_server Investigation |
Create User Group | Creates a user group in Fortinet FortiManager based on the level type, group name, members list, and other input parameters you have specified. | create_user_group Investigation |
Get User Groups List | Retrieves a list of all user groups or specific user groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_user_group Investigation |
Update User Group | Updates a user group in Fortinet FortiManager based on the level type, group name, change in the members' list, and other input parameters you have specified. | update_user_group Investigation |
Delete User Group | Deletes a user group from Fortinet FortiManager based on the level type, group name, and other input parameters you have specified. | delete_user_group Investigation |
Get SSL VPN Settings | Retrieves SSL VPN settings from Fortinet FortiManager based on the device name, VDOM, and other search parameters you have specified. | get_ssl_vpn Investigation |
Update SSL VPN Settings | Updates an SSL VPN settings in Fortinet FortiManager based on the device name, VDOM, and input search parameters you have specified. | update_ssl_vpn Investigation |
Get Web Filter List | Retrieves a list all of web filters or specific web filters from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_web_filter Investigation |
Get Blocked URLs | Retrieves a list of URLs that are blocked on Fortinet FortiManager based on the specified web filter profile name, level type, and other search parameters you have specified. | get_blocked_urls Investigation |
Block URL | Blocks URLs on Fortinet FortiManager using the Web Filter Profile Name you have specified. | block_url Containment |
Unblock URL | Unblocks URLs on Fortinet FortiManager using the Web Filter Profile Name you have specified. | unblock_url Containment |
Get Applications Detail | Retrieves a list of all application names and associated details from the Fortinet FortiManager server. | get_app_details Investigation |
Get Applications Control List | Retrieves a list all of application control profiles or specific application control profiles from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_application_control_list Investigation |
Get Blocked Applications | Retrieves a list of application names that are blocked on Fortinet FortiManager based on the specified application control name, level type, and other search parameters you have specified. | get_blocked_app Investigation |
Block Application | Blocks applications on Fortinet FortiManager using the Application Control Profile Name you have specified. | block_application Containment |
Unblock Application | Unblocks applications on Fortinet FortiManager using the Application Control Profile Name you have specified. | unblock_applications Containment |
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Reporter | Name of the reporter of the incident that you want to create in Fortinet FortiManager. For example, admin. |
Endpoint Name | Details of the endpoint affected by the incident that you want to create in Fortinet FortiAnalyzer. For example, 11.XXX.YY.Z/32 (11.XXX.YY.Z) or 11.XXX.YY.Z/32 (Emp1 Laptop). |
Endpoint ID | (Optional) Endpoint ID that you want to assign to the incident you want to create in Fortinet FortiManager. |
End User ID | (Optional) End-user ID that you want to assign to the incident you want to create in Fortinet FortiManager. |
Category | (Optional) The category you want to assign to the incident you want to create in Fortinet FortiManager. You can choose from the following options: Unauthorized access, Denial of Service, Malicious Code, Improper Usage, Scans/Probes/Attempted Access, or Uncategorized. |
Severity | (Optional) The severity level you want to assign to the incident you want to create in Fortinet FortiManager. You can choose from the following options: High, Medium, or Low. |
Status | (Optional) The status you want to assign to the incident you want to create in Fortinet FortiManager. You can choose from the following options: New, Analysis, Response, Closed: Remediated, or Closed: False Positive. |
Description | (Optional) Description of the new incident that you want to create in Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"jsonrpc": "",
"id": "",
"result": {
"incid": ""
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ADOM | The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Incident ID | The ID of incidents in CSV or list format that you want to retrieve from Fortinet FortiManager. |
Detail Level | Level of detail of the incidents that you want to retrieve from Fortinet FortiManager. By default, this is set to "Standard". |
Filter | Query in the format of field_name="field_value" using which you want to filter incidents to be retrieved from Fortinet FortiManagerFor example category="CAT2" and severity="medium" |
Sort By |
Sorts the incidents by the specified field and order the results. If you choose "Field", then you can specify the following parameters:
|
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
Output schema when you choose “Detail Level” as 'Basic':
{
"jsonrpc": "",
"id": "",
"result": {
"status": {
"code": "",
"message": ""
},
"detail-level": "",
"data": [
{
"attach_revision": "",
"attach_lastupdate": "",
"lastupdate": "",
"revision": "",
"incid": ""
}
]
}
}
Output schema when you choose “Detail Level” as 'Extended':
{
"result": {
"data": [
{
"endpoint": "",
"euname": "",
"epip": "",
"status": "",
"incid": "",
"attachments": [
{
"lastupdate": "",
"attachid": "",
"revision": ""
}
],
"lastupdate": "",
"osversion": "",
"attach_lastupdate": "",
"euid": "",
"category": "",
"epid": "",
"epname": "",
"revision": "",
"reporter": "",
"createtime": "",
"description": "",
"osname": "",
"mac": "",
"lastuser": "",
"severity": "",
"attach_revision": "",
"refinfo": ""
}
],
"detail-level": "",
"status": {
"message": "",
"code": ""
}
},
"id": "",
"jsonrpc": ""
}
Output schema when you choose “Detail Level” as 'Standard' or you do not select any detail level:
{
"result": {
"data": [
{
"endpoint": "",
"reporter": "",
"createtime": "",
"description": "",
"status": "",
"incid": "",
"severity": "",
"lastuser": "",
"attach_lastupdate": "",
"lastupdate": "",
"euid": "",
"attach_revision": "",
"category": "",
"refinfo": "",
"epid": "",
"revision": ""
}
],
"detail-level": "",
"status": {
"message": "",
"code": ""
}
},
"id": "",
"jsonrpc": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Incident ID | The ID of the incident whose associated events you want to retrieve from Fortinet FortiManager. |
Attachment Type | Types of attachment that you want to search for in Fortinet FortiManager. Valid types include: Alert Event, Log, Comment, Log Search Filter, Upload File, or Report. |
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
{
"result": {
"data": [
{
"attachtype": "",
"lastupdate": "",
"incid": "",
"attachid": "",
"createtime": "",
"data": "",
"lastuser": "",
"revision": ""
}
],
"status": {
"message": "",
"code": ""
}
},
"id": "",
"jsonrpc": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Device Name | Valid device name based on which you want to retrieve details of devices from Fortinet FortiManager. Note: If a parameter is left blank or null, then this operation will return devices matching all values. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
},
"data": [
{
"os_ver": "",
"build": "",
"ips_ext": "",
"foslic_inst_time": "",
"mgmt.__data[5]": "",
"lic_region": "",
"latitude": "",
"foslic_ram": "",
"faz.perm": "",
"branch_pt": "",
"ips_ver": "",
"foslic_utm": "",
"source": "",
"foslic_cpu": "",
"mgmt.__data[3]": "",
"mgmt.__data[2]": "",
"ha_mode": "",
"opts": "",
"last_resync": "",
"foslic_last_sync": "",
"conn_status": "",
"mgmt.__data[7]": "",
"patch": "",
"hw_rev_minor": "",
"mgmt.__data[1]": "",
"psk": "",
"checksum": "",
"faz.quota": "",
"ha_group_id": "",
"adm_usr": "",
"ha_group_name": "",
"faz.used": "",
"tunnel_cookie": "",
"conf_status": "",
"mgmt.__data[6]": "",
"last_checked": "",
"version": "",
"mgmt.__data[0]": "",
"ha_slave": "",
"name": "",
"longitude": "",
"platform_str": "",
"foslic_dr_site": "",
"tunnel_ip": "",
"oid": "",
"foslic_type": "",
"prefer_img_ver": "",
"location_from": "",
"vm_cpu_limit": "",
"mgmt_if": "",
"faz.full_act": "",
"av_ver": "",
"fex_cnt": "",
"fsw_cnt": "",
"mgmt.__data[4]": "",
"vm_mem": "",
"sn": "",
"logdisk_size": "",
"lic_flags": "",
"hostname": "",
"vm_mem_limit": "",
"vdom": [
{
"tab_status": "",
"opmode": "",
"name": "",
"devid": "",
"rtm_prof_id": "",
"status": "",
"comments": "",
"oid": "",
"ext_flags": "",
"node_flags": "",
"vpn_id": "",
"flags": ""
}
],
"tab_status": "",
"adm_pass": [],
"mgmt_id": "",
"beta": "",
"dev_status": "",
"os_type": "",
"vm_lic_expire": "",
"mgmt_mode": "",
"hdisk_size": "",
"ip": "",
"vm_status": "",
"db_status": "",
"mr": "",
"module_sn": "",
"hw_rev_major": "",
"flags": "",
"desc": "",
"app_ver": "",
"maxvdom": "",
"vm_cpu": "",
"conn_mode": "",
"node_flags": "",
"fap_cnt": "",
"mgt_vdom": ""
}
]
}
]
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ADOM | The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Filter | Filter expression using which you want to retrieve events from Fortinet FortiManager.'event_value', 'severity', 'triggername', 'count', 'comment' and 'flags' are supported.For example, triggername='Local Device Event' and severity>=3 or subject='desc:User login from SSH failed' |
Time Range | Select this checkbox to specify the time range for which you want to retrieve events from Fortinet FortiManager. If you select this checkbox, then you must specify the following parameters:
|
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
{
"jsonrpc": "",
"result": {
"data": [
{
"alerttime": "",
"triggername": "",
"devname": "",
"vdom": "",
"filterid": "",
"filterkey": "",
"devtype": "",
"eventtype": "",
"groupby1": "",
"euid": "1",
"subject": "",
"devid": "",
"alertid": "",
"extrainfo": "",
"euname": "",
"epname": "",
"ackflag": "",
"logcount": "",
"filtercksum": "",
"tag": "",
"updatetime": "",
"epid": "1",
"severity": "",
"readflag": "",
"lastlogtime": "",
"firstlogtime": ""
}
]
},
"id": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Alert ID | The ID of alerts in CSV or list format whose event details (logs) you want to retrieve from Fortinet FortiManager. Note: You can find the "Alert IDs" using the "Get Events" action. |
Time Order | Select the order in which you want to sort the result. You can choose between Ascending or Descending. By default, this is set to Descending. |
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
{
"id": "",
"result": {
"data": [
{
"log_id": "",
"devname": "",
"userfrom": "",
"time": "",
"dstepid": "",
"desc": "",
"user": "",
"dtime": "",
"msg": "",
"type": "",
"devid": "",
"dsteuid": "",
"euid": "",
"date": "",
"idseq": "",
"itime_t": "",
"epid": "",
"subtype": "",
"level": "",
"itime": ""
}
]
},
"jsonrpc": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Incident ID | The ID of the incident that you want to update in FortiManager. |
Endpoint Name | Details of the endpoint affected by the incident that you want to update in Fortinet FortiAnalyzer. For example, 11.XXX.YY.Z/32 (11.XXX.YY.Z) or 11.XXX.YY.Z/32 (Emp1 Laptop). |
Endpoint ID |
(Optional) Endpoint ID that you want to assign to the incident you want to update in Fortinet FortiManager. |
End User ID | (Optional) End-user ID that you want to assign to the incident you want to update in Fortinet FortiManager. |
Category | (Optional) The category you want to assign to the incident you want to update in Fortinet FortiManager. You can choose from the following options: Unauthorized access, Denial of Service, Malicious Code, Improper Usage, Scans/Probes/Attempted Access, or Uncategorized. |
Severity | (Optional) The severity level you want to assign to the incident you want to update in Fortinet FortiManager. You can choose from the following options: High, Medium, or Low. |
Status | (Optional) The status you want to assign to the incident you want to update in Fortinet FortiManager. You can choose from the following options: New, Analysis, Response, Closed: Remediated, or Closed: False Positive. |
Description | (Optional) Description of the incident that you want to update in Fortinet FortiManager. |
Last Revision | (Optional) Last version of the incident that you want to update in Fortinet FortiManager. |
Last User | (Optional) Last user of the incident that you want to update in Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"jsonrpc": "",
"id": "",
"result": {
"status": {
"code": "",
"message": ""
}
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ADOM Name | Specify the ADOM name whose policy package you want to retrieve from Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose details you want to retrieve from Fortinet FortiManager This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | Specify the policy package or folder path of the ADOM policy package whose details you want to retrieve from Fortinet FortiManager. |
The output contains the following populated JSON schema:
Output schema when the 'Policy Package Name' is empty
{
"result": [
{
"data": [
{
"type": "",
"package settings": {
"consolidated-firewall-mode": "",
"fwpolicy6-implicit-log": "",
"fwpolicy-implicit-log": "",
"ngfw-mode": "",
"central-nat": ""
},
"oid": "",
"name": "",
"scope member": [
{
"vdom": "",
"name": ""
}
],
"obj ver": ""
}
],
"url": "",
"status": {
"code": "",
"message": ""
}
}
],
"id": ""
}
Default Output schema
{
"id": "",
"result": [
{
"status": {
"code": "",
"message": ""
},
"data": {
"obj ver": "",
"name": "",
"type": "",
"scope member": [
{
"name": "",
"vdom": ""
}
],
"oid": "",
"package settings": {
"ngfw-mode": "",
"consolidated-firewall-mode": "",
"fwpolicy6-implicit-log": "",
"fwpolicy-implicit-log": "",
"central-nat": ""
}
},
"url": ""
}
]
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name whose ADOM firewall policy you want to retrieve from Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose firewall policy details you want to retrieve from Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM firewall policy whose details you want to retrieve from Fortinet FortiManager. |
Firewall Policy Name | (Optional) Specify the firewall policy name whose details you want to retrieve from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": [
{
"_last_hit": "",
"_byte": "",
"custom-log-fields": [],
"_pkts": "",
"anti-replay": "",
"_first_hit": "",
"webproxy-profile": [],
"delay-tcp-npu-session": "",
"dstaddr-negate": "",
"tcp-mss-receiver": "",
"internet-service": "",
"srcaddr": [],
"traffic-shaper": [],
"vpn_dst_node": "",
"match-vip-only": "",
"_hitcount": "",
"schedule": [],
"fsso-agent-for-ntlm": [],
"permit-any-host": "",
"schedule-timeout": "",
"radius-mac-auth-bypass": "",
"email-collect": "",
"name": "",
"ssl-mirror-intf": [],
"status": "",
"policyid": "",
"vlan-cos-fwd": "",
"vpn_src_node": "",
"nat": "",
"block-notification": "",
"logtraffic-start": "",
"per-ip-shaper": [],
"tos-negate": "",
"traffic-shaper-reverse": [],
"logtraffic": "",
"np-acceleration": "",
"session-ttl": "",
"uuid": "",
"service-negate": "",
"srcaddr-negate": "",
"wccp": "",
"_policy_block": "",
"action": "",
"groups": [],
"fsso": "",
"tos": "",
"internet-service-src": "",
"utm-status": "",
"natip": [],
"capture-packet": "",
"dstaddr": [],
"tcp-mss-sender": "",
"_first_session": "",
"_sesscount": "",
"_global-vpn-tgt": "",
"srcintf": [],
"tcp-session-without-syn": "",
"timeout-send-rst": "",
"ssl-ssh-profile": [],
"fsso-groups": [],
"service": [],
"vlan-cos-rev": "",
"captive-portal-exempt": "",
"users": [],
"app-group": [],
"webcache-https": "",
"geoip-anycast": "",
"diffserv-forward": "",
"profile-type": "",
"rtp-nat": "",
"reputation-direction": "",
"disclaimer": "",
"webproxy-forward-server": [],
"inspection-mode": "",
"obj seq": "",
"auto-asic-offload": "",
"_global-vpn": [],
"ssl-mirror": "",
"dstintf": [],
"_last_session": "",
"match-vip": "",
"diffserv-reverse": "",
"dsri": "",
"tos-mask": "",
"reputation-minimum": "",
"profile-protocol-options": [],
"replacemsg-override-group": []
}
],
"status": {
"message": "",
"code": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
ADOM | (Optional) Specify the ADOM name whose associated list of blocked IP addresses you want to retrieve from Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM Firewall policy whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Firewall Policy Name | Specify the Firewall policy name associated with the blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Address Group Name | Name of the IP address group name, in the "CSV" or "list" format, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
The output contains the following populated JSON schema:
{
"policy_name": "",
"dstaddr": [],
"srcaddr": [],
"addrgrp": [
{
"name": "",
"member": []
}
],
"addrgrp_not_exist": []
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name whose associated IP addresses you want to block in the firewall policy of Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose associated IP addresses you want to block in the firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM firewall policy whose associated IP addresses you want to block in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall policy that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. |
Address Group Name | Name of the IP address group name that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
IP Address | Specify the IP addresses that you want to block using Fortinet FortiManager in the "CSV" or "list" format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"already_blocked": [],
"newly_blocked": [],
"error_with_block": []
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name whose associated IP addresses you want to unblock in the firewall policy of Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose associated IP addresses you want to unblock in the firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM firewall policy whose associated IP addresses you want to unblock in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall Policy that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. |
Address Group Name | Name of the IP address group name, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
IP Address | Specify the IP addresses that you want to unblock using Fortinet FortiManager in the "CSV" or "list" format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"not_exist": [],
"newly_unblocked": [],
"error_with_unblock": []
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name to which you want to apply the firewall policy in Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name to which you want to apply the firewall policy in Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path to apply the firewall policy in Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"task": ""
},
"status": {
"message": "",
"code": ""
},
"url": ""
}
]
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Package Name | Specify the name of the global policy package name from which you want to retrieve package details. |
Policy Package/Folder Path | Specify the policy package or folder path from which you want to retrieve package details. |
The output contains the following populated JSON schema:
Output schema when the 'Policy Package Name' is empty
{
"result": [
{
"url": "",
"data": [
{
"type": "",
"package settings": {
"ngfw-mode": "",
"central-nat": "",
"consolidated-firewall-mode": "",
"fwpolicy-implicit-log": "",
"fwpolicy6-implicit-log": ""
},
"scope member": [
{
"name": ""
}
],
"obj ver": "",
"name": "",
"oid": ""
}
],
"status": {
"message": "",
"code": ""
}
}
],
"id": ""
}
Default Output schema
{
"result": [
{
"url": "",
"data": {
"type": "",
"package settings": {
"ngfw-mode": "",
"central-nat": "",
"consolidated-firewall-mode": "",
"fwpolicy-implicit-log": "",
"fwpolicy6-implicit-log": ""
},
"scope member": [
{
"name": ""
}
],
"obj ver": "",
"name": "",
"oid": ""
},
"status": {
"message": "",
"code": ""
}
}
],
"id": ""
}
Parameter | Description |
---|---|
Policy Package Name | Specify the name of the global firewall policy package from which you want to retrieve package details. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path from which you want to retrieve package details. |
Policy Type | Select the policy type from which you want to retrieve firewall policy details. |
Policy Name | (Optional) Specify the name of the global firewall policy whose details you want to retrieve from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"result": [
{
"url": "",
"data": [
{
"ssl-ssh-profile": [],
"_pkts": "",
"disclaimer": "",
"diffserv-reverse": "",
"replacemsg-override-group": [],
"dstaddr": [],
"per-ip-shaper": [],
"vlan-cos-rev": "",
"schedule": [],
"wccp": "",
"_byte": "",
"status": "",
"groups": [],
"block-notification": "",
"_global-vpn": [],
"webcache-https": "",
"obj seq": "",
"utm-status": "",
"webproxy-profile": [],
"tcp-mss-receiver": "",
"tos-negate": "",
"profile-type": "",
"reputation-minimum": "",
"timeout-send-rst": "",
"policyid": "",
"dstaddr-negate": "",
"traffic-shaper": [],
"profile-protocol-options": [],
"internet-service": "",
"reputation-direction": "",
"natip": [],
"session-ttl": "",
"vlan-cos-fwd": "",
"delay-tcp-npu-session": "",
"webproxy-forward-server": [],
"email-collect": "",
"np-acceleration": "",
"fsso-agent-for-ntlm": [],
"identity-based-policy": "",
"name": "",
"tos": "",
"_first_session": "",
"uuid": "",
"_sesscount": "",
"match-vip": "",
"logtraffic": "",
"schedule-timeout": "",
"traffic-shaper-reverse": [],
"tos-mask": "",
"permit-any-host": "",
"anti-replay": "",
"capture-packet": "",
"ssl-mirror-intf": [],
"srcaddr": [],
"service": [],
"internet-service-src": "",
"dstintf": [],
"_last_hit": "",
"_hitcount": "",
"_first_hit": "",
"gtp-profile": [],
"radius-mac-auth-bypass": "",
"diffserv-forward": "",
"geoip-anycast": "",
"tcp-mss-sender": "",
"app-group": [],
"rtp-nat": "",
"inspection-mode": "",
"tcp-session-without-syn": "",
"logtraffic-start": "",
"auto-asic-offload": "",
"action": "",
"fsso-groups": [],
"fsso": "",
"_global-vpn-tgt": "",
"captive-portal-exempt": "",
"users": [],
"custom-log-fields": [],
"dsri": "",
"srcintf": [],
"nat": "",
"service-negate": "",
"match-vip-only": "",
"ssl-mirror": "",
"_last_session": "",
"srcaddr-negate": ""
}
],
"status": {
"message": "",
"code": ""
}
}
],
"id": ""
}
Parameter | Description |
---|---|
Policy Package Name | Specify the name of the global firewall policy whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the global firewall policy whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Policy Type | Select policy type based on which you want to retrieve blocked IP addresses from Fortinet FortiManager. |
Firewall Policy Name | Specify the firewall policy name associated with the blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Address Group Name | Name of the IP address group name, in the "CSV" or "list" format, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
The output contains the following populated JSON schema:
{
"policy_name": "",
"dstaddr": [],
"srcaddr": [],
"addrgrp": [
{
"name": "",
"member": []
}
],
"addrgrp_not_exist": []
}
Parameter | Description |
---|---|
Policy Package Name | Select the policy package whose associated IP addresses you want to block in the global firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the global firewall policy whose associated IP addresses you want to block in Fortinet FortiManager. |
Policy Type | Select policy type whose IP addresses you want to block in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall Policy that you have specified in Fortinet FortiManager for blocking or blocking IP addresses. |
Address Group Name | Name of the IP address group name, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs or applications in Fortinet FortiManager section. |
IP Address | IP addresses that you want to block using Fortinet FortiManager in the "CSV" or "list" format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"already_blocked": [],
"newly_blocked": [],
"error_with_block": []
}
Parameter | Description |
---|---|
Policy Package Name | Select the policy package whose associated IP addresses you want to unblock in the global firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the global firewall policy whose associated IP addresses you want to unblock in Fortinet FortiManager. |
Policy Type | Select policy type whose IP addresses you want to unblock in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall Policy that you have specified in Fortinet FortiManager for blocking or blocking IP addresses. |
Address Group Name | Name of the IP address group name, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
IP Address | IP addresses that you want to unblock using Fortinet FortiManager in the "CSV" or "list" format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"not_exist": [],
"newly_unblocked": [],
"error_with_unblock": []
}
Parameter | Description |
---|---|
Policy Package Name | Select the policy package that you want to assign to ADOM devices in the global firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | Specify the policy package or folder path of the global policy package that you want to assign to ADOM devices in Fortinet FortiManager. |
ADOM Devices | Specify one or more destination ADOMs to which you want to assign the selected global policy package. This parameter makes an API call named "list_global_adom " to dynamically populate its dropdown selections. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"task": ""
},
"status": {
"message": "",
"code": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve the device group details. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "desc", "name", "os_type", "type"] . If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying one of the attributes. Attributes are desc, name, os_type, type. For example, [["name", "==", "All_FortiADC"],[ "os_type", "==", 9]] |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the device groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"oid": "",
"desc": "",
"name": "",
"type": "",
"os_type": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the address. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Address Type | Choose the type of address you want to create in Fortinet FortiManager. You can select between Subnet, IP Range, FQDN, Wildcard, Geography, or MAC Address. If you choose 'Subnet', then you can specify the following parameters:
|
Policy Group Name | (Optional) Specify the name of the policy group to be added to the address that you want to create. |
Comment | (Optional) Comment to be added to the address that you want to create. |
Additional Address Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the address. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the address details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "_image-base64", "allow-routing", "associated-interface", "cache-ttl", "clearpass-spt", "color", "comment", "country", "end-ip", "epg-name", "fabric-object", "filter", "fqdn", "fsso-group", "interface", "macaddr", "name", "node-ip-only", "obj-id", "obj-tag", "obj-type", "organization", "policy-group", "sdn", "sdn-addr-type", "sdn-tag", "start-ip", "sub-type", "subnet", "subnet-name", "tenant", "type", "uuid", "wildcard", "wildcard-fqdn"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the addresses by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
},
"data": [
{
"list": "",
"name": "",
"type": "",
"uuid": "",
"color": "",
"subnet": [],
"comment": "",
"macaddr": [],
"tagging": "",
"obj-type": "",
"node-ip-only": "",
"allow-routing": "",
"clearpass-spt": "",
"fabric-object": "",
"sdn-addr-type": "",
"dynamic_mapping": "",
"associated-interface": []
}
]
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the address. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Address Type | Choose the type of address you want to update in Fortinet FortiManager. You can select between Subnet, IP Range, FQDN, Wildcard, Geography, or MAC Address. If you choose 'Subnet', then you can specify the following parameters:
|
Policy Group Name | (Optional) Specify the name of the policy group to be added to the address that you want to update. |
Comment | (Optional) Comment to be added to the address that you want to update. |
Additional Address Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the address. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to delete the address. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the address group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Type |
Choose the type of address group you want to create in Fortinet FortiManager. You can select between Group (default) or Folder.
|
Member | Specify a CSV list or a list of address objects or address groups that you want to add to the address group that you want to create in Fortinet FortiManager. |
Exclude | Select this option, i.e., set it to true to enable address exclusion and if this option is selected, then in the Exclude Member field specify a CSV list or a list of address objects or address groups that you want to add to the exclusion member list. |
Comment | (Optional) Comment to be added to the address group that you want to create. |
Additional Address Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the address group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the address group details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "_image-base64", "allow-routing", "associated-interface", "cache-ttl", "clearpass-spt", "color", "comment", "country", "end-ip", "epg-name", "fabric-object", "filter", "fqdn", "fsso-group", "interface", "macaddr", "name", "node-ip-only", "obj-id", "obj-tag", "obj-type", "organization", "policy-group", "sdn", "sdn-addr-type", "sdn-tag", "start-ip", "sub-type", "subnet", "subnet-name", "tenant", "type", "uuid", "wildcard", "wildcard-fqdn"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the address groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"type": "",
"uuid": "",
"color": "",
"member": [],
"exclude": "",
"tagging": "",
"category": "",
"allow-routing": "",
"fabric-object": "",
"exclude-member": [],
"dynamic_mapping": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the address group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Method |
Select the action that you want to perform on members of the address group. You can choose between Add or Remove.
|
Exclude |
Select this option, i.e., set it to true to enable address exclusion and if this option is selected, then specify the following:
|
Comment | (Optional) Comment to be added to the address group that you want to update. |
Additional Address Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the address group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to delete the address group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the service categories details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["comment", "fabric-object", "name"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the service categories by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"comment": "",
"obj seq": "",
"fabric-object": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the service group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Member | Specify a CSV list or a list of service objects that you want to add to the service group that you want to create in Fortinet FortiManager. |
Proxy | Select Enable to enable the web proxy service group or Disable to disable the web proxy service group. |
Comment | (Optional) Comment to be added to the service group that you want to create. |
Additional Service Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the service group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the service group details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["color", "comment", "fabric-objec"t, "member", "name", "proxy"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the service groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"oid": "",
"name": "",
"member": []
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type at which you want to update the service group. You can choose between ADOM or Global Type.
If you choose 'ADOM', then you can specify the following parameters:
If you choose 'Global', then you can specify the following parameters:
|
Method |
Select the action that you want to perform on members of the service group. You can choose between Add or Remove.
|
Proxy | Select Enable to enable the web proxy service group or Disable to disable the web proxy service group. |
Comment | (Optional) Comment to be added to the service group that you want to update. |
Additional Service Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the address group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Level Type | Choose the level type at which you want to delete the service group. You can choose between ADOM or Global Type.
If you choose 'ADOM', then you can specify the following parameters:
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the custom service. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Service Category | (Optional) Specify the ID of the category of the custom service that you want to create in Fortinet FortiManager. |
Proxy |
Select Enable to enable the web proxy service or Disable to disable the web proxy service.
If you choose Disable, then you can specify the following parameters:
|
App Category | (Optional) Specify the ID of the application category for the custom service that you want to create in Fortinet FortiManager. |
App Service Type | Select the type of application service type for the custom service that you want to create in Fortinet FortiManager. You can choose between Disable (default), App ID, or App Category. |
Application ID | (Optional) Specify the ID of the application for the custom service that you want to create in Fortinet FortiManager. |
ICMP Error Message | Configure the type of ICMP error message verification for the custom service that you want to create in Fortinet FortiManager. You can choose between Disable, Default, or Strict. |
Helper Name | (Optional) Specify the helper name for the custom service that you want to create in Fortinet FortiManager. You can specify the following values: disable, auto, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b, pfcp |
Session TTL | (Optional) Specify the TTL for the session (300 - 2764800, 0 = default) associated with the custom service that you want to create in Fortinet FortiManager. |
TCP Halfclose Timer | (Optional) Specify the wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
TCP Halfopen Timer | (Optional) Specify the wait time to open a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
TCP Rst Timer | (Optional) Set the length of the TCP CLOSE state in seconds (5 - 300 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
TCP Time-Wait Timer | (Optional) Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). for the custom service that you want to create in Fortinet FortiManager. |
UDP Idle Timer | (Optional) Specify UDP half-close timeout (0 - 86400 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
Comment | (Optional) Comment to be added to the custom service that you want to create. |
Additional Custom Service Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the custom service. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the custom service details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["app-category", "app-service-type", "application", "category", "check-reset-range", "color", "comment", "fabric-object", "fqdn", "helper", "icmpcode", "icmptype", "iprange", "name", "protocol", "protocol-number", "proxy", "sctp-portrange", "session-ttl", "tcp-halfclose-timer", "tcp-halfopen-timer", "tcp-portrange", "tcp-rst-timer", "tcp-timewait-timer", "udp-idle-timer", "udp-portrange", "visibility"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the device groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"color": "",
"proxy": "",
"helper": "",
"iprange": "",
"obj seq": "",
"category": [],
"protocol": "",
"visibility": "",
"application": [],
"app-category": [],
"fabric-object": "",
"tcp-rst-timer": "",
"udp-portrange": [],
"protocol-number": "",
"app-service-type": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the custom service. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Service Category | (Optional) Specify the ID of the category of the custom service that you want to update in Fortinet FortiManager. |
Proxy |
Select Enable to enable the web proxy service or Disable to disable the web proxy service.
If you choose Disable, then you can specify the following parameters:
|
App Category | (Optional) Specify the ID of the application category for the custom service that you want to update in Fortinet FortiManager. |
App Service Type | Select the type of application service type for the custom service that you want to update in Fortinet FortiManager. You can choose between Disable (default), App ID, or App Category. |
Application ID | (Optional) Specify the ID of the application for the custom service that you want to update in Fortinet FortiManager. |
ICMP Error Message | Configure the type of ICMP error message verification for the custom service that you want to update in Fortinet FortiManager. You can choose between Disable, Default, or Strict. |
Helper Name | (Optional) Specify the helper name for the custom service that you want to update in Fortinet FortiManager. You can specify the following values: disable, auto, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b, pfcp |
Session TTL | (Optional) Specify the TTL for the session (300 - 2764800, 0 = default) associated with the custom service that you want to update in Fortinet FortiManager. |
TCP Halfclose Timer | (Optional) Specify the wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
TCP Halfopen Timer | (Optional) Specify the wait time to open a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
TCP Rst Timer | (Optional) Set the length of the TCP CLOSE state in seconds (5 - 300 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
TCP Time-Wait Timer | (Optional) Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). for the custom service that you want to update in Fortinet FortiManager. |
UDP Idle Timer | (Optional) Specify UDP half-close timeout (0 - 86400 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
Comment | (Optional) Comment to be added to the custom service that you want to update. |
Additional Custom Service Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the custom service. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type at which you want to delete the custom service. You can choose between ADOM or Global Type.
If you choose 'ADOM', then you can specify the following parameters:
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the policy package. You can choose between ADOM or Global Type.
|
Package Type |
Select the type of package, either Package or Folder, for the policy package that you want to create in Fortinet FortiManager. If you choose 'Package', then you can specify the following parameters:
If you choose 'Folder', then in the Policy Package Folder Name field, specify the valid policy package folder name that you want to create in Fortinet FortiManager. |
Additional Policy Package Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the policy package. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the policy package. You can choose between ADOM or Global Type.
|
Package Type |
Select the type of package, either Package or Folder, for the policy package that you want to update in Fortinet FortiManager. If you choose 'Package', then you can specify the following parameters:
If you choose 'Folder', then in the Policy Package Folder Name field, specify the valid policy package folder name that you want to update in Fortinet FortiManager. |
Additional Policy Package Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the policy package. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to delete the policy package. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Path | (Optional) Specify a valid path for the policy package you want to delete from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to create in Fortinet FortiManager. |
Policy Name | Valid name of the policy name that you want to create in Fortinet FortiManager. |
Source Interface | Specify the Incoming (ingress) interface for the firewall policy you want to create in Fortinet FortiManager. |
Destination Interface | Specify the Outgoing (egress) interface for the firewall policy you want to create in Fortinet FortiManager. |
Service | Specify service and service group names for the firewall policy you want to create in Fortinet FortiManager. |
Source IPv4 Address | Specify source IPv4 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Source IPv6 Address | Specify source IPv6 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Destination IPv4 Address | Specify destination IPv4 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Destination IPv6 Address | Specify destination IPv6 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Policy Action |
Select the policy action for the firewall policy you want to create in Fortinet FortiManager. You can choose from the following options:
|
Status | Select Enable to enable this firewall policy on Fortinet FortiManager. |
Inspection Mode | Select the Inspection mode for the firewall policy that you want to create in Fortinet FortiManager. You can choose between proxy or flow (default). |
Schedule | Specify the name for the schedule to be associated with the firewall policy that you want to create in Fortinet FortiManager. For example, always, none , etc. |
Schedule Timeout | Select Enable to enable forceful ending of current sessions when the schedule object times out. Select Disable to allow them to end from inactivity. |
Comment | (Optional) Comment to be added to the firewall policy that you want to create. |
Log Traffic |
Select the method of logging traffic, i.e, logging of all sessions or security profile sessions. You can choose from the following:
|
Additional Policy Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the firewall policy. You can enter the arguments in the following format: {"field1":value1, "field2":value2} .For example, {"logtraffic-start": "disable", "radius-mac-auth-bypass": "disable", "profile-type": "single" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"policyid": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to update in Fortinet FortiManager. |
Policy Name | Valid name of the policy name that you want to update in Fortinet FortiManager. |
Method | Select the action that you want to perform for updating the firewall policy in Fortinet FortiManager. You can choose between Add or Remove. If you choose 'Add', then you can specify the following parameters:
|
Policy Action |
Select the policy action for the firewall policy you want to update in Fortinet FortiManager. You can choose from the following options:
|
Status | Select Enable to enable this firewall policy on Fortinet FortiManager. |
Inspection Mode | Select the Inspection mode for the firewall policy that you want to create in Fortinet FortiManager. You can choose between proxy or flow (default). |
Schedule | Specify the name for the schedule to be associated with the firewall policy that you want to create in Fortinet FortiManager. For example, always, none ,etc. |
Schedule Timeout | Select Enable to enable forceful ending of current sessions when the schedule object times out. Select Disable to allow them to end from inactivity. |
Comment | (Optional) Comment to be added to the firewall policy that you want to create. |
Additional Policy Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the firewall policy. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"radius-mac-auth-bypass": "disable", "profile-type": "single" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"policyid": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Type |
Choose the level type at which you want to delete the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to delete from Fortinet FortiManager. |
Policy ID | Specify the ID of the firewall policy that you want to delete from Fortinet FortiManager. You can get the policy ID from "List Global Firewall Policies" or "List ADOM Firewall Policies" actions. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level |
Choose the level type at which you want to move the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to move in Fortinet FortiManager. |
Policy ID | Specify the ID of the firewall policy that you want to move in Fortinet FortiManager. You can get the policy ID from "List Global Firewall Policies" or "List ADOM Firewall Policies" actions. |
Target | Specify the Key to the target entry, i.e., the ID of the target policy. |
Option | Select whether you want to move the firewall policy Before or After the target policy in Fortinet FortiManager. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Level |
Choose the level type from which you want to retrieve the dynamic interface details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["color", "default-mapping", "defmap-intf", "defmap-intrazone-deny", "defmap-zonemember", "description", "egress-shaping-profile", "name", "single-intf", "wildcard", "wildcard-intf"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the dynamic interfaces by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"color": "",
"wildcard": "",
"single-intf": "",
"default-mapping": "",
"dynamic_mapping": "",
"platform_mapping": [
{
"name": "",
"intf-zone": "",
"intrazone-deny": ""
}
],
"defmap-zonemember": [],
"defmap-intrazone-deny": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
ADOM Name | Specify the ADOM name of the policy that you want to install in Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified as a configuration parameter. |
Policy Package Name | Select the name of the policy package that you want to install in Fortinet FortiManager. This parameter will make an API call named "list_adom_policy_package " to dynamically populate its dropdown selections. |
ADOM Revision Comment | Specify the ADOM revision comment of the policy that you want to install in Fortinet FortiManager |
ADOM Revision Name | Specify the ADOM revision name of the policy that you want to install in Fortinet FortiManager |
Device Configuration Revision | Comments that you want to for the device configuration revision that will be generated during the installation. |
Device Name | Specify the device name or device group name on which you want to install the policy package. |
VDOM | Specify the VDOM on which you want to install the policy package. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Task ID | Specify the ID of the task whose policy package installation status you want to retrieve from Fortinet FortiManager. You get the task ID using the "Install Policy" action. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"adom": "",
"end_tm": "",
"flags": "",
"id": "",
"line": [
{
"detail": "",
"end_tm": "",
"err": "",
"history": [
{
"detail": "",
"name": "",
"percent": "",
"vdom": ""
}
],
"ip": "",
"name": "",
"oid": "",
"percent": "",
"start_tm": "",
"state": "",
"vdom": ""
}
],
"num_done": "",
"num_err": "",
"num_lines": "",
"num_warn": "",
"percent": "",
"pid": "",
"src": "",
"start_tm": "",
"state": "",
"title": "",
"tot_percent": "",
"user": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the LDAP server. You can choose between ADOM or Global Type.
|
LDAP Server Name | Specify the entry name of the LDAP server used to create the LDAP server that you want to create on Fortinet FortiManager. |
Username | Specify the Username (full DN) used for initial binding at the time of the creation of the LDAP server on Fortinet FortiManager. |
Password | Specify the Password used for initial binding at the time of the creation of the LDAP server on Fortinet FortiManager. |
Distinguished Name | Specify the Distinguished Name used to look up entries on the LDAP server at the time of the creation of the LDAP server on Fortinet FortiManager. |
Server | Specify LDAP server CN domain name or IP to be used at the time of the creation of the LDAP server on Fortinet FortiManager. |
Account Key Processing | Select the type of Account Key processing operation, either Same (keep) or Strip (strip domain string of UPN in the token) to be used at the time of the creation of the LDAP server on Fortinet FortiManager. |
AntiPhishing | Select Enable to enable AntiPhishing credential backend when the LDAP server is being created on Fortinet FortiManager. |
Group Member Check | Select the type of group member checking methods to be used at the time of the creation of the LDAP server on Fortinet FortiManager. You can choose between User Attribute, Group Object, or Posix Group Object. |
Interface Select Method | Select the type of outgoing interface selection method used to reach the server at the time of the creation of the LDAP server on Fortinet FortiManager. You can choose between Auto, SD-WAN, or Specify. |
Obtain User Info | Select Enable to enable obtaining of user information when the LDAP server is being created on Fortinet FortiManager. |
Source IP | (Optional) Specify the IP address of FortiGate to be used for communication with the LDAP server when the LDAP server is being created on Fortinet FortiManager. |
Source Port | (Optional) Specify the source port to be used for communication with the LDAP server when the LDAP server is being created on Fortinet FortiManager. |
Additional LDAP Server Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the LDAP server. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"account-key-filter": "string", "group-filter": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level |
Choose the level type from which you want to retrieve the details for the LDAP servers. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "account-key-filter", "account-key-processing", "antiphish", "ca-cert", "cnid", "dn", "group-filter", "group-member-check", "group-object-filter", "group-search-base", "interface", "interface-select-method", "member-attr", "name", "obtain-user-info", "password", "password-attr", "password-expiry-warning", "password-renewal", "port", "search-type", "secondary-server", "secure", "server", "server-identity-check", "source-ip", "source-port", "ssl-min-proto-version", "tertiary-server", "two-factor", "two-factor-authentication", "two-factor-notification", "type", "user-info-exchange-server", "username" ] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the LDAP servers by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the LDAP server. You can choose between ADOM or Global Type.
|
LDAP Server Name | Specify the entry name of the LDAP server used to update the LDAP server that you want to update on Fortinet FortiManager. |
Username | (Optional) Specify the Username (full DN) used for initial binding at the time of the updation of the LDAP server on Fortinet FortiManager. |
Password | (Optional) Specify the Password used for initial binding at the time of the updation of the LDAP server on Fortinet FortiManager. |
Distinguished Name | (Optional) Specify the Distinguished Name used to look up entries on the LDAP server at the time of the updation of the LDAP server on Fortinet FortiManager. |
Server | (Optional) Specify LDAP server CN domain name or IP to be used at the time of the updation of the LDAP server on Fortinet FortiManager. |
Account Key Processing | Select the type of Account Key processing operation, either Same (keep) or Strip (strip domain string of UPN in the token) to be used at the time of the updation of the LDAP server on Fortinet FortiManager. |
AntiPhishing | Select Enable to enable AntiPhishing credential backend when the LDAP server is being updated on Fortinet FortiManager. |
Group Member Check | Select the type of group member checking methods to be used at the time of the updation of the LDAP server on Fortinet FortiManager. You can choose between User Attribute, Group Object, or Posix Group Object. |
Interface Select Method | Select the type of outgoing interface selection method used to reach the server at the time of the updation of the LDAP server on Fortinet FortiManager. You can choose between Auto, SD-WAN, or Specify. |
Obtain User Info | Select Enable to enable obtaining of user information when the LDAP server is being updated on Fortinet FortiManager. |
Source IP | (Optional) Specify the IP address of FortiGate to be used for communication with the LDAP server when the LDAP server is being updated on Fortinet FortiManager. |
Source Port | (Optional) Specify the source port to be used for communication with the LDAP server when the LDAP server is being updated on Fortinet FortiManager. |
Additional LDAP Server Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the LDAP server. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"account-key-filter": "string", "group-filter": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Type |
Choose the level type at which you want to delete the LDAP server. You can choose between ADOM or Global Type.
|
LDAP Server Name | Specify the entry name of the LDAP server that you want to delete from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the user group. You can choose between ADOM or Global Type.
|
Group Name | Specify the name of the user group name you want to create in Fortinet FortiManager. |
Member | Specify a CSV list or list of names of users, peers, LDAP servers, or RADIUS servers that you want to add to the user group, which you want to create in Fortinet FortiManager. |
Additional User Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the user group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"account-key-filter": "string", "group-filter": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level |
Choose the level type from which you want to retrieve the details for the user groups. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["auth-concurrent-override","auth-concurrent-value","authtimeout","company","email","expire","expire-type","group-type","http-digest-realm","id","max-accounts","member","mobile-phone","multiple-guest-add","name","password","sms-custom-server","sms-server","sponsor","sso-attribute-value","user-id","user-name"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the user groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the user group. You can choose between ADOM or Global Type.
|
Group Name | Specify the name of the user group name you want to update in Fortinet FortiManager. |
Method |
Select the action that you want to perform on members of the user group. You can choose between Add or Remove.
|
Additional User Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the user group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"sponsor": "optional", "sms-server": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Type |
Choose the level type at which you want to delete the user group. You can choose between ADOM or Global Type.
|
Group Name | Name of the group from which you want to delete the user group on Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Device | Specify the device name whose SSL VPN settings you want to retrieve from Fortinet FortiManager. |
VDOM | Specify the VDOM name using which you want to retrieve the SSL VPN settings from Fortinet FortiManager. For example, root |
Option |
Select the Fetch option to be set for the request. If you do not select any option then by default all the attributes of the object are returned. You can choose from the following:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"algorithm": "",
"auth-session-check-source-ip": "",
"auth-timeout": "",
"authentication-rule": [
{
"auth": "",
"cipher": "",
"client-cert": "",
"groups": [],
"id": "",
"obj seq": "",
"portal": [],
"realm": [],
"source-address": [],
"source-address-negate": "",
"source-address6": [],
"source-address6-negate": "",
"source-interface": [],
"users": []
}
],
"auto-tunnel-static-route": "",
"banned-cipher": "",
"check-referer": "",
"ciphersuite": "",
"client-sigalgs": "",
"default-portal": [],
"deflate-compression-level": "",
"deflate-min-data-size": "",
"dns-server1": "",
"dns-server2": "",
"dns-suffix": "",
"dtls-hello-timeout": "",
"dtls-max-proto-ver": "",
"dtls-min-proto-ver": "",
"dtls-tunnel": "",
"dual-stack-mode": "",
"encode-2f-sequence": "",
"encrypt-and-store-password": "",
"force-two-factor-auth": "",
"header-x-forwarded-for": "",
"hsts-include-subdomains": "",
"http-compression": "",
"http-only-cookie": "",
"http-request-body-timeout": "",
"http-request-header-timeout": "",
"https-redirect": "",
"idle-timeout": "",
"ipv6-dns-server1": "",
"ipv6-dns-server2": "",
"ipv6-wins-server1": "",
"ipv6-wins-server2": "",
"login-attempt-limit": "",
"login-block-time": "",
"login-timeout": "",
"port": "",
"port-precedence": "",
"reqclientcert": "",
"saml-redirect-port": "",
"servercert": [],
"source-address": [],
"source-address-negate": "",
"source-address6": [],
"source-address6-negate": "",
"source-interface": [],
"ssl-client-renegotiation": "",
"ssl-insert-empty-fragment": "",
"ssl-max-proto-ver": "",
"ssl-min-proto-ver": "",
"status": "",
"transform-backward-slashes": "",
"tunnel-addr-assigned-method": "",
"tunnel-connect-without-reauth": "",
"tunnel-ip-pools": [],
"tunnel-ipv6-pools": [],
"tunnel-user-session-timeout": "",
"unsafe-legacy-renegotiation": "",
"url-obscuration": "",
"wins-server1": "",
"wins-server2": "",
"x-content-type-options": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Device | Specify the device name whose SSL VPN settings you want to update in Fortinet FortiManager. |
VDOM | Specify the VDOM name using which you want to update the SSL VPN settings in Fortinet FortiManager. For example, root |
Default SSL VPN Portal | Specify the default SSL VPN portal to be used to update the SSL VPN settings in Fortinet FortiManager. |
Source Interface | Specify the SSL VPN source interface of incoming traffic to be used to update the SSL VPN settings in Fortinet FortiManager. |
Port | Specify the SSL VPN access port (1 - 65535) to be used to update the SSL VPN settings in Fortinet FortiManager. |
Server Certificate | Specify the name of the server certificate to be used for SSL VPNs when the SSL VPN settings are updated in Fortinet FortiManager. For example, self-sign |
Authentication/Portal Mapping |
By default, all users see the same Authentication/Portal portal and this parameter is unchecked (cleared). The Authentication/Portal Mapping allows you to assign different portals to different users and groups in Fortinet FortiManager.
|
Source Address | Specify the CSV or the list of source addresses of incoming traffic to be updated in the SSL VPN settings in Fortinet FortiManager. |
Source Address6 | Specify the CSV or the list of IPv6 source addresses of incoming traffic to be updated in the SSL VPN settings in Fortinet FortiManager. |
Source Address Negate | Select Enable to enable negated source address match when the SSL VPN settings are updated in Fortinet FortiManager. |
User Peer | Specify the name of the user peer to be used to update the SSL VPN settings in Fortinet FortiManager. |
Additional SSL VPN Settings Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updating of the SSL VPN settings. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"tunnel-ip-pools": "SSLVPN_TUNNEL_ADDR1", "sms-server": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve the web filter details. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["comment", "extended-log", "feature-set", "https-replacemsg", "log-all-url", "name", "options", "ovrd-perm", "post-action", "replacemsg-group", "web-antiphishing-log", "web-content-log", "web-extended-all-action-log", "web-filter-activex-log", "web-filter-applet-log", "web-filter-command-block-log", "web-filter-cookie-log", "web-filter-cookie-removal-log", "web-filter-js-log", "web-filter-jscript-log", "web-filter-referer-log", "web-filter-unknown-log", "web-filter-vbs-log", "web-ftgd-err-log", "web-ftgd-quota-usage", "web-invalid-domain-log", "web-url-log", "wisp", "wisp-algorithm", "wisp-servers"] . If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes in the format [["", "==", ""]] |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the web filters by a field and order the results. You can choose to either sort the results by fields, or can order the results, or both.If you choose "Field", then in the Field field specify the name of the field on which you want to sort the result. For example, default-mapping, defmap-intf, defmap-intrazone-deny, etc. If you choose 'Field'
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"antiphish": {
"authentication": "",
"check-basic-auth": "",
"check-uri": "",
"check-username-only": "",
"custom-patterns": "",
"default-action": "",
"domain-controller": [],
"inspection-entries": "",
"ldap": [],
"max-body-len": "",
"status": ""
},
"ftgd-wf": {
"exempt-quota": [],
"filters": [
{
"action": "",
"category": [],
"id": "",
"log": "",
"warn-duration": "",
"warning-prompt": ""
}
],
"max-quota-timeout": "",
"options": "",
"ovrd": [],
"quota": "",
"rate-crl-urls": "",
"rate-css-urls": "",
"rate-javascript-urls": ""
},
"override": {
"ovrd-cookie": "",
"ovrd-dur": "",
"ovrd-dur-mode": "",
"ovrd-scope": "",
"ovrd-user-group": [],
"profile": [],
"profile-attribute": "",
"profile-type": ""
},
"url-extraction": "",
"web": {
"allowlist": "",
"blocklist": "",
"bword-table": [],
"bword-threshold": "",
"content-header-list": [],
"urlfilter-table": [],
"vimeo-restrict": "",
"youtube-restrict": ""
},
"name": "",
"web-content-log": "",
"web-filter-cookie-log": "",
"web-url-log": "",
"web-invalid-domain-log": "",
"web-ftgd-err-log": "",
"options": "",
"ovrd-perm": "",
"post-action": "",
"replacemsg-group": [],
"https-replacemsg": "",
"log-all-url": "",
"web-filter-command-block-log": "",
"wisp": "",
"wisp-algorithm": "",
"extended-log": "",
"web-extended-all-action-log": "",
"feature-set": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level | Choose the level type from which you want to retrieve the details of blocked URLs associated with the specified web filter profile. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"action": "",
"antiphish-action": "",
"dns-address-family": "",
"id": "",
"obj seq": "",
"status": "",
"type": "",
"url": "",
"web-proxy-profile": []
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to block the URLs specific to the web filter profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"already_blocked": [],
"newly_blocked": []
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to unblock the URLs specific to the web filter profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"not_exist": [],
"newly_unblocked": []
}
None.
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"behavior": "",
"casi": "",
"cat-id": "",
"category": "",
"database": "",
"id": "",
"language": "",
"name": "",
"parameter": "",
"popularity": "",
"protocol": "",
"require_ssl_di": "",
"risk": "",
"shaping": "",
"technology": "",
"vendor": "",
"weight": ""
}
],
"status": {
"code": "",
"message": ""
},
"version": ""
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve the list of applications control profiles. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"default-network-services": "",
"entries": [
{
"action": "",
"application": [],
"behavior": [],
"category": [],
"exclusion": [],
"id": "",
"log": "",
"log-packet": "",
"obj seq": "",
"parameters": "",
"per-ip-shaper": [],
"popularity": "",
"protocols": [],
"quarantine": "",
"quarantine-expiry": "",
"quarantine-log": "",
"rate-count": "",
"rate-duration": "",
"rate-mode": "",
"rate-track": "",
"risk": [],
"session-ttl": "",
"shaper": [],
"shaper-reverse": [],
"technology": [],
"vendor": []
}
],
"name": "",
"other-application-action": "",
"other-application-log": "",
"unknown-application-action": "",
"unknown-application-log": "",
"replacemsg-group": [],
"options": "",
"app-replacemsg": "",
"deep-app-inspection": "",
"extended-log": "",
"enforce-default-app-port": "",
"control-default-network-services": "",
"force-inclusion-ssl-di-sigs": "",
"p2p-block-list": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve details of blocked applications associated with the specified application control profile. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"behavior": "",
"casi": "",
"cat-id": "",
"category": "",
"database": "",
"id": "",
"language": "",
"name": "",
"parameter": "",
"popularity": "",
"protocol": "",
"require_ssl_di": "",
"risk": "",
"shaping": "",
"technology": "",
"vendor": "",
"weight": ""
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to block the applications associated with the specified application control profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"name": "",
"message": "",
"status": ""
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to unblock the applications associated with the specified application control profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"name": "",
"message": "",
"status": ""
}
The Sample - Fortinet Fortimanager - 3.0.0
playbook collection comes bundled with the Fortinet FortiManager connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiManager connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling incidents from Fortinet FortiManager. Currently, "incidents" in Fortinet FortiManager are mapped to "alerts" in FortiSOAR™. For more information on the Data Ingestion Wizard, see the "Connectors Guide" in the FortiSOAR™ product documentation.
You can configure data ingestion using the “Data Ingestion Wizard” to seamlessly map the incoming Fortinet FortiManager "Incidents" to FortiSOAR™ "Alerts".
The Data Ingestion Wizard enables you to configure scheduled pulling of data from Fortinet FortiManager into FortiSOAR™. It also lets you pull some sample data from Fortinet FortiManager using which you can define the mapping of data between Fortinet FortiManager and FortiSOAR™. The mapping of common fields is generally already done by the Data Ingestion Wizard; users are mostly required to only map any custom fields that are added to the Fortinet FortiManager incident.
On the Field Mapping screen, map the fields of a Fortinet FortiManager incident to the fields of an alert present in FortiSOAR™.
To map a field, click the key in the sample data to add the “jinja” value of the field. For example, to map the status parameter of a Fortinet FortiManager incident to the state parameter of a FortiSOAR™ alert, click the State field and then click the status field to populate its keys:
For more information on field mapping, see the Data Ingestion chapter in the "Connectors Guide" in the FortiSOAR™ product documentation. Once you have completed mapping the fields, click Save Mapping & Continue.
Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to Fortinet FortiManager, so that the content gets pulled from the Fortinet FortiManager integration into FortiSOAR™.
On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
In the “Configure Schedule Settings” section, specify the Cron expression for the schedule. For example, if you want to pull data from Fortinet FortiManager every 5 minutes, click Every X Minute, and in the minute box enter */5
. This would mean that based on the configuration you have set up, data, i.e., incidents will be pulled from Fortinet FortiManager every 5 minutes.
Once you have completed scheduling, click Save Settings & Continue.
The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.
Fortinet FortiManager provides easy centralized configuration, policy-based provisioning, update management, and end-to-end network monitoring for your Fortinet installed environment.
This document provides information about the Fortinet FortiManager Connector, which facilitates automated interactions with your Fortinet FortiManager server using FortiSOAR™ playbooks. Add the Fortinet FortiManager connector, as a step in FortiSOAR™ playbooks and perform automated operations such as retrieving a list of all devices configured on the Fortinet FortiManager server, creating and updating incidents on the Fortinet FortiManager server, and retrieving a list of all incidents from the Fortinet FortiManager server.
You can use FortiSOAR™'s Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling incidents from Fortinet FortiManager. For more information, see the Data Ingestion Support section.
Connector Version: 3.0.0
FortiSOAR™ Version Tested on: 7.0.2-664
Fortinet FortiManager Version Tested on: FortiManager VM64-KVM v7.0.1 Interim build4653
Authored By: Fortinet
Certified: Yes
Following changes have been made to the Fortinet FortiManager Connector in version 3.0.0:
Use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the following yum command as a root
user to install connectors from an SSH session:
yum install cyops-connector-fortinet-fortimanager
Log on to the Fortinet FortiManager server with the necessary credentials.
To block or unblock an IP address, you must create a policy for IP addresses on the Fortinet FortiManager server. The following steps define the process of adding a policy:
Policy & Objects > Policy Packages
, click IPv4 Policy or Firewall Policy to create a policy for IPv4 with the following conditions.Policy & Objects > Object Configuration
, click Address Group to create an address group with the following conditions.The minimum privileges that require to be assigned to users who are going to use this connector and run actions on Fortinet FortiManager are:
Admin Profile - Super User
JSON API Access - Read & Write
For the procedure to configure a connector, click here.
In FortiSOAR™, on the Connectors page, click the Fortinet FortiManager connector row (if you are in the Grid view on the Connectors page), and in the Configurations tab enter the required configuration details.
Parameter | Description |
---|---|
Hostname | IP address or Hostname of the Fortinet FortiManager endpoint server to which you will connect and perform the automated operations. |
Username | Username to access the Fortinet FortiManager server to which you will connect and perform the automated operations. |
Password | Password to access the Fortinet FortiManager server to which you will connect and perform the automated operations. |
ADOM | Administrative domain names (ADOMs) of the Fortinet FortiManager server to which you will connect and perform the automated operations. Enter the ADOMs, in the CSV or List format. |
Port | Port number used to access the Fortinet FortiManager server to which you will connect and perform the automated operations. By default, this is set to 443. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. By default, this option is set as True. |
The following automated operations can be included in playbooks, and you can also use the annotations to access operations:
Function | Description | Annotation and Category |
---|---|---|
Create Incident | Creates an incident in Fortinet FortiManager based on the reporter name, endpoint name, and other input parameters you have specified. | create_incident Investigation |
List Incident | Retrieves a list of all incidents or specific incidents from Fortinet FortiManager based on the search parameters you have specified. | get_incidents Investigation |
Get Events Related to Incident | Retrieves details of events associated with a Fortinet FortiManager incident, based on the incident ID and other input parameters you have specified. | get_incident_events Investigation |
Get Device List | Retrieves a list of all devices or specific devices from Fortinet FortiManager based on the search parameters you have specified. Note: If a parameter is left blank or null, then this operation will return devices matching all values. |
get_devices Investigation |
Get Events | Retrieves a list of all events or specific events from Fortinet FortiManager based on the search parameters you have specified. Note: If a parameter is left blank or null, then this operation will return events matching all values. |
get_alert_event Investigation |
Get Event Details | Retrieves a list of event details (logs) from Fortinet FortiManager based on the alert IDs and other search parameters you have specified. | get_alert_logs Investigation |
Update Incident | Update an incident in Fortinet FortiManager based on the incident ID and other input parameters you have specified. | create_incident Investigation |
List ADOM Policy Package | Retrieves a list of all ADOM policy packages or specific ADOM policy packages from Fortinet FortiManager based on the search parameters you have specified. | get_adom_policy_package Investigation |
List ADOM Firewall Policies | Retrieves a list of all ADOM firewall policies or specific ADOM firewall policies from Fortinet FortiManager based on the search parameters you have specified. | get_adom_policy Investigation |
ADOM Level Get Blocked IP Addresses | Retrieves a list of ADOM level IP Addresses that are blocked on Fortinet FortiGate through Fortinet FortiManager based on the firewall policy, address group name, and other input parameters you have specified. | get_blocked_ip Investigation |
ADOM Level Block IP Address | Blocks IP addresses at the ADOM level on Fortinet FortiGate based on the Firewall policy, address group name, and other input parameters you have specified. | block_ip Containment |
ADOM Level Unblock IP Address | Unlocks IP addresses at the ADOM level on Fortinet FortiGate based on the Firewall policy, address group name, and other input parameters you have specified. | unblock_ip Remediation |
Re-install Policy | Reinstalls a Firewall Policy in Fortinet FortiManager based on the ADOM Name and policy package name you have specified. | reinstall_policy Investigation |
List Global Policy Package | Retrieves a list of all policy packages or specific policy packages from Fortinet FortiManager based on the search parameters you have specified. | get_global_policy_package Investigation |
List Global Firewall Policies | Retrieves a list of all global firewall policies or specific firewall policies from Fortinet FortiManager based on the search parameters you have specified. | get_global_policy Investigation |
Global Level Get Blocked IP Addresses | Retrieves a list of Global (header/footer policy) level IP Addresses that are blocked on Fortinet FortiGate through Fortinet FortiManager based on the firewall policy, address group name, and other input parameters you have specified. | get_blocked_ip Investigation |
Global Level Block IP Address | Blocks IP addresses at the global level on Fortinet FortiGate based on the firewall header/footer policy, address group name, and other input parameters you have specified. | block_ip Containment |
Global Level Unblock IP Address | Unblocks IP addresses at the global level on Fortinet FortiGate based on the firewall header/footer policy, address group name, and other input parameters you have specified. | unblock_ip Remediation |
Assign Global Policy Package | Assigns a global policy package to ADOM packages in Fortinet FortiManager based on the policy package name, ADOM devices, and other input parameters you have specified. | global_assign_policy Investigation |
Get Device Groups List | Retrieves a list of all device groups or specific device groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_device_groups Investigation |
Create Address | Creates an address in Fortinet FortiManager based on the address name, level type, and other input parameters you have specified. | create_address Investigation |
Get Addresses List | Retrieves a list of addresses or specific addresses from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_addresses Investigation |
Update Address | Updates an address in Fortinet FortiManager based on the address name, level type, and other input parameters you have specified. | update_address Investigation |
Delete Address | Deletes an address from Fortinet FortiManager based on the level type you have specified. | delete_address Investigation |
Create Address Group | Creates an address group in Fortinet FortiManager based on the address name, level type, and other input parameters you have specified. | create_address_group Investigation |
Get Address Groups List | Retrieves a list of address groups or specific address groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_address_groups Investigation |
Update Address Group | Updates an existing address group in Fortinet FortiManager based on the level type, method, and other input parameters you have specified. | update_address_group Investigation |
Delete Address Group | Deletes an address group from Fortinet FortiManager based on the level type you have specified. | delete_address_group Investigation |
Get Service Categories List | Retrieves a list of service categories or specific service categories from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_service_categories Investigation |
Create Service Group | Creates a service group in Fortinet FortiManagerin Fortinet FortiManager based on the level type, members, and other input parameters you have specified. | create_service_group Investigation |
Get Service Groups List | Retrieves a list of address groups or specific address groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_service_group Investigation |
Update Service Group | Updates an existing service group in Fortinet FortiManager based on the level type, method, and other input parameters you have specified. | update_service_group Investigation |
Delete Service Group | Deletes a service group from Fortinet FortiManager based on the level type you have specified. | delete_service_group Investigation |
Create Custom Service | Creates a custom service in Fortinet FortiManager based on the level type and other input parameters you have specified. | create_custom_service Investigation |
Get Custom Services List | Retrieves a list of custom services or specific custom services from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_custom_service Investigation |
Update Custom Service | Updates an existing custom service in Fortinet FortiManager based on the level type and other input parameters you have specified. | update_custom_service Investigation |
Delete Custom Service | Deletes a custom service from Fortinet FortiManager based on the level type you have specified. | delete_custom_service Investigation |
Create Policy Package | Creates a policy package in Fortinet FortiManager based on the level type, package type, and other input parameters you have specified. | create_policy_package Investigation |
Update Policy Package | Updates a policy package in Fortinet FortiManager based on the level type and other input parameters you have specified. | update_policy_package Investigation |
Delete Policy Package | Deletes a policy package from Fortinet FortiManager based on the level type and other input parameters you have specified. | delete_policy_package Investigation |
Create Firewall Policy | Creates a firewall policy in Fortinet FortiManager based on the level type, package type, policy package name, and other input parameters you have specified. | create_policy Investigation |
Update Firewall Policy | Updates a firewall policy in Fortinet FortiManager based on the level type, package type, policy package name, and other input parameters you have specified. | update_policy Investigation |
Delete Firewall Policy | Deletes a firewall policy in Fortinet FortiManager based on the level type, policy ID, policy package name, and other input parameters you have specified. | delete_policy Investigation |
Move Firewall Policy | Moves a firewall policy in Fortinet FortiManager based on the level type, policy ID, policy package name, target, and other input parameters you have specified. | move_policy Investigation |
Get Dynamic Interface List | Retrieves a list of all dynamic interfaces or specific dynamic interfaces from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_dynamic_interface Investigation |
Install Policy | Installs a policy package on Fortinet FortiManager based on the ADOM, policy package name, and other input parameters you have specified. | install_policy Investigation |
Get Installation Policy Package Status | Retrieves the status of installation for a specific policy package from Fortinet FortiManager based on the task ID you have specified. | install_policy_status Investigation |
Create LDAP Server | Creates an LDAP server in Fortinet FortiManager based on the level type, LDAP server name, username, password, and other input parameters you have specified. | create_ldap_server Investigation |
Get LDAP Server List | Retrieves a list of LDAP servers or specific LDAP servers from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_ldap_server Investigation |
Update LDAP Server | Updates an LDAP server in Fortinet FortiManager based on the level type, LDAP server name, and other input parameters you have specified. | update_ldap_server Investigation |
Delete LDAP Server | Deletes an LDAP server from Fortinet FortiManager based on the level type, LDAP server name, and other input parameters you have specified. | delete_ldap_server Investigation |
Create User Group | Creates a user group in Fortinet FortiManager based on the level type, group name, members list, and other input parameters you have specified. | create_user_group Investigation |
Get User Groups List | Retrieves a list of all user groups or specific user groups from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_user_group Investigation |
Update User Group | Updates a user group in Fortinet FortiManager based on the level type, group name, change in the members' list, and other input parameters you have specified. | update_user_group Investigation |
Delete User Group | Deletes a user group from Fortinet FortiManager based on the level type, group name, and other input parameters you have specified. | delete_user_group Investigation |
Get SSL VPN Settings | Retrieves SSL VPN settings from Fortinet FortiManager based on the device name, VDOM, and other search parameters you have specified. | get_ssl_vpn Investigation |
Update SSL VPN Settings | Updates an SSL VPN settings in Fortinet FortiManager based on the device name, VDOM, and input search parameters you have specified. | update_ssl_vpn Investigation |
Get Web Filter List | Retrieves a list all of web filters or specific web filters from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_web_filter Investigation |
Get Blocked URLs | Retrieves a list of URLs that are blocked on Fortinet FortiManager based on the specified web filter profile name, level type, and other search parameters you have specified. | get_blocked_urls Investigation |
Block URL | Blocks URLs on Fortinet FortiManager using the Web Filter Profile Name you have specified. | block_url Containment |
Unblock URL | Unblocks URLs on Fortinet FortiManager using the Web Filter Profile Name you have specified. | unblock_url Containment |
Get Applications Detail | Retrieves a list of all application names and associated details from the Fortinet FortiManager server. | get_app_details Investigation |
Get Applications Control List | Retrieves a list all of application control profiles or specific application control profiles from Fortinet FortiManager based on the level type and other search parameters you have specified. | get_application_control_list Investigation |
Get Blocked Applications | Retrieves a list of application names that are blocked on Fortinet FortiManager based on the specified application control name, level type, and other search parameters you have specified. | get_blocked_app Investigation |
Block Application | Blocks applications on Fortinet FortiManager using the Application Control Profile Name you have specified. | block_application Containment |
Unblock Application | Unblocks applications on Fortinet FortiManager using the Application Control Profile Name you have specified. | unblock_applications Containment |
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Reporter | Name of the reporter of the incident that you want to create in Fortinet FortiManager. For example, admin. |
Endpoint Name | Details of the endpoint affected by the incident that you want to create in Fortinet FortiAnalyzer. For example, 11.XXX.YY.Z/32 (11.XXX.YY.Z) or 11.XXX.YY.Z/32 (Emp1 Laptop). |
Endpoint ID | (Optional) Endpoint ID that you want to assign to the incident you want to create in Fortinet FortiManager. |
End User ID | (Optional) End-user ID that you want to assign to the incident you want to create in Fortinet FortiManager. |
Category | (Optional) The category you want to assign to the incident you want to create in Fortinet FortiManager. You can choose from the following options: Unauthorized access, Denial of Service, Malicious Code, Improper Usage, Scans/Probes/Attempted Access, or Uncategorized. |
Severity | (Optional) The severity level you want to assign to the incident you want to create in Fortinet FortiManager. You can choose from the following options: High, Medium, or Low. |
Status | (Optional) The status you want to assign to the incident you want to create in Fortinet FortiManager. You can choose from the following options: New, Analysis, Response, Closed: Remediated, or Closed: False Positive. |
Description | (Optional) Description of the new incident that you want to create in Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"jsonrpc": "",
"id": "",
"result": {
"incid": ""
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ADOM | The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Incident ID | The ID of incidents in CSV or list format that you want to retrieve from Fortinet FortiManager. |
Detail Level | Level of detail of the incidents that you want to retrieve from Fortinet FortiManager. By default, this is set to "Standard". |
Filter | Query in the format of field_name="field_value" using which you want to filter incidents to be retrieved from Fortinet FortiManagerFor example category="CAT2" and severity="medium" |
Sort By |
Sorts the incidents by the specified field and order the results. If you choose "Field", then you can specify the following parameters:
|
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
Output schema when you choose “Detail Level” as 'Basic':
{
"jsonrpc": "",
"id": "",
"result": {
"status": {
"code": "",
"message": ""
},
"detail-level": "",
"data": [
{
"attach_revision": "",
"attach_lastupdate": "",
"lastupdate": "",
"revision": "",
"incid": ""
}
]
}
}
Output schema when you choose “Detail Level” as 'Extended':
{
"result": {
"data": [
{
"endpoint": "",
"euname": "",
"epip": "",
"status": "",
"incid": "",
"attachments": [
{
"lastupdate": "",
"attachid": "",
"revision": ""
}
],
"lastupdate": "",
"osversion": "",
"attach_lastupdate": "",
"euid": "",
"category": "",
"epid": "",
"epname": "",
"revision": "",
"reporter": "",
"createtime": "",
"description": "",
"osname": "",
"mac": "",
"lastuser": "",
"severity": "",
"attach_revision": "",
"refinfo": ""
}
],
"detail-level": "",
"status": {
"message": "",
"code": ""
}
},
"id": "",
"jsonrpc": ""
}
Output schema when you choose “Detail Level” as 'Standard' or you do not select any detail level:
{
"result": {
"data": [
{
"endpoint": "",
"reporter": "",
"createtime": "",
"description": "",
"status": "",
"incid": "",
"severity": "",
"lastuser": "",
"attach_lastupdate": "",
"lastupdate": "",
"euid": "",
"attach_revision": "",
"category": "",
"refinfo": "",
"epid": "",
"revision": ""
}
],
"detail-level": "",
"status": {
"message": "",
"code": ""
}
},
"id": "",
"jsonrpc": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Incident ID | The ID of the incident whose associated events you want to retrieve from Fortinet FortiManager. |
Attachment Type | Types of attachment that you want to search for in Fortinet FortiManager. Valid types include: Alert Event, Log, Comment, Log Search Filter, Upload File, or Report. |
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
{
"result": {
"data": [
{
"attachtype": "",
"lastupdate": "",
"incid": "",
"attachid": "",
"createtime": "",
"data": "",
"lastuser": "",
"revision": ""
}
],
"status": {
"message": "",
"code": ""
}
},
"id": "",
"jsonrpc": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Device Name | Valid device name based on which you want to retrieve details of devices from Fortinet FortiManager. Note: If a parameter is left blank or null, then this operation will return devices matching all values. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
},
"data": [
{
"os_ver": "",
"build": "",
"ips_ext": "",
"foslic_inst_time": "",
"mgmt.__data[5]": "",
"lic_region": "",
"latitude": "",
"foslic_ram": "",
"faz.perm": "",
"branch_pt": "",
"ips_ver": "",
"foslic_utm": "",
"source": "",
"foslic_cpu": "",
"mgmt.__data[3]": "",
"mgmt.__data[2]": "",
"ha_mode": "",
"opts": "",
"last_resync": "",
"foslic_last_sync": "",
"conn_status": "",
"mgmt.__data[7]": "",
"patch": "",
"hw_rev_minor": "",
"mgmt.__data[1]": "",
"psk": "",
"checksum": "",
"faz.quota": "",
"ha_group_id": "",
"adm_usr": "",
"ha_group_name": "",
"faz.used": "",
"tunnel_cookie": "",
"conf_status": "",
"mgmt.__data[6]": "",
"last_checked": "",
"version": "",
"mgmt.__data[0]": "",
"ha_slave": "",
"name": "",
"longitude": "",
"platform_str": "",
"foslic_dr_site": "",
"tunnel_ip": "",
"oid": "",
"foslic_type": "",
"prefer_img_ver": "",
"location_from": "",
"vm_cpu_limit": "",
"mgmt_if": "",
"faz.full_act": "",
"av_ver": "",
"fex_cnt": "",
"fsw_cnt": "",
"mgmt.__data[4]": "",
"vm_mem": "",
"sn": "",
"logdisk_size": "",
"lic_flags": "",
"hostname": "",
"vm_mem_limit": "",
"vdom": [
{
"tab_status": "",
"opmode": "",
"name": "",
"devid": "",
"rtm_prof_id": "",
"status": "",
"comments": "",
"oid": "",
"ext_flags": "",
"node_flags": "",
"vpn_id": "",
"flags": ""
}
],
"tab_status": "",
"adm_pass": [],
"mgmt_id": "",
"beta": "",
"dev_status": "",
"os_type": "",
"vm_lic_expire": "",
"mgmt_mode": "",
"hdisk_size": "",
"ip": "",
"vm_status": "",
"db_status": "",
"mr": "",
"module_sn": "",
"hw_rev_major": "",
"flags": "",
"desc": "",
"app_ver": "",
"maxvdom": "",
"vm_cpu": "",
"conn_mode": "",
"node_flags": "",
"fap_cnt": "",
"mgt_vdom": ""
}
]
}
]
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ADOM | The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Filter | Filter expression using which you want to retrieve events from Fortinet FortiManager.'event_value', 'severity', 'triggername', 'count', 'comment' and 'flags' are supported.For example, triggername='Local Device Event' and severity>=3 or subject='desc:User login from SSH failed' |
Time Range | Select this checkbox to specify the time range for which you want to retrieve events from Fortinet FortiManager. If you select this checkbox, then you must specify the following parameters:
|
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
{
"jsonrpc": "",
"result": {
"data": [
{
"alerttime": "",
"triggername": "",
"devname": "",
"vdom": "",
"filterid": "",
"filterkey": "",
"devtype": "",
"eventtype": "",
"groupby1": "",
"euid": "1",
"subject": "",
"devid": "",
"alertid": "",
"extrainfo": "",
"euname": "",
"epname": "",
"ackflag": "",
"logcount": "",
"filtercksum": "",
"tag": "",
"updatetime": "",
"epid": "1",
"severity": "",
"readflag": "",
"lastlogtime": "",
"firstlogtime": ""
}
]
},
"id": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Alert ID | The ID of alerts in CSV or list format whose event details (logs) you want to retrieve from Fortinet FortiManager. Note: You can find the "Alert IDs" using the "Get Events" action. |
Time Order | Select the order in which you want to sort the result. You can choose between Ascending or Descending. By default, this is set to Descending. |
Limit | The maximum number of records that this operation should return. Values supported are: Default "50", Minimum "1" and Maximum "2000". |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
The output contains the following populated JSON schema:
{
"id": "",
"result": {
"data": [
{
"log_id": "",
"devname": "",
"userfrom": "",
"time": "",
"dstepid": "",
"desc": "",
"user": "",
"dtime": "",
"msg": "",
"type": "",
"devid": "",
"dsteuid": "",
"euid": "",
"date": "",
"idseq": "",
"itime_t": "",
"epid": "",
"subtype": "",
"level": "",
"itime": ""
}
]
},
"jsonrpc": ""
}
Parameter | Description |
---|---|
ADOM | (Optional) The administrative domain name (ADOM) of the Fortinet FortiManager server to which you will connect and perform the automated operations. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Incident ID | The ID of the incident that you want to update in FortiManager. |
Endpoint Name | Details of the endpoint affected by the incident that you want to update in Fortinet FortiAnalyzer. For example, 11.XXX.YY.Z/32 (11.XXX.YY.Z) or 11.XXX.YY.Z/32 (Emp1 Laptop). |
Endpoint ID |
(Optional) Endpoint ID that you want to assign to the incident you want to update in Fortinet FortiManager. |
End User ID | (Optional) End-user ID that you want to assign to the incident you want to update in Fortinet FortiManager. |
Category | (Optional) The category you want to assign to the incident you want to update in Fortinet FortiManager. You can choose from the following options: Unauthorized access, Denial of Service, Malicious Code, Improper Usage, Scans/Probes/Attempted Access, or Uncategorized. |
Severity | (Optional) The severity level you want to assign to the incident you want to update in Fortinet FortiManager. You can choose from the following options: High, Medium, or Low. |
Status | (Optional) The status you want to assign to the incident you want to update in Fortinet FortiManager. You can choose from the following options: New, Analysis, Response, Closed: Remediated, or Closed: False Positive. |
Description | (Optional) Description of the incident that you want to update in Fortinet FortiManager. |
Last Revision | (Optional) Last version of the incident that you want to update in Fortinet FortiManager. |
Last User | (Optional) Last user of the incident that you want to update in Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"jsonrpc": "",
"id": "",
"result": {
"status": {
"code": "",
"message": ""
}
}
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
ADOM Name | Specify the ADOM name whose policy package you want to retrieve from Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose details you want to retrieve from Fortinet FortiManager This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | Specify the policy package or folder path of the ADOM policy package whose details you want to retrieve from Fortinet FortiManager. |
The output contains the following populated JSON schema:
Output schema when the 'Policy Package Name' is empty
{
"result": [
{
"data": [
{
"type": "",
"package settings": {
"consolidated-firewall-mode": "",
"fwpolicy6-implicit-log": "",
"fwpolicy-implicit-log": "",
"ngfw-mode": "",
"central-nat": ""
},
"oid": "",
"name": "",
"scope member": [
{
"vdom": "",
"name": ""
}
],
"obj ver": ""
}
],
"url": "",
"status": {
"code": "",
"message": ""
}
}
],
"id": ""
}
Default Output schema
{
"id": "",
"result": [
{
"status": {
"code": "",
"message": ""
},
"data": {
"obj ver": "",
"name": "",
"type": "",
"scope member": [
{
"name": "",
"vdom": ""
}
],
"oid": "",
"package settings": {
"ngfw-mode": "",
"consolidated-firewall-mode": "",
"fwpolicy6-implicit-log": "",
"fwpolicy-implicit-log": "",
"central-nat": ""
}
},
"url": ""
}
]
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name whose ADOM firewall policy you want to retrieve from Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose firewall policy details you want to retrieve from Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM firewall policy whose details you want to retrieve from Fortinet FortiManager. |
Firewall Policy Name | (Optional) Specify the firewall policy name whose details you want to retrieve from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": [
{
"_last_hit": "",
"_byte": "",
"custom-log-fields": [],
"_pkts": "",
"anti-replay": "",
"_first_hit": "",
"webproxy-profile": [],
"delay-tcp-npu-session": "",
"dstaddr-negate": "",
"tcp-mss-receiver": "",
"internet-service": "",
"srcaddr": [],
"traffic-shaper": [],
"vpn_dst_node": "",
"match-vip-only": "",
"_hitcount": "",
"schedule": [],
"fsso-agent-for-ntlm": [],
"permit-any-host": "",
"schedule-timeout": "",
"radius-mac-auth-bypass": "",
"email-collect": "",
"name": "",
"ssl-mirror-intf": [],
"status": "",
"policyid": "",
"vlan-cos-fwd": "",
"vpn_src_node": "",
"nat": "",
"block-notification": "",
"logtraffic-start": "",
"per-ip-shaper": [],
"tos-negate": "",
"traffic-shaper-reverse": [],
"logtraffic": "",
"np-acceleration": "",
"session-ttl": "",
"uuid": "",
"service-negate": "",
"srcaddr-negate": "",
"wccp": "",
"_policy_block": "",
"action": "",
"groups": [],
"fsso": "",
"tos": "",
"internet-service-src": "",
"utm-status": "",
"natip": [],
"capture-packet": "",
"dstaddr": [],
"tcp-mss-sender": "",
"_first_session": "",
"_sesscount": "",
"_global-vpn-tgt": "",
"srcintf": [],
"tcp-session-without-syn": "",
"timeout-send-rst": "",
"ssl-ssh-profile": [],
"fsso-groups": [],
"service": [],
"vlan-cos-rev": "",
"captive-portal-exempt": "",
"users": [],
"app-group": [],
"webcache-https": "",
"geoip-anycast": "",
"diffserv-forward": "",
"profile-type": "",
"rtp-nat": "",
"reputation-direction": "",
"disclaimer": "",
"webproxy-forward-server": [],
"inspection-mode": "",
"obj seq": "",
"auto-asic-offload": "",
"_global-vpn": [],
"ssl-mirror": "",
"dstintf": [],
"_last_session": "",
"match-vip": "",
"diffserv-reverse": "",
"dsri": "",
"tos-mask": "",
"reputation-minimum": "",
"profile-protocol-options": [],
"replacemsg-override-group": []
}
],
"status": {
"message": "",
"code": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
ADOM | (Optional) Specify the ADOM name whose associated list of blocked IP addresses you want to retrieve from Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM Firewall policy whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Firewall Policy Name | Specify the Firewall policy name associated with the blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Address Group Name | Name of the IP address group name, in the "CSV" or "list" format, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
The output contains the following populated JSON schema:
{
"policy_name": "",
"dstaddr": [],
"srcaddr": [],
"addrgrp": [
{
"name": "",
"member": []
}
],
"addrgrp_not_exist": []
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name whose associated IP addresses you want to block in the firewall policy of Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose associated IP addresses you want to block in the firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM firewall policy whose associated IP addresses you want to block in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall policy that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. |
Address Group Name | Name of the IP address group name that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
IP Address | Specify the IP addresses that you want to block using Fortinet FortiManager in the "CSV" or "list" format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"already_blocked": [],
"newly_blocked": [],
"error_with_block": []
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name whose associated IP addresses you want to unblock in the firewall policy of Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name whose associated IP addresses you want to unblock in the firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the ADOM firewall policy whose associated IP addresses you want to unblock in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall Policy that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. |
Address Group Name | Name of the IP address group name, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
IP Address | Specify the IP addresses that you want to unblock using Fortinet FortiManager in the "CSV" or "list" format. For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"not_exist": [],
"newly_unblocked": [],
"error_with_unblock": []
}
Parameter | Description |
---|---|
ADOM Name | (Optional) Specify the ADOM name to which you want to apply the firewall policy in Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified in the 'Connector Configuration' as a configuration parameter. |
Policy Package Name | Select the policy package name to which you want to apply the firewall policy in Fortinet FortiManager. This parameter makes an API call named "list_adom_policy_package " to dynamically populate its dropdown selection. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path to apply the firewall policy in Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"task": ""
},
"status": {
"message": "",
"code": ""
},
"url": ""
}
]
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.
Parameter | Description |
---|---|
Package Name | Specify the name of the global policy package name from which you want to retrieve package details. |
Policy Package/Folder Path | Specify the policy package or folder path from which you want to retrieve package details. |
The output contains the following populated JSON schema:
Output schema when the 'Policy Package Name' is empty
{
"result": [
{
"url": "",
"data": [
{
"type": "",
"package settings": {
"ngfw-mode": "",
"central-nat": "",
"consolidated-firewall-mode": "",
"fwpolicy-implicit-log": "",
"fwpolicy6-implicit-log": ""
},
"scope member": [
{
"name": ""
}
],
"obj ver": "",
"name": "",
"oid": ""
}
],
"status": {
"message": "",
"code": ""
}
}
],
"id": ""
}
Default Output schema
{
"result": [
{
"url": "",
"data": {
"type": "",
"package settings": {
"ngfw-mode": "",
"central-nat": "",
"consolidated-firewall-mode": "",
"fwpolicy-implicit-log": "",
"fwpolicy6-implicit-log": ""
},
"scope member": [
{
"name": ""
}
],
"obj ver": "",
"name": "",
"oid": ""
},
"status": {
"message": "",
"code": ""
}
}
],
"id": ""
}
Parameter | Description |
---|---|
Policy Package Name | Specify the name of the global firewall policy package from which you want to retrieve package details. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path from which you want to retrieve package details. |
Policy Type | Select the policy type from which you want to retrieve firewall policy details. |
Policy Name | (Optional) Specify the name of the global firewall policy whose details you want to retrieve from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"result": [
{
"url": "",
"data": [
{
"ssl-ssh-profile": [],
"_pkts": "",
"disclaimer": "",
"diffserv-reverse": "",
"replacemsg-override-group": [],
"dstaddr": [],
"per-ip-shaper": [],
"vlan-cos-rev": "",
"schedule": [],
"wccp": "",
"_byte": "",
"status": "",
"groups": [],
"block-notification": "",
"_global-vpn": [],
"webcache-https": "",
"obj seq": "",
"utm-status": "",
"webproxy-profile": [],
"tcp-mss-receiver": "",
"tos-negate": "",
"profile-type": "",
"reputation-minimum": "",
"timeout-send-rst": "",
"policyid": "",
"dstaddr-negate": "",
"traffic-shaper": [],
"profile-protocol-options": [],
"internet-service": "",
"reputation-direction": "",
"natip": [],
"session-ttl": "",
"vlan-cos-fwd": "",
"delay-tcp-npu-session": "",
"webproxy-forward-server": [],
"email-collect": "",
"np-acceleration": "",
"fsso-agent-for-ntlm": [],
"identity-based-policy": "",
"name": "",
"tos": "",
"_first_session": "",
"uuid": "",
"_sesscount": "",
"match-vip": "",
"logtraffic": "",
"schedule-timeout": "",
"traffic-shaper-reverse": [],
"tos-mask": "",
"permit-any-host": "",
"anti-replay": "",
"capture-packet": "",
"ssl-mirror-intf": [],
"srcaddr": [],
"service": [],
"internet-service-src": "",
"dstintf": [],
"_last_hit": "",
"_hitcount": "",
"_first_hit": "",
"gtp-profile": [],
"radius-mac-auth-bypass": "",
"diffserv-forward": "",
"geoip-anycast": "",
"tcp-mss-sender": "",
"app-group": [],
"rtp-nat": "",
"inspection-mode": "",
"tcp-session-without-syn": "",
"logtraffic-start": "",
"auto-asic-offload": "",
"action": "",
"fsso-groups": [],
"fsso": "",
"_global-vpn-tgt": "",
"captive-portal-exempt": "",
"users": [],
"custom-log-fields": [],
"dsri": "",
"srcintf": [],
"nat": "",
"service-negate": "",
"match-vip-only": "",
"ssl-mirror": "",
"_last_session": "",
"srcaddr-negate": ""
}
],
"status": {
"message": "",
"code": ""
}
}
],
"id": ""
}
Parameter | Description |
---|---|
Policy Package Name | Specify the name of the global firewall policy whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the global firewall policy whose associated blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Policy Type | Select policy type based on which you want to retrieve blocked IP addresses from Fortinet FortiManager. |
Firewall Policy Name | Specify the firewall policy name associated with the blocked IP addresses you want to retrieve from Fortinet FortiManager. |
Address Group Name | Name of the IP address group name, in the "CSV" or "list" format, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
The output contains the following populated JSON schema:
{
"policy_name": "",
"dstaddr": [],
"srcaddr": [],
"addrgrp": [
{
"name": "",
"member": []
}
],
"addrgrp_not_exist": []
}
Parameter | Description |
---|---|
Policy Package Name | Select the policy package whose associated IP addresses you want to block in the global firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the global firewall policy whose associated IP addresses you want to block in Fortinet FortiManager. |
Policy Type | Select policy type whose IP addresses you want to block in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall Policy that you have specified in Fortinet FortiManager for blocking or blocking IP addresses. |
Address Group Name | Name of the IP address group name, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs or applications in Fortinet FortiManager section. |
IP Address | IP addresses that you want to block using Fortinet FortiManager in the "CSV" or "list" format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"already_blocked": [],
"newly_blocked": [],
"error_with_block": []
}
Parameter | Description |
---|---|
Policy Package Name | Select the policy package whose associated IP addresses you want to unblock in the global firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | (Optional) Specify the policy package or folder path of the global firewall policy whose associated IP addresses you want to unblock in Fortinet FortiManager. |
Policy Type | Select policy type whose IP addresses you want to unblock in Fortinet FortiManager. |
Firewall Policy Name | Name of the firewall Policy that you have specified in Fortinet FortiManager for blocking or blocking IP addresses. |
Address Group Name | Name of the IP address group name, that you have specified in Fortinet FortiManager for blocking or unblocking IP addresses. For more information, see the Blocking or Unblocking IP addresses, URLs, or applications in Fortinet FortiManager section. |
IP Address | IP addresses that you want to unblock using Fortinet FortiManager in the "CSV" or "list" format.For example, ["1.1.1.1", "2.2.2.2"] or "1.1.1.1", "2.2.2.2" . |
The output contains the following populated JSON schema:
{
"not_exist": [],
"newly_unblocked": [],
"error_with_unblock": []
}
Parameter | Description |
---|---|
Policy Package Name | Select the policy package that you want to assign to ADOM devices in the global firewall policy of Fortinet FortiManager. This parameter makes an API call named "list_global_policy_pck " to dynamically populate its dropdown selections. |
Policy Package/Folder Path | Specify the policy package or folder path of the global policy package that you want to assign to ADOM devices in Fortinet FortiManager. |
ADOM Devices | Specify one or more destination ADOMs to which you want to assign the selected global policy package. This parameter makes an API call named "list_global_adom " to dynamically populate its dropdown selections. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"task": ""
},
"status": {
"message": "",
"code": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve the device group details. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "desc", "name", "os_type", "type"] . If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying one of the attributes. Attributes are desc, name, os_type, type. For example, [["name", "==", "All_FortiADC"],[ "os_type", "==", 9]] |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the device groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"oid": "",
"desc": "",
"name": "",
"type": "",
"os_type": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the address. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Address Type | Choose the type of address you want to create in Fortinet FortiManager. You can select between Subnet, IP Range, FQDN, Wildcard, Geography, or MAC Address. If you choose 'Subnet', then you can specify the following parameters:
|
Policy Group Name | (Optional) Specify the name of the policy group to be added to the address that you want to create. |
Comment | (Optional) Comment to be added to the address that you want to create. |
Additional Address Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the address. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the address details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "_image-base64", "allow-routing", "associated-interface", "cache-ttl", "clearpass-spt", "color", "comment", "country", "end-ip", "epg-name", "fabric-object", "filter", "fqdn", "fsso-group", "interface", "macaddr", "name", "node-ip-only", "obj-id", "obj-tag", "obj-type", "organization", "policy-group", "sdn", "sdn-addr-type", "sdn-tag", "start-ip", "sub-type", "subnet", "subnet-name", "tenant", "type", "uuid", "wildcard", "wildcard-fqdn"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the addresses by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
},
"data": [
{
"list": "",
"name": "",
"type": "",
"uuid": "",
"color": "",
"subnet": [],
"comment": "",
"macaddr": [],
"tagging": "",
"obj-type": "",
"node-ip-only": "",
"allow-routing": "",
"clearpass-spt": "",
"fabric-object": "",
"sdn-addr-type": "",
"dynamic_mapping": "",
"associated-interface": []
}
]
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the address. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Address Type | Choose the type of address you want to update in Fortinet FortiManager. You can select between Subnet, IP Range, FQDN, Wildcard, Geography, or MAC Address. If you choose 'Subnet', then you can specify the following parameters:
|
Policy Group Name | (Optional) Specify the name of the policy group to be added to the address that you want to update. |
Comment | (Optional) Comment to be added to the address that you want to update. |
Additional Address Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the address. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to delete the address. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the address group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Type |
Choose the type of address group you want to create in Fortinet FortiManager. You can select between Group (default) or Folder.
|
Member | Specify a CSV list or a list of address objects or address groups that you want to add to the address group that you want to create in Fortinet FortiManager. |
Exclude | Select this option, i.e., set it to true to enable address exclusion and if this option is selected, then in the Exclude Member field specify a CSV list or a list of address objects or address groups that you want to add to the exclusion member list. |
Comment | (Optional) Comment to be added to the address group that you want to create. |
Additional Address Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the address group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the address group details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "_image-base64", "allow-routing", "associated-interface", "cache-ttl", "clearpass-spt", "color", "comment", "country", "end-ip", "epg-name", "fabric-object", "filter", "fqdn", "fsso-group", "interface", "macaddr", "name", "node-ip-only", "obj-id", "obj-tag", "obj-type", "organization", "policy-group", "sdn", "sdn-addr-type", "sdn-tag", "start-ip", "sub-type", "subnet", "subnet-name", "tenant", "type", "uuid", "wildcard", "wildcard-fqdn"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the address groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"type": "",
"uuid": "",
"color": "",
"member": [],
"exclude": "",
"tagging": "",
"category": "",
"allow-routing": "",
"fabric-object": "",
"exclude-member": [],
"dynamic_mapping": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the address group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Method |
Select the action that you want to perform on members of the address group. You can choose between Add or Remove.
|
Exclude |
Select this option, i.e., set it to true to enable address exclusion and if this option is selected, then specify the following:
|
Comment | (Optional) Comment to be added to the address group that you want to update. |
Additional Address Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the address group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to delete the address group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the service categories details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["comment", "fabric-object", "name"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the service categories by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"comment": "",
"obj seq": "",
"fabric-object": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the service group. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Member | Specify a CSV list or a list of service objects that you want to add to the service group that you want to create in Fortinet FortiManager. |
Proxy | Select Enable to enable the web proxy service group or Disable to disable the web proxy service group. |
Comment | (Optional) Comment to be added to the service group that you want to create. |
Additional Service Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the service group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the service group details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["color", "comment", "fabric-objec"t, "member", "name", "proxy"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the service groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"oid": "",
"name": "",
"member": []
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type at which you want to update the service group. You can choose between ADOM or Global Type.
If you choose 'ADOM', then you can specify the following parameters:
If you choose 'Global', then you can specify the following parameters:
|
Method |
Select the action that you want to perform on members of the service group. You can choose between Add or Remove.
|
Proxy | Select Enable to enable the web proxy service group or Disable to disable the web proxy service group. |
Comment | (Optional) Comment to be added to the service group that you want to update. |
Additional Service Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the address group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Level Type | Choose the level type at which you want to delete the service group. You can choose between ADOM or Global Type.
If you choose 'ADOM', then you can specify the following parameters:
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the custom service. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Service Category | (Optional) Specify the ID of the category of the custom service that you want to create in Fortinet FortiManager. |
Proxy |
Select Enable to enable the web proxy service or Disable to disable the web proxy service.
If you choose Disable, then you can specify the following parameters:
|
App Category | (Optional) Specify the ID of the application category for the custom service that you want to create in Fortinet FortiManager. |
App Service Type | Select the type of application service type for the custom service that you want to create in Fortinet FortiManager. You can choose between Disable (default), App ID, or App Category. |
Application ID | (Optional) Specify the ID of the application for the custom service that you want to create in Fortinet FortiManager. |
ICMP Error Message | Configure the type of ICMP error message verification for the custom service that you want to create in Fortinet FortiManager. You can choose between Disable, Default, or Strict. |
Helper Name | (Optional) Specify the helper name for the custom service that you want to create in Fortinet FortiManager. You can specify the following values: disable, auto, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b, pfcp |
Session TTL | (Optional) Specify the TTL for the session (300 - 2764800, 0 = default) associated with the custom service that you want to create in Fortinet FortiManager. |
TCP Halfclose Timer | (Optional) Specify the wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
TCP Halfopen Timer | (Optional) Specify the wait time to open a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
TCP Rst Timer | (Optional) Set the length of the TCP CLOSE state in seconds (5 - 300 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
TCP Time-Wait Timer | (Optional) Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). for the custom service that you want to create in Fortinet FortiManager. |
UDP Idle Timer | (Optional) Specify UDP half-close timeout (0 - 86400 sec, 0 = default) for the custom service that you want to create in Fortinet FortiManager. |
Comment | (Optional) Comment to be added to the custom service that you want to create. |
Additional Custom Service Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the custom service. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to retrieve the custom service details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["app-category", "app-service-type", "application", "category", "check-reset-range", "color", "comment", "fabric-object", "fqdn", "helper", "icmpcode", "icmptype", "iprange", "name", "protocol", "protocol-number", "proxy", "sctp-portrange", "session-ttl", "tcp-halfclose-timer", "tcp-halfopen-timer", "tcp-portrange", "tcp-rst-timer", "tcp-timewait-timer", "udp-idle-timer", "udp-portrange", "visibility"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the device groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"color": "",
"proxy": "",
"helper": "",
"iprange": "",
"obj seq": "",
"category": [],
"protocol": "",
"visibility": "",
"application": [],
"app-category": [],
"fabric-object": "",
"tcp-rst-timer": "",
"udp-portrange": [],
"protocol-number": "",
"app-service-type": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the custom service. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Service Category | (Optional) Specify the ID of the category of the custom service that you want to update in Fortinet FortiManager. |
Proxy |
Select Enable to enable the web proxy service or Disable to disable the web proxy service.
If you choose Disable, then you can specify the following parameters:
|
App Category | (Optional) Specify the ID of the application category for the custom service that you want to update in Fortinet FortiManager. |
App Service Type | Select the type of application service type for the custom service that you want to update in Fortinet FortiManager. You can choose between Disable (default), App ID, or App Category. |
Application ID | (Optional) Specify the ID of the application for the custom service that you want to update in Fortinet FortiManager. |
ICMP Error Message | Configure the type of ICMP error message verification for the custom service that you want to update in Fortinet FortiManager. You can choose between Disable, Default, or Strict. |
Helper Name | (Optional) Specify the helper name for the custom service that you want to update in Fortinet FortiManager. You can specify the following values: disable, auto, ftp, tftp, ras, h323, tns, mms, sip, pptp, rtsp, dns-udp, dns-tcp, pmap, rsh, dcerpc, mgcp, gtp-c, gtp-u, gtp-b, pfcp |
Session TTL | (Optional) Specify the TTL for the session (300 - 2764800, 0 = default) associated with the custom service that you want to update in Fortinet FortiManager. |
TCP Halfclose Timer | (Optional) Specify the wait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
TCP Halfopen Timer | (Optional) Specify the wait time to open a TCP session waiting for an unanswered open session packet (1 - 86400 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
TCP Rst Timer | (Optional) Set the length of the TCP CLOSE state in seconds (5 - 300 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
TCP Time-Wait Timer | (Optional) Set the length of the TCP TIME-WAIT state in seconds (1 - 300 sec, 0 = default). for the custom service that you want to update in Fortinet FortiManager. |
UDP Idle Timer | (Optional) Specify UDP half-close timeout (0 - 86400 sec, 0 = default) for the custom service that you want to update in Fortinet FortiManager. |
Comment | (Optional) Comment to be added to the custom service that you want to update. |
Additional Custom Service Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the custom service. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type at which you want to delete the custom service. You can choose between ADOM or Global Type.
If you choose 'ADOM', then you can specify the following parameters:
If you choose 'Global', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the policy package. You can choose between ADOM or Global Type.
|
Package Type |
Select the type of package, either Package or Folder, for the policy package that you want to create in Fortinet FortiManager. If you choose 'Package', then you can specify the following parameters:
If you choose 'Folder', then in the Policy Package Folder Name field, specify the valid policy package folder name that you want to create in Fortinet FortiManager. |
Additional Policy Package Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the policy package. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the policy package. You can choose between ADOM or Global Type.
|
Package Type |
Select the type of package, either Package or Folder, for the policy package that you want to update in Fortinet FortiManager. If you choose 'Package', then you can specify the following parameters:
If you choose 'Folder', then in the Policy Package Folder Name field, specify the valid policy package folder name that you want to update in Fortinet FortiManager. |
Additional Policy Package Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the policy package. You can enter the arguments in the following format: {"field1":value1, "field2":value2} |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to delete the policy package. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Path | (Optional) Specify a valid path for the policy package you want to delete from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to create in Fortinet FortiManager. |
Policy Name | Valid name of the policy name that you want to create in Fortinet FortiManager. |
Source Interface | Specify the Incoming (ingress) interface for the firewall policy you want to create in Fortinet FortiManager. |
Destination Interface | Specify the Outgoing (egress) interface for the firewall policy you want to create in Fortinet FortiManager. |
Service | Specify service and service group names for the firewall policy you want to create in Fortinet FortiManager. |
Source IPv4 Address | Specify source IPv4 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Source IPv6 Address | Specify source IPv6 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Destination IPv4 Address | Specify destination IPv4 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Destination IPv6 Address | Specify destination IPv6 address and address group names for the firewall policy you want to create in Fortinet FortiManager. |
Policy Action |
Select the policy action for the firewall policy you want to create in Fortinet FortiManager. You can choose from the following options:
|
Status | Select Enable to enable this firewall policy on Fortinet FortiManager. |
Inspection Mode | Select the Inspection mode for the firewall policy that you want to create in Fortinet FortiManager. You can choose between proxy or flow (default). |
Schedule | Specify the name for the schedule to be associated with the firewall policy that you want to create in Fortinet FortiManager. For example, always, none , etc. |
Schedule Timeout | Select Enable to enable forceful ending of current sessions when the schedule object times out. Select Disable to allow them to end from inactivity. |
Comment | (Optional) Comment to be added to the firewall policy that you want to create. |
Log Traffic |
Select the method of logging traffic, i.e, logging of all sessions or security profile sessions. You can choose from the following:
|
Additional Policy Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the firewall policy. You can enter the arguments in the following format: {"field1":value1, "field2":value2} .For example, {"logtraffic-start": "disable", "radius-mac-auth-bypass": "disable", "profile-type": "single" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"policyid": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to update in Fortinet FortiManager. |
Policy Name | Valid name of the policy name that you want to update in Fortinet FortiManager. |
Method | Select the action that you want to perform for updating the firewall policy in Fortinet FortiManager. You can choose between Add or Remove. If you choose 'Add', then you can specify the following parameters:
|
Policy Action |
Select the policy action for the firewall policy you want to update in Fortinet FortiManager. You can choose from the following options:
|
Status | Select Enable to enable this firewall policy on Fortinet FortiManager. |
Inspection Mode | Select the Inspection mode for the firewall policy that you want to create in Fortinet FortiManager. You can choose between proxy or flow (default). |
Schedule | Specify the name for the schedule to be associated with the firewall policy that you want to create in Fortinet FortiManager. For example, always, none ,etc. |
Schedule Timeout | Select Enable to enable forceful ending of current sessions when the schedule object times out. Select Disable to allow them to end from inactivity. |
Comment | (Optional) Comment to be added to the firewall policy that you want to create. |
Additional Policy Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the firewall policy. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"radius-mac-auth-bypass": "disable", "profile-type": "single" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"policyid": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Type |
Choose the level type at which you want to delete the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to delete from Fortinet FortiManager. |
Policy ID | Specify the ID of the firewall policy that you want to delete from Fortinet FortiManager. You can get the policy ID from "List Global Firewall Policies" or "List ADOM Firewall Policies" actions. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level |
Choose the level type at which you want to move the firewall policy. You can choose between ADOM or Global Type.
If you choose 'Global', then you can specify the following parameters:
|
Policy Package Name | Specify a valid policy package name for the firewall policy you want to move in Fortinet FortiManager. |
Policy ID | Specify the ID of the firewall policy that you want to move in Fortinet FortiManager. You can get the policy ID from "List Global Firewall Policies" or "List ADOM Firewall Policies" actions. |
Target | Specify the Key to the target entry, i.e., the ID of the target policy. |
Option | Select whether you want to move the firewall policy Before or After the target policy in Fortinet FortiManager. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Level |
Choose the level type from which you want to retrieve the dynamic interface details. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["color", "default-mapping", "defmap-intf", "defmap-intrazone-deny", "defmap-zonemember", "description", "egress-shaping-profile", "name", "single-intf", "wildcard", "wildcard-intf"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the dynamic interfaces by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"name": "",
"color": "",
"wildcard": "",
"single-intf": "",
"default-mapping": "",
"dynamic_mapping": "",
"platform_mapping": [
{
"name": "",
"intf-zone": "",
"intrazone-deny": ""
}
],
"defmap-zonemember": [],
"defmap-intrazone-deny": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
ADOM Name | Specify the ADOM name of the policy that you want to install in Fortinet FortiManager. The ADOM that you specify here will overwrite the ADOM that you have specified as a configuration parameter. |
Policy Package Name | Select the name of the policy package that you want to install in Fortinet FortiManager. This parameter will make an API call named "list_adom_policy_package " to dynamically populate its dropdown selections. |
ADOM Revision Comment | Specify the ADOM revision comment of the policy that you want to install in Fortinet FortiManager |
ADOM Revision Name | Specify the ADOM revision name of the policy that you want to install in Fortinet FortiManager |
Device Configuration Revision | Comments that you want to for the device configuration revision that will be generated during the installation. |
Device Name | Specify the device name or device group name on which you want to install the policy package. |
VDOM | Specify the VDOM on which you want to install the policy package. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
Task ID | Specify the ID of the task whose policy package installation status you want to retrieve from Fortinet FortiManager. You get the task ID using the "Install Policy" action. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"adom": "",
"end_tm": "",
"flags": "",
"id": "",
"line": [
{
"detail": "",
"end_tm": "",
"err": "",
"history": [
{
"detail": "",
"name": "",
"percent": "",
"vdom": ""
}
],
"ip": "",
"name": "",
"oid": "",
"percent": "",
"start_tm": "",
"state": "",
"vdom": ""
}
],
"num_done": "",
"num_err": "",
"num_lines": "",
"num_warn": "",
"percent": "",
"pid": "",
"src": "",
"start_tm": "",
"state": "",
"title": "",
"tot_percent": "",
"user": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the LDAP server. You can choose between ADOM or Global Type.
|
LDAP Server Name | Specify the entry name of the LDAP server used to create the LDAP server that you want to create on Fortinet FortiManager. |
Username | Specify the Username (full DN) used for initial binding at the time of the creation of the LDAP server on Fortinet FortiManager. |
Password | Specify the Password used for initial binding at the time of the creation of the LDAP server on Fortinet FortiManager. |
Distinguished Name | Specify the Distinguished Name used to look up entries on the LDAP server at the time of the creation of the LDAP server on Fortinet FortiManager. |
Server | Specify LDAP server CN domain name or IP to be used at the time of the creation of the LDAP server on Fortinet FortiManager. |
Account Key Processing | Select the type of Account Key processing operation, either Same (keep) or Strip (strip domain string of UPN in the token) to be used at the time of the creation of the LDAP server on Fortinet FortiManager. |
AntiPhishing | Select Enable to enable AntiPhishing credential backend when the LDAP server is being created on Fortinet FortiManager. |
Group Member Check | Select the type of group member checking methods to be used at the time of the creation of the LDAP server on Fortinet FortiManager. You can choose between User Attribute, Group Object, or Posix Group Object. |
Interface Select Method | Select the type of outgoing interface selection method used to reach the server at the time of the creation of the LDAP server on Fortinet FortiManager. You can choose between Auto, SD-WAN, or Specify. |
Obtain User Info | Select Enable to enable obtaining of user information when the LDAP server is being created on Fortinet FortiManager. |
Source IP | (Optional) Specify the IP address of FortiGate to be used for communication with the LDAP server when the LDAP server is being created on Fortinet FortiManager. |
Source Port | (Optional) Specify the source port to be used for communication with the LDAP server when the LDAP server is being created on Fortinet FortiManager. |
Additional LDAP Server Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the LDAP server. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"account-key-filter": "string", "group-filter": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level |
Choose the level type from which you want to retrieve the details for the LDAP servers. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, [ "account-key-filter", "account-key-processing", "antiphish", "ca-cert", "cnid", "dn", "group-filter", "group-member-check", "group-object-filter", "group-search-base", "interface", "interface-select-method", "member-attr", "name", "obtain-user-info", "password", "password-attr", "password-expiry-warning", "password-renewal", "port", "search-type", "secondary-server", "secure", "server", "server-identity-check", "source-ip", "source-port", "ssl-min-proto-version", "tertiary-server", "two-factor", "two-factor-authentication", "two-factor-notification", "type", "user-info-exchange-server", "username" ] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the LDAP servers by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the LDAP server. You can choose between ADOM or Global Type.
|
LDAP Server Name | Specify the entry name of the LDAP server used to update the LDAP server that you want to update on Fortinet FortiManager. |
Username | (Optional) Specify the Username (full DN) used for initial binding at the time of the updation of the LDAP server on Fortinet FortiManager. |
Password | (Optional) Specify the Password used for initial binding at the time of the updation of the LDAP server on Fortinet FortiManager. |
Distinguished Name | (Optional) Specify the Distinguished Name used to look up entries on the LDAP server at the time of the updation of the LDAP server on Fortinet FortiManager. |
Server | (Optional) Specify LDAP server CN domain name or IP to be used at the time of the updation of the LDAP server on Fortinet FortiManager. |
Account Key Processing | Select the type of Account Key processing operation, either Same (keep) or Strip (strip domain string of UPN in the token) to be used at the time of the updation of the LDAP server on Fortinet FortiManager. |
AntiPhishing | Select Enable to enable AntiPhishing credential backend when the LDAP server is being updated on Fortinet FortiManager. |
Group Member Check | Select the type of group member checking methods to be used at the time of the updation of the LDAP server on Fortinet FortiManager. You can choose between User Attribute, Group Object, or Posix Group Object. |
Interface Select Method | Select the type of outgoing interface selection method used to reach the server at the time of the updation of the LDAP server on Fortinet FortiManager. You can choose between Auto, SD-WAN, or Specify. |
Obtain User Info | Select Enable to enable obtaining of user information when the LDAP server is being updated on Fortinet FortiManager. |
Source IP | (Optional) Specify the IP address of FortiGate to be used for communication with the LDAP server when the LDAP server is being updated on Fortinet FortiManager. |
Source Port | (Optional) Specify the source port to be used for communication with the LDAP server when the LDAP server is being updated on Fortinet FortiManager. |
Additional LDAP Server Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the LDAP server. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"account-key-filter": "string", "group-filter": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Type |
Choose the level type at which you want to delete the LDAP server. You can choose between ADOM or Global Type.
|
LDAP Server Name | Specify the entry name of the LDAP server that you want to delete from Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to create the user group. You can choose between ADOM or Global Type.
|
Group Name | Specify the name of the user group name you want to create in Fortinet FortiManager. |
Member | Specify a CSV list or list of names of users, peers, LDAP servers, or RADIUS servers that you want to add to the user group, which you want to create in Fortinet FortiManager. |
Additional User Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the creation of the user group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"account-key-filter": "string", "group-filter": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Level |
Choose the level type from which you want to retrieve the details for the user groups. You can choose between ADOM or Global Type.
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["auth-concurrent-override","auth-concurrent-value","authtimeout","company","email","expire","expire-type","group-type","http-digest-realm","id","max-accounts","member","mobile-phone","multiple-guest-add","name","password","sms-custom-server","sms-server","sponsor","sso-attribute-value","user-id","user-name"] Note: If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes. |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the user groups by the specified field and order the results. You can choose to either sort the results by fields, or can order the results, or both. If you choose 'Field', then you must specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to update the user group. You can choose between ADOM or Global Type.
|
Group Name | Specify the name of the user group name you want to update in Fortinet FortiManager. |
Method |
Select the action that you want to perform on members of the user group. You can choose between Add or Remove.
|
Additional User Group Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updation of the user group. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"sponsor": "optional", "sms-server": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"data": {
"name": ""
},
"status": {
"code": "",
"message": ""
},
"url": ""
}
]
}
Parameter | Description |
---|---|
Type |
Choose the level type at which you want to delete the user group. You can choose between ADOM or Global Type.
|
Group Name | Name of the group from which you want to delete the user group on Fortinet FortiManager. |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Device | Specify the device name whose SSL VPN settings you want to retrieve from Fortinet FortiManager. |
VDOM | Specify the VDOM name using which you want to retrieve the SSL VPN settings from Fortinet FortiManager. For example, root |
Option |
Select the Fetch option to be set for the request. If you do not select any option then by default all the attributes of the object are returned. You can choose from the following:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": {
"algorithm": "",
"auth-session-check-source-ip": "",
"auth-timeout": "",
"authentication-rule": [
{
"auth": "",
"cipher": "",
"client-cert": "",
"groups": [],
"id": "",
"obj seq": "",
"portal": [],
"realm": [],
"source-address": [],
"source-address-negate": "",
"source-address6": [],
"source-address6-negate": "",
"source-interface": [],
"users": []
}
],
"auto-tunnel-static-route": "",
"banned-cipher": "",
"check-referer": "",
"ciphersuite": "",
"client-sigalgs": "",
"default-portal": [],
"deflate-compression-level": "",
"deflate-min-data-size": "",
"dns-server1": "",
"dns-server2": "",
"dns-suffix": "",
"dtls-hello-timeout": "",
"dtls-max-proto-ver": "",
"dtls-min-proto-ver": "",
"dtls-tunnel": "",
"dual-stack-mode": "",
"encode-2f-sequence": "",
"encrypt-and-store-password": "",
"force-two-factor-auth": "",
"header-x-forwarded-for": "",
"hsts-include-subdomains": "",
"http-compression": "",
"http-only-cookie": "",
"http-request-body-timeout": "",
"http-request-header-timeout": "",
"https-redirect": "",
"idle-timeout": "",
"ipv6-dns-server1": "",
"ipv6-dns-server2": "",
"ipv6-wins-server1": "",
"ipv6-wins-server2": "",
"login-attempt-limit": "",
"login-block-time": "",
"login-timeout": "",
"port": "",
"port-precedence": "",
"reqclientcert": "",
"saml-redirect-port": "",
"servercert": [],
"source-address": [],
"source-address-negate": "",
"source-address6": [],
"source-address6-negate": "",
"source-interface": [],
"ssl-client-renegotiation": "",
"ssl-insert-empty-fragment": "",
"ssl-max-proto-ver": "",
"ssl-min-proto-ver": "",
"status": "",
"transform-backward-slashes": "",
"tunnel-addr-assigned-method": "",
"tunnel-connect-without-reauth": "",
"tunnel-ip-pools": [],
"tunnel-ipv6-pools": [],
"tunnel-user-session-timeout": "",
"unsafe-legacy-renegotiation": "",
"url-obscuration": "",
"wins-server1": "",
"wins-server2": "",
"x-content-type-options": ""
},
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Device | Specify the device name whose SSL VPN settings you want to update in Fortinet FortiManager. |
VDOM | Specify the VDOM name using which you want to update the SSL VPN settings in Fortinet FortiManager. For example, root |
Default SSL VPN Portal | Specify the default SSL VPN portal to be used to update the SSL VPN settings in Fortinet FortiManager. |
Source Interface | Specify the SSL VPN source interface of incoming traffic to be used to update the SSL VPN settings in Fortinet FortiManager. |
Port | Specify the SSL VPN access port (1 - 65535) to be used to update the SSL VPN settings in Fortinet FortiManager. |
Server Certificate | Specify the name of the server certificate to be used for SSL VPNs when the SSL VPN settings are updated in Fortinet FortiManager. For example, self-sign |
Authentication/Portal Mapping |
By default, all users see the same Authentication/Portal portal and this parameter is unchecked (cleared). The Authentication/Portal Mapping allows you to assign different portals to different users and groups in Fortinet FortiManager.
|
Source Address | Specify the CSV or the list of source addresses of incoming traffic to be updated in the SSL VPN settings in Fortinet FortiManager. |
Source Address6 | Specify the CSV or the list of IPv6 source addresses of incoming traffic to be updated in the SSL VPN settings in Fortinet FortiManager. |
Source Address Negate | Select Enable to enable negated source address match when the SSL VPN settings are updated in Fortinet FortiManager. |
User Peer | Specify the name of the user peer to be used to update the SSL VPN settings in Fortinet FortiManager. |
Additional SSL VPN Settings Arguments | (Optional) Specify additional arguments, in JSON format, to be added during the updating of the SSL VPN settings. You can enter the arguments in the following format: {"field1":value1, "field2":value2} . For example, {"tunnel-ip-pools": "SSLVPN_TUNNEL_ADDR1", "sms-server": "string", "ssl-min-proto-version": "default" } |
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve the web filter details. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
Attributes in Result | (Optional) You can choose to limit the output by returning only those attributes that are specified in the string array. For example, ["comment", "extended-log", "feature-set", "https-replacemsg", "log-all-url", "name", "options", "ovrd-perm", "post-action", "replacemsg-group", "web-antiphishing-log", "web-content-log", "web-extended-all-action-log", "web-filter-activex-log", "web-filter-applet-log", "web-filter-command-block-log", "web-filter-cookie-log", "web-filter-cookie-removal-log", "web-filter-js-log", "web-filter-jscript-log", "web-filter-referer-log", "web-filter-unknown-log", "web-filter-vbs-log", "web-ftgd-err-log", "web-ftgd-quota-usage", "web-invalid-domain-log", "web-url-log", "wisp", "wisp-algorithm", "wisp-servers"] . If attributes are not specified, then all attributes will be returned. |
Filter By | (Optional) You can filter the result according to a set of criteria by specifying attributes in the format [["", "==", ""]] |
Limit | (Optional) The maximum number of results that this operation should return. |
Offset | (Optional) The offset value retrieves a subset of records that starts from the offset value. The offset works with the 'Limit' parameter, which determines how many records to retrieve starting from the offset. Values supported are: Default "0" and Minimum "0". |
Sort By | Sort the web filters by a field and order the results. You can choose to either sort the results by fields, or can order the results, or both.If you choose "Field", then in the Field field specify the name of the field on which you want to sort the result. For example, default-mapping, defmap-intf, defmap-intrazone-deny, etc. If you choose 'Field'
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"antiphish": {
"authentication": "",
"check-basic-auth": "",
"check-uri": "",
"check-username-only": "",
"custom-patterns": "",
"default-action": "",
"domain-controller": [],
"inspection-entries": "",
"ldap": [],
"max-body-len": "",
"status": ""
},
"ftgd-wf": {
"exempt-quota": [],
"filters": [
{
"action": "",
"category": [],
"id": "",
"log": "",
"warn-duration": "",
"warning-prompt": ""
}
],
"max-quota-timeout": "",
"options": "",
"ovrd": [],
"quota": "",
"rate-crl-urls": "",
"rate-css-urls": "",
"rate-javascript-urls": ""
},
"override": {
"ovrd-cookie": "",
"ovrd-dur": "",
"ovrd-dur-mode": "",
"ovrd-scope": "",
"ovrd-user-group": [],
"profile": [],
"profile-attribute": "",
"profile-type": ""
},
"url-extraction": "",
"web": {
"allowlist": "",
"blocklist": "",
"bword-table": [],
"bword-threshold": "",
"content-header-list": [],
"urlfilter-table": [],
"vimeo-restrict": "",
"youtube-restrict": ""
},
"name": "",
"web-content-log": "",
"web-filter-cookie-log": "",
"web-url-log": "",
"web-invalid-domain-log": "",
"web-ftgd-err-log": "",
"options": "",
"ovrd-perm": "",
"post-action": "",
"replacemsg-group": [],
"https-replacemsg": "",
"log-all-url": "",
"web-filter-command-block-log": "",
"wisp": "",
"wisp-algorithm": "",
"extended-log": "",
"web-extended-all-action-log": "",
"feature-set": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level | Choose the level type from which you want to retrieve the details of blocked URLs associated with the specified web filter profile. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"action": "",
"antiphish-action": "",
"dns-address-family": "",
"id": "",
"obj seq": "",
"status": "",
"type": "",
"url": "",
"web-proxy-profile": []
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to block the URLs specific to the web filter profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"already_blocked": [],
"newly_blocked": []
}
Parameter | Description |
---|---|
Level Type |
Choose the level type at which you want to unblock the URLs specific to the web filter profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"not_exist": [],
"newly_unblocked": []
}
None.
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"behavior": "",
"casi": "",
"cat-id": "",
"category": "",
"database": "",
"id": "",
"language": "",
"name": "",
"parameter": "",
"popularity": "",
"protocol": "",
"require_ssl_di": "",
"risk": "",
"shaping": "",
"technology": "",
"vendor": "",
"weight": ""
}
],
"status": {
"code": "",
"message": ""
},
"version": ""
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve the list of applications control profiles. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"id": "",
"result": [
{
"url": "",
"data": [
{
"default-network-services": "",
"entries": [
{
"action": "",
"application": [],
"behavior": [],
"category": [],
"exclusion": [],
"id": "",
"log": "",
"log-packet": "",
"obj seq": "",
"parameters": "",
"per-ip-shaper": [],
"popularity": "",
"protocols": [],
"quarantine": "",
"quarantine-expiry": "",
"quarantine-log": "",
"rate-count": "",
"rate-duration": "",
"rate-mode": "",
"rate-track": "",
"risk": [],
"session-ttl": "",
"shaper": [],
"shaper-reverse": [],
"technology": [],
"vendor": []
}
],
"name": "",
"other-application-action": "",
"other-application-log": "",
"unknown-application-action": "",
"unknown-application-log": "",
"replacemsg-group": [],
"options": "",
"app-replacemsg": "",
"deep-app-inspection": "",
"extended-log": "",
"enforce-default-app-port": "",
"control-default-network-services": "",
"force-inclusion-ssl-di-sigs": "",
"p2p-block-list": ""
}
],
"status": {
"code": "",
"message": ""
}
}
]
}
Parameter | Description |
---|---|
Level Type | Choose the level type from which you want to retrieve details of blocked applications associated with the specified application control profile. You can choose between ADOM or Global Type. If you choose 'ADOM', then you can specify the following parameters:
|
The output contains the following populated JSON schema:
{
"behavior": "",
"casi": "",
"cat-id": "",
"category": "",
"database": "",
"id": "",
"language": "",
"name": "",
"parameter": "",
"popularity": "",
"protocol": "",
"require_ssl_di": "",
"risk": "",
"shaping": "",
"technology": "",
"vendor": "",
"weight": ""
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to block the applications associated with the specified application control profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"name": "",
"message": "",
"status": ""
}
Parameter | Description |
---|---|
Level Type |
Choose the level type from which you want to unblock the applications associated with the specified application control profile. You can choose between ADOM or Global Type.
|
The output contains the following populated JSON schema:
{
"name": "",
"message": "",
"status": ""
}
The Sample - Fortinet Fortimanager - 3.0.0
playbook collection comes bundled with the Fortinet FortiManager connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiManager connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
Use the Data Ingestion Wizard to easily ingest data into FortiSOAR™ by pulling incidents from Fortinet FortiManager. Currently, "incidents" in Fortinet FortiManager are mapped to "alerts" in FortiSOAR™. For more information on the Data Ingestion Wizard, see the "Connectors Guide" in the FortiSOAR™ product documentation.
You can configure data ingestion using the “Data Ingestion Wizard” to seamlessly map the incoming Fortinet FortiManager "Incidents" to FortiSOAR™ "Alerts".
The Data Ingestion Wizard enables you to configure scheduled pulling of data from Fortinet FortiManager into FortiSOAR™. It also lets you pull some sample data from Fortinet FortiManager using which you can define the mapping of data between Fortinet FortiManager and FortiSOAR™. The mapping of common fields is generally already done by the Data Ingestion Wizard; users are mostly required to only map any custom fields that are added to the Fortinet FortiManager incident.
On the Field Mapping screen, map the fields of a Fortinet FortiManager incident to the fields of an alert present in FortiSOAR™.
To map a field, click the key in the sample data to add the “jinja” value of the field. For example, to map the status parameter of a Fortinet FortiManager incident to the state parameter of a FortiSOAR™ alert, click the State field and then click the status field to populate its keys:
For more information on field mapping, see the Data Ingestion chapter in the "Connectors Guide" in the FortiSOAR™ product documentation. Once you have completed mapping the fields, click Save Mapping & Continue.
Use the Scheduling screen to configure schedule-based ingestion, i.e., specify the polling frequency to Fortinet FortiManager, so that the content gets pulled from the Fortinet FortiManager integration into FortiSOAR™.
On the Scheduling screen, from the Do you want to schedule the ingestion? drop-down list, select Yes.
In the “Configure Schedule Settings” section, specify the Cron expression for the schedule. For example, if you want to pull data from Fortinet FortiManager every 5 minutes, click Every X Minute, and in the minute box enter */5
. This would mean that based on the configuration you have set up, data, i.e., incidents will be pulled from Fortinet FortiManager every 5 minutes.
Once you have completed scheduling, click Save Settings & Continue.
The Summary screen displays a summary of the mapping done, and it also contains links to the Ingestion playbooks. Click Done to complete the data ingestion and exit the Data Ingestion Wizard.