Fortinet black logo

Fortinet FortiProxy

Fortinet FortiProxy v1.0.0

1.0.0
Copy Link
Copy Doc ID 7ac80d57-d214-11ed-8e6d-fa163e15d75b:544

About the connector

FortiProxy provides a secure web gateway that protects against web attacks with URL filtering, visibility and control of encrypted web traffic through SSL and SSH inspection, and application of granular web application policies.

This document provides information about the Fortinet FortiProxy Connector, which facilitates automated interactions, with a Fortinet FortiProxy server using FortiSOAR™ playbooks. Add the Fortinet FortiProxy Connector as a step in FortiSOAR™ playbooks and perform automated operations such as creating a firewall policy in the FortiProxy server, retrieving all firewall addresses or specific firewall addresses from the FortiProxy server, adding users to the banned list of the authgrp access group in the FortiProxy server, etc.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.4.0-3024

Fortinet FortiProxy Version Tested on: 7.2.2-0333

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:
yum install cyops-connector-fortinet-fortiproxy

Prerequisites to configuring the connector

  • You must have the URL of the Fortinet FortiProxy server to connect and perform automated operations and the API key configured for your account for using the FortiProxy APIs.
  • The FortiSOAR™ server should have outbound connectivity to port 443 on the Fortinet FortiProxy server.

Minimum Permissions Required

  • Not applicable

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Fortinet FortiProxy connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL Specify the URL of the FortiProxy server to connect and perform automated operations.
API Key Specify the API key configured for your account for using the FortiProxy APIs.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:

Function Description Annotation and Category
Create Firewall Policy Creates a firewall policy in the FortiProxy server based on Policy Name, Schedule Name, Source Interface, and other input parameters you have specified. create_firewall_policy
Investigation
Get Firewall Policy Retrieves all firewall policies or specific firewall policies from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_policy
Investigation
Get Firewall Policy Details Retrieves details of a specific firewall policy from the FortiProxy server based on Policy ID, Properties, and other input parameters you have specified. get_firewall_policy_details
Investigation
Update Firewall Policy Updates a specific firewall policy in the FortiProxy server based on the Policy ID, type, and other input parameters you have specified. update_firewall_policy
Investigation
Delete Firewall Policy Deletes a specific firewall policy from the FortiProxy server based on the policy ID and VDOM details that you have specified. delete_firewall_policy
Investigation
Create Firewall Address Creates a firewall address in the FortiProxy server based on the name of the address, the type of the address, and other input parameters that you have specified. create_firewall_address
Investigation
Get Firewall Address Retrieves all firewall addresses or specific firewall addresses from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_address
Investigation
Get Firewall Address Details Retrieves details of a specific firewall address from the FortiProxy server based on the Address Name, Properties, and other input parameters you have specified. get_firewall_address_details
Investigation
Update Firewall Address Updates a specific firewall policy in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. update_firewall_address
Investigation
Delete Firewall Address Deletes a specific firewall address from the FortiProxy server based on the name of the firewall address and VDOM details that you have specified. delete_firewall_address
Investigation
Create Firewall Address Group Creates a firewall address group in the FortiProxy server based on the name, members, category, type, etc of the address group, and other input parameters that you have specified. create_firewall_address_group
Investigation
Get Firewall Address Group Retrieves all firewall address groups or specific firewall address groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_address_group
Investigation
Get Firewall Address Group Details Retrieves details of a specific firewall address group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. get_firewall_address_group_details
Investigation
Update Firewall Address Group Updates a specific firewall address group in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. update_firewall_address_group
Investigation
Delete Firewall Address Group Deletes a specific firewall address group from the FortiProxy server based on the name of the firewall address group and VDOM details that you have specified. delete_firewall_address_group
Investigation
Create Firewall Service Group Creates a firewall service group in the FortiProxy server based on the name of the address group, members, and other input parameters that you have specified. create_firewall_service_group
Investigation
Get Firewall Service Group Retrieves all firewall service groups or specific firewall service groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_service_group
Investigation
Get Firewall Service Group Details Retrieves details of a specific firewall service group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. get_firewall_service_group_details
Investigation
Update Firewall Service Group Updates a specific firewall service group in the FortiProxy serve based on the name of the address group, members, and other input parameters that you have specified. update_firewall_service_group
Investigation
Delete Firewall Service Group Deletes a specific firewall service group from the FortiProxy server based on the name of the firewall service group and VDOM details that you have specified. delete_firewall_service_group
Investigation
Get Authenticated Firewall Users List Retrieves all authenticated firewall users or specific authenticated firewall users of the authgrp access group from the FortiProxy server based on the start index, count, and other input parameters that you have specified. get_authenticated_firewall_users_list
Investigation
DeAuthenticate Firewall Users Deauthenticates firewall users from the authgrp access group in the FortiProxy server based on the user type, user ID, IP address, and other input parameters that you have specified. deauthenticate_firewall_users
Investigation
Add Users to Banned List Adds users to the banned list of the authgrp access group in the FortiProxy server based on the IP addresses and the ban expiration time you have specified. add_users_to_banned_list
Investigation
Get All Banned Users List Retrieves list of all banned users of the authgrp access group from the FortiProxy server. get_all_banned_users_list
Investigation
Clear All Banned Users List Clears the list of all banned users of the authgrp access group from the FortiProxy server. clear_all_banned_users_list
Investigation
Clear Banned Users List by IP Clears the list of all banned users of the authgrp access group from the FortiProxy server based on the IP addresses that you have specified. clear_banned_users_list_by_ip
Investigation

operation: Create Firewall Policy

Input parameters

Parameter Description
Policy Name Specify the name of the firewall policy you want to create in the FortiProxy server.
Schedule Name Specify the name of the schedule associated with the firewall policy you want to create in the FortiProxy server.
Policy Type (Optional) Select the type of firewall policy that you want to create in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
  • If you select Explicit Web, then you can specify the following parameters:
    • Explicit Web Proxy: Specify the explicit web proxy of the firewall policy you want to create in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Transparent: (Optional) Select enable if you want the web proxy to use the original client address; else select disable.
  • If you select Transparent, then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Force Proxy: (Optional) Specify the setting that you want to apply for the 'Force Proxy' parameter in the firewall policy that you want to create in the FortiProxy server. You can choose between enable or disable. If you select enable, then all TCP transparent traffic is forced through the proxy; if you select disable, then the TCP transparent traffic is not forced through the proxy.
  • If you select Explicit FTP then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select SSH Tunnel then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select SSH then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select Access Proxy then you can specify the following parameters:
    • Access Proxy: Specify the access proxy of the firewall policy that you want to create in the FortiProxy server.
      Note: The maximum length that can be set is 79.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select WanOpt then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
Source Address (Optional) Specify the source address and address group names to be associated with the firewall policy you want to create in the FortiProxy server.
Destination Address (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to create in the FortiProxy server.
IPV6 Source Address (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to create in the FortiProxy server.
IPV6 Destination Address (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to create in the FortiProxy server.
Policy ID (Optional) Specify the ID of the firewall policy that you want to create in the FortiProxy server.
Policy Action (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
  • Accept: Allows sessions that match the firewall policy.
  • Deny: Blocks sessions that match the firewall policy.
  • Redirect: Redirect sessions that match the firewall policy to a URL.
  • Isolate: Isolate sessions that match the firewall policy with an isolator.
Status (Optional) Select the status to be set for the firewall policy that you want to create in the FortiProxy server. You can choose between enable or disable.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall policy in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Policy

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall policies) is returned.

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall policies from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
With Meta Select this option if you want to include meta information such as type ID, references, etc. about each object.
Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Key Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall policies from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Values Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
    Meta: Returns the metadata for a specific object, table, or the entire CLI tree.
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}

operation: Get Firewall Policy Details

Input parameters

Parameter Description
Policy ID Specify the ID of the firewall policy whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Include Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Policy

Input parameters

Parameter Description
Policy ID Specify the ID of the policy whose firewall policy you want to update in the FortiProxy server.
Policy Name (Optional) Specify the name of the policy whose firewall policy you want to update in the FortiProxy server.
Schedule Name (Optional) Specify the name of the schedule whose firewall policy you want to update in the FortiProxy server.
Policy Type (Optional) Select the type of firewall policy that you want to update in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
  • If you select Explicit Web, then you can specify the following parameters:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Transparent: (Optional) Select enable if you want the web proxy to use the original client address; else select disable.
  • If you select Transparent, then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Force Proxy: (Optional) Specify the setting that you want to apply for the 'Force Proxy' parameter in the firewall policy that you want to update in the FortiProxy server. You can choose between enable or disable. If you select enable, then all TCP transparent traffic is forced through the proxy; if you select disable, then the TCP transparent traffic is not forced through the proxy.
  • If you select Explicit FTP then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select SSH Tunnel then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select SSH then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select Access Proxy then you can specify the following parameters:
    • Access Proxy: Specify the access proxy of the firewall policy that you want to update in the FortiProxy server.
      Note: The maximum length that can be set is 79.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select WanOpt then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
Source Address (Optional) Specify the source address and address group names to be associated with the firewall policy you want to update in the FortiProxy server.
Destination Address (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to update in the FortiProxy server.
IPV6 Source Address (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to update in the FortiProxy server.
IPV6 Destination Address (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to update in the FortiProxy server.
Policy Action (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
  • Accept: Allows sessions that match the firewall policy.
  • Deny: Blocks sessions that match the firewall policy.
  • Redirect: Redirect sessions that match the firewall policy to a URL.
  • Isolate: Isolate sessions that match the firewall policy with an isolator.
Status (Optional) Select the status to be set for the firewall policy that you want to update in the FortiProxy server. You can choose between enable or disable
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall policy in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Policy

Input parameters

Parameter Description
Policy ID Specify the ID of the firewall policy you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Create Firewall Address

Input parameters

Parameter Description
Address Name Specify the address name that you want to use to create the firewall address in the FortiProxy server.
Address Type

(Optional) Select the type of firewall address that you want to create in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.

  • If you select IP Mask, then you can specify the following parameter:
    • Subnet: (Optional) Specify the IP address and subnet mask of the address that you want to use to create the firewall address in the FortiProxy server.
  • If you select IP Range, then you can specify the following parameter:
    • Start IPV4 Address: (Optional) Specify the first IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to create in the FortiProxy server.
    • End IPV4 Address: (Optional) Specify the final IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to create in the FortiProxy server.
  • If you select FQDN, then you can specify the following parameter:
    • FQDN Address: (Optional) Specify the Fully Qualified Domain Name address to be assigned to the firewall address that you want to create in the FortiProxy server.
  • If you select Geography, then you can specify the following parameter:
    • Country: (Optional) Specify the IP addresses associated with a specific country to be assigned to the firewall address that you want to create in the FortiProxy server.
  • If you select WildCard, then you can specify the following parameter:
    • Wildcard Address and Netmask: (Optional) Specify the wildcard address and netmask based on which you want to create a firewall address in the FortiProxy server.
  • If you select Dynamic, then you can specify the following parameters:
    • Sub-Type Address: (Optional) Select the sub-type of firewall address that you want to create in the FortiProxy server. You can select from options such as SDB, ClearPass SPT, EMS Tag, FSSO, etc.
      If you select ClearPass SPT from this list, then from the System Posture Token list you can optionally Select the system posture token of the firewall address that you want to create in the FortiProxy server. You can select from the following available options: Unknown, Healthy, Quarantine, Checkup, Transient, or Infected.
  • If you select Interface Subnet, there are no additional parameters to be specified
  • If you select MAC, then you can specify the following parameter:
    • MAC Address: (Optional) Specify the multiple MAC address ranges of the firewall address that you want to create in the FortiProxy server.
Interface (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall addresses) is returned.

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall addresses from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Include Meta Information Select this option if you want to include meta information such as type ID, references, etc. about each object.
Include Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want t call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Filter on Property Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall addresses from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Properties Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"subnet": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address Details

Input parameters

Parameter Description
Address Name Specify the name of the firewall address whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-tag": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Address

Input parameters

Parameter Description
Address Name Specify the name of the firewall address you want to update in the FortiProxy server.
Address Type

(Optional) Select the type of firewall address that you want to update in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.

  • If you select IP Mask, then you can specify the following parameter:
    • Subnet: (Optional) Specify the IP address and subnet mask of the address that you want to use to update the firewall address in the FortiProxy server.
  • If you select IP Range, then you can specify the following parameter:
    • Start IPV4 Address: (Optional) Specify the first IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to update in the FortiProxy server.
    • End IPV4 Address: (Optional) Specify the final IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to update in the FortiProxy server.
  • If you select FQDN, then you can specify the following parameter:
    • FQDN Address: (Optional) Specify the Fully Qualified Domain Name address to be assigned to the firewall address that you want to update in the FortiProxy server.
  • If you select Geography, then you can specify the following parameter:
    • Country: (Optional) Specify the IP addresses associated with a specific country to be assigned to the firewall address that you want to update in the FortiProxy server.
  • If you select WildCard, then you can specify the following parameter:
    • Wildcard Address and Netmask: (Optional) Specify the wildcard address and netmask based on which you want to update a firewall address in the FortiProxy server.
  • If you select Dynamic, then you can specify the following parameters:
    • Sub-Type Address: (Optional) Select the sub-type of firewall address that you want to update in the FortiProxy server. You can select from options such as SDB, ClearPass SPT, EMS Tag, FSSO, etc.
      If you select ClearPass SPT from this list, then from the System Posture Token list you can optionally Select the system posture token of the firewall address that you want to update in the FortiProxy server. You can select from the following available options: Unknown, Healthy, Quarantine, Checkup, Transient, or Infected.
  • If you select Interface Subnet, there are no additional parameters to be specified
  • If you select MAC, then you can specify the following parameter:
    • MAC Address: (Optional) Specify the multiple MAC address ranges of the firewall address that you want to update in the FortiProxy server.
Interface (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".
Custom Properties

(Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Address

Input parameters

Parameter Description
Address Name Specify the name of the firewall address you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Create Firewall Address Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall address group that you want to create in the FortiProxy server.
Member Specify the address objects to be contained within the firewall address group you want to create in the FortiProxy server.
Address Group Type

(Optional) Select the type of address group you want to create in the FortiProxy server. You can choose from the following options:

  • Default: Default address group type (address can belong to multiple groups)
  • Folder: Address folder group (members cannot belong to any other group)
Comment (Optional) Specify the comment that you want to associate with the firewall address group you want to create in the FortiProxy server.
Exclude Address Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to create in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to create in the FortiProxy server.
Allow Routing (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address group in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address Group

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall address groups) is returned.

Input parameters

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall address groups from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Meta Information Select this option if you want to include meta information such as type ID, references, etc. about each object.
Include Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want t call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Filter on Property Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall address groups from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Properties Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address Group Details

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall address group whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Address Group

Input parameters

Parameter Description
Address Group Name Specify the firewall address group name you want to update in the FortiProxy server.
Member (Optional)Specify the address objects to be contained within the firewall address group you want to update in the FortiProxy server.
Comment (Optional) Specify the comment that you want to associate with the firewall address group you want to update in the FortiProxy server.
Exclude Address Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to update in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to update in the FortiProxy server.
Allow Routing (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address group in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Address Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall address group you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Create Firewall Service Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group that you want to create in the FortiProxy server.
Proxy Select enable if you want to enable the web proxy for the firewall service group you want to create in the FortiProxy server; else select disable.
Member Specify the address objects to be contained within the firewall service group you want to create in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to create in the FortiProxy server.
Comment (Optional) Specify the comment that you want to associate with the firewall service group you want to create in the FortiProxy server.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Service Group

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.

Input parameters

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall service groups from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Meta Information Select this option if you want to include meta information such as type ID, references, etc. about each object.
Include Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want t call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Filter on Property Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall service address groups from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Properties Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Service Group Details

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Service Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group that you want to update in the FortiProxy server.
Member (Optional) Specify the address objects to be contained within the firewall service group you want to update in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to update in the FortiProxy server.
Comment (Optional) Specify the comment that you want to associate with the firewall service group you want to update in the FortiProxy server.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Service Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Authenticated Firewall Users List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.

Parameter Description
Start Specify the starting entry index from which you want this operation to fetch the list of authenticated firewall users from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Include IPV4 Users Select this option (default is selected) to include IPv4 users.
Include IPV6 Users Select this option to include IPv6 users.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"results": [],
"vdom": "",
"path": "",
"name": "",
"action": "",
"status": "",
"serial": "",
"version": "",
"build": ""
}

operation: DeAuthenticate Firewall Users

Input parameters

Parameter Description
User Type Specify the type of users you want to de-authenticate from the authgrp access group in the FortiProxy server.
User ID Specify the ID of users you want to de-authenticate from the authgrp access group in the FortiProxy server.
IP Address Specify the IP address of the users you want to de-authenticate from the authgrp access group in the FortiProxy server.
IP Version Specify the IP version [ip4|ip6] of the users, you want to de-authenticate from the authgrp access group in the FortiProxy server.
Note: This parameter is required only if the User Type is 'firewall'.
Authentication Method Specify the authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest] you want to de-authenticate from the authgrp access group in the FortiProxy server.
Note: This parameter is required only if the User Type is 'firewall'.
DeAuthenticate All Users Select this option if you want to de-authenticate all users from the authgrp access group in the FortiProxy server.
Note: If this parameter is selected, then all other parameters will be ignored.
Users Specify an array of user objects to de-authenticate from the authgrp access group in the FortiProxy server. Use this parameter to de-authenticate multiple users at the same time. Each object should include the above properties.

Output

The output contains a non-dictionary value.

operation: Add Users to Banned List

Input parameters

Parameter Description
IP Addresses Specify a comma-separated list of IP addresses that you want to add to the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported.
Expiry

Specify the time in seconds until the expiration of the ban. If you want the ban to be indefinite, then enter '0'.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get All Banned Users List

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"name": "",
"path": "",
"vdom": "",
"build": "",
"action": "",
"serial": "",
"status": "",
"results": [
{
"ipv6": "",
"source": "",
"created": "",
"ip_address": ""
}
],
"version": "",
"http_method": ""
}

operation: Clear All Banned Users List

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}

operation: Clear Banned Users List by IP

Input parameters

Parameter Description
IP Addresses Specify the list of banned IP addresses that you want to remove from the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}

Included playbooks

The Sample - fortinet-fortiproxy - 1.0.0 playbook collection comes bundled with the Fortinet FortiProxy connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiProxy connector.

  • Add Users to Banned List
  • Clear All Banned Users List
  • Clear Banned Users List by IP
  • Create Firewall Address
  • Create Firewall Address Group
  • Create Firewall Policy
  • Create Firewall Service Group
  • DeAuthenticate Firewall Users
  • Delete Firewall Address
  • Delete Firewall Address Group
  • Delete Firewall Policy
  • Delete Firewall Service Group
  • Get All Banned Users List
  • Get Authenticated Firewall Users List
  • Get Firewall Address
  • Get Firewall Address Details
  • Get Firewall Address Group
  • Get Firewall Address Group Details
  • Get Firewall Policy
  • Get Firewall Policy Details
  • Get Firewall Service Group
  • Get Firewall Service Group Details
  • Update Firewall Address
  • Update Firewall Address Group
  • Update Firewall Policy
  • Update Firewall Service Group

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next

About the connector

FortiProxy provides a secure web gateway that protects against web attacks with URL filtering, visibility and control of encrypted web traffic through SSL and SSH inspection, and application of granular web application policies.

This document provides information about the Fortinet FortiProxy Connector, which facilitates automated interactions, with a Fortinet FortiProxy server using FortiSOAR™ playbooks. Add the Fortinet FortiProxy Connector as a step in FortiSOAR™ playbooks and perform automated operations such as creating a firewall policy in the FortiProxy server, retrieving all firewall addresses or specific firewall addresses from the FortiProxy server, adding users to the banned list of the authgrp access group in the FortiProxy server, etc.

Version information

Connector Version: 1.0.0

FortiSOAR™ Version Tested on: 7.4.0-3024

Fortinet FortiProxy Version Tested on: 7.2.2-0333

Authored By: Fortinet

Certified: Yes

Installing the connector

Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.

You can also use the yum command as a root user to install the connector:
yum install cyops-connector-fortinet-fortiproxy

Prerequisites to configuring the connector

Minimum Permissions Required

Configuring the connector

For the procedure to configure a connector, click here

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Fortinet FortiProxy connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:

Parameter Description
Server URL Specify the URL of the FortiProxy server to connect and perform automated operations.
API Key Specify the API key configured for your account for using the FortiProxy APIs.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:

Function Description Annotation and Category
Create Firewall Policy Creates a firewall policy in the FortiProxy server based on Policy Name, Schedule Name, Source Interface, and other input parameters you have specified. create_firewall_policy
Investigation
Get Firewall Policy Retrieves all firewall policies or specific firewall policies from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_policy
Investigation
Get Firewall Policy Details Retrieves details of a specific firewall policy from the FortiProxy server based on Policy ID, Properties, and other input parameters you have specified. get_firewall_policy_details
Investigation
Update Firewall Policy Updates a specific firewall policy in the FortiProxy server based on the Policy ID, type, and other input parameters you have specified. update_firewall_policy
Investigation
Delete Firewall Policy Deletes a specific firewall policy from the FortiProxy server based on the policy ID and VDOM details that you have specified. delete_firewall_policy
Investigation
Create Firewall Address Creates a firewall address in the FortiProxy server based on the name of the address, the type of the address, and other input parameters that you have specified. create_firewall_address
Investigation
Get Firewall Address Retrieves all firewall addresses or specific firewall addresses from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_address
Investigation
Get Firewall Address Details Retrieves details of a specific firewall address from the FortiProxy server based on the Address Name, Properties, and other input parameters you have specified. get_firewall_address_details
Investigation
Update Firewall Address Updates a specific firewall policy in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. update_firewall_address
Investigation
Delete Firewall Address Deletes a specific firewall address from the FortiProxy server based on the name of the firewall address and VDOM details that you have specified. delete_firewall_address
Investigation
Create Firewall Address Group Creates a firewall address group in the FortiProxy server based on the name, members, category, type, etc of the address group, and other input parameters that you have specified. create_firewall_address_group
Investigation
Get Firewall Address Group Retrieves all firewall address groups or specific firewall address groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_address_group
Investigation
Get Firewall Address Group Details Retrieves details of a specific firewall address group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. get_firewall_address_group_details
Investigation
Update Firewall Address Group Updates a specific firewall address group in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. update_firewall_address_group
Investigation
Delete Firewall Address Group Deletes a specific firewall address group from the FortiProxy server based on the name of the firewall address group and VDOM details that you have specified. delete_firewall_address_group
Investigation
Create Firewall Service Group Creates a firewall service group in the FortiProxy server based on the name of the address group, members, and other input parameters that you have specified. create_firewall_service_group
Investigation
Get Firewall Service Group Retrieves all firewall service groups or specific firewall service groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. get_firewall_service_group
Investigation
Get Firewall Service Group Details Retrieves details of a specific firewall service group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. get_firewall_service_group_details
Investigation
Update Firewall Service Group Updates a specific firewall service group in the FortiProxy serve based on the name of the address group, members, and other input parameters that you have specified. update_firewall_service_group
Investigation
Delete Firewall Service Group Deletes a specific firewall service group from the FortiProxy server based on the name of the firewall service group and VDOM details that you have specified. delete_firewall_service_group
Investigation
Get Authenticated Firewall Users List Retrieves all authenticated firewall users or specific authenticated firewall users of the authgrp access group from the FortiProxy server based on the start index, count, and other input parameters that you have specified. get_authenticated_firewall_users_list
Investigation
DeAuthenticate Firewall Users Deauthenticates firewall users from the authgrp access group in the FortiProxy server based on the user type, user ID, IP address, and other input parameters that you have specified. deauthenticate_firewall_users
Investigation
Add Users to Banned List Adds users to the banned list of the authgrp access group in the FortiProxy server based on the IP addresses and the ban expiration time you have specified. add_users_to_banned_list
Investigation
Get All Banned Users List Retrieves list of all banned users of the authgrp access group from the FortiProxy server. get_all_banned_users_list
Investigation
Clear All Banned Users List Clears the list of all banned users of the authgrp access group from the FortiProxy server. clear_all_banned_users_list
Investigation
Clear Banned Users List by IP Clears the list of all banned users of the authgrp access group from the FortiProxy server based on the IP addresses that you have specified. clear_banned_users_list_by_ip
Investigation

operation: Create Firewall Policy

Input parameters

Parameter Description
Policy Name Specify the name of the firewall policy you want to create in the FortiProxy server.
Schedule Name Specify the name of the schedule associated with the firewall policy you want to create in the FortiProxy server.
Policy Type (Optional) Select the type of firewall policy that you want to create in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
  • If you select Explicit Web, then you can specify the following parameters:
    • Explicit Web Proxy: Specify the explicit web proxy of the firewall policy you want to create in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Transparent: (Optional) Select enable if you want the web proxy to use the original client address; else select disable.
  • If you select Transparent, then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Force Proxy: (Optional) Specify the setting that you want to apply for the 'Force Proxy' parameter in the firewall policy that you want to create in the FortiProxy server. You can choose between enable or disable. If you select enable, then all TCP transparent traffic is forced through the proxy; if you select disable, then the TCP transparent traffic is not forced through the proxy.
  • If you select Explicit FTP then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select SSH Tunnel then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to create in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select SSH then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select Access Proxy then you can specify the following parameters:
    • Access Proxy: Specify the access proxy of the firewall policy that you want to create in the FortiProxy server.
      Note: The maximum length that can be set is 79.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
  • If you select WanOpt then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to create in the FortiProxy server.
Source Address (Optional) Specify the source address and address group names to be associated with the firewall policy you want to create in the FortiProxy server.
Destination Address (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to create in the FortiProxy server.
IPV6 Source Address (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to create in the FortiProxy server.
IPV6 Destination Address (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to create in the FortiProxy server.
Policy ID (Optional) Specify the ID of the firewall policy that you want to create in the FortiProxy server.
Policy Action (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
  • Accept: Allows sessions that match the firewall policy.
  • Deny: Blocks sessions that match the firewall policy.
  • Redirect: Redirect sessions that match the firewall policy to a URL.
  • Isolate: Isolate sessions that match the firewall policy with an isolator.
Status (Optional) Select the status to be set for the firewall policy that you want to create in the FortiProxy server. You can choose between enable or disable.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall policy in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Policy

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall policies) is returned.

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall policies from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
With Meta Select this option if you want to include meta information such as type ID, references, etc. about each object.
Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Key Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall policies from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Values Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
    Meta: Returns the metadata for a specific object, table, or the entire CLI tree.
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}

operation: Get Firewall Policy Details

Input parameters

Parameter Description
Policy ID Specify the ID of the firewall policy whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Include Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Policy

Input parameters

Parameter Description
Policy ID Specify the ID of the policy whose firewall policy you want to update in the FortiProxy server.
Policy Name (Optional) Specify the name of the policy whose firewall policy you want to update in the FortiProxy server.
Schedule Name (Optional) Specify the name of the schedule whose firewall policy you want to update in the FortiProxy server.
Policy Type (Optional) Select the type of firewall policy that you want to update in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
  • If you select Explicit Web, then you can specify the following parameters:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Transparent: (Optional) Select enable if you want the web proxy to use the original client address; else select disable.
  • If you select Transparent, then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Force Proxy: (Optional) Specify the setting that you want to apply for the 'Force Proxy' parameter in the firewall policy that you want to update in the FortiProxy server. You can choose between enable or disable. If you select enable, then all TCP transparent traffic is forced through the proxy; if you select disable, then the TCP transparent traffic is not forced through the proxy.
  • If you select Explicit FTP then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select SSH Tunnel then you can specify the following parameters:
    • Source Interface: Specify the incoming (ingress) interface of the firewall policy that you want to update in the FortiProxy server.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select SSH then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select Access Proxy then you can specify the following parameters:
    • Access Proxy: Specify the access proxy of the firewall policy that you want to update in the FortiProxy server.
      Note: The maximum length that can be set is 79.
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
  • If you select WanOpt then you can specify the following parameter:
    • Destination Interface: Specify the outgoing (egress) interface of the firewall policy that you want to update in the FortiProxy server.
Source Address (Optional) Specify the source address and address group names to be associated with the firewall policy you want to update in the FortiProxy server.
Destination Address (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to update in the FortiProxy server.
IPV6 Source Address (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to update in the FortiProxy server.
IPV6 Destination Address (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to update in the FortiProxy server.
Policy Action (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
  • Accept: Allows sessions that match the firewall policy.
  • Deny: Blocks sessions that match the firewall policy.
  • Redirect: Redirect sessions that match the firewall policy to a URL.
  • Isolate: Isolate sessions that match the firewall policy with an isolator.
Status (Optional) Select the status to be set for the firewall policy that you want to update in the FortiProxy server. You can choose between enable or disable
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall policy in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Policy

Input parameters

Parameter Description
Policy ID Specify the ID of the firewall policy you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Create Firewall Address

Input parameters

Parameter Description
Address Name Specify the address name that you want to use to create the firewall address in the FortiProxy server.
Address Type

(Optional) Select the type of firewall address that you want to create in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.

  • If you select IP Mask, then you can specify the following parameter:
    • Subnet: (Optional) Specify the IP address and subnet mask of the address that you want to use to create the firewall address in the FortiProxy server.
  • If you select IP Range, then you can specify the following parameter:
    • Start IPV4 Address: (Optional) Specify the first IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to create in the FortiProxy server.
    • End IPV4 Address: (Optional) Specify the final IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to create in the FortiProxy server.
  • If you select FQDN, then you can specify the following parameter:
    • FQDN Address: (Optional) Specify the Fully Qualified Domain Name address to be assigned to the firewall address that you want to create in the FortiProxy server.
  • If you select Geography, then you can specify the following parameter:
    • Country: (Optional) Specify the IP addresses associated with a specific country to be assigned to the firewall address that you want to create in the FortiProxy server.
  • If you select WildCard, then you can specify the following parameter:
    • Wildcard Address and Netmask: (Optional) Specify the wildcard address and netmask based on which you want to create a firewall address in the FortiProxy server.
  • If you select Dynamic, then you can specify the following parameters:
    • Sub-Type Address: (Optional) Select the sub-type of firewall address that you want to create in the FortiProxy server. You can select from options such as SDB, ClearPass SPT, EMS Tag, FSSO, etc.
      If you select ClearPass SPT from this list, then from the System Posture Token list you can optionally Select the system posture token of the firewall address that you want to create in the FortiProxy server. You can select from the following available options: Unknown, Healthy, Quarantine, Checkup, Transient, or Infected.
  • If you select Interface Subnet, there are no additional parameters to be specified
  • If you select MAC, then you can specify the following parameter:
    • MAC Address: (Optional) Specify the multiple MAC address ranges of the firewall address that you want to create in the FortiProxy server.
Interface (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall addresses) is returned.

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall addresses from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Include Meta Information Select this option if you want to include meta information such as type ID, references, etc. about each object.
Include Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want t call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Filter on Property Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall addresses from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Properties Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"subnet": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address Details

Input parameters

Parameter Description
Address Name Specify the name of the firewall address whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-tag": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Address

Input parameters

Parameter Description
Address Name Specify the name of the firewall address you want to update in the FortiProxy server.
Address Type

(Optional) Select the type of firewall address that you want to update in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.

  • If you select IP Mask, then you can specify the following parameter:
    • Subnet: (Optional) Specify the IP address and subnet mask of the address that you want to use to update the firewall address in the FortiProxy server.
  • If you select IP Range, then you can specify the following parameter:
    • Start IPV4 Address: (Optional) Specify the first IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to update in the FortiProxy server.
    • End IPV4 Address: (Optional) Specify the final IP address (inclusive) in the range of addresses to be assigned to the firewall address that you want to update in the FortiProxy server.
  • If you select FQDN, then you can specify the following parameter:
    • FQDN Address: (Optional) Specify the Fully Qualified Domain Name address to be assigned to the firewall address that you want to update in the FortiProxy server.
  • If you select Geography, then you can specify the following parameter:
    • Country: (Optional) Specify the IP addresses associated with a specific country to be assigned to the firewall address that you want to update in the FortiProxy server.
  • If you select WildCard, then you can specify the following parameter:
    • Wildcard Address and Netmask: (Optional) Specify the wildcard address and netmask based on which you want to update a firewall address in the FortiProxy server.
  • If you select Dynamic, then you can specify the following parameters:
    • Sub-Type Address: (Optional) Select the sub-type of firewall address that you want to update in the FortiProxy server. You can select from options such as SDB, ClearPass SPT, EMS Tag, FSSO, etc.
      If you select ClearPass SPT from this list, then from the System Posture Token list you can optionally Select the system posture token of the firewall address that you want to update in the FortiProxy server. You can select from the following available options: Unknown, Healthy, Quarantine, Checkup, Transient, or Infected.
  • If you select Interface Subnet, there are no additional parameters to be specified
  • If you select MAC, then you can specify the following parameter:
    • MAC Address: (Optional) Specify the multiple MAC address ranges of the firewall address that you want to update in the FortiProxy server.
Interface (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".
Custom Properties

(Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Address

Input parameters

Parameter Description
Address Name Specify the name of the firewall address you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Create Firewall Address Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall address group that you want to create in the FortiProxy server.
Member Specify the address objects to be contained within the firewall address group you want to create in the FortiProxy server.
Address Group Type

(Optional) Select the type of address group you want to create in the FortiProxy server. You can choose from the following options:

  • Default: Default address group type (address can belong to multiple groups)
  • Folder: Address folder group (members cannot belong to any other group)
Comment (Optional) Specify the comment that you want to associate with the firewall address group you want to create in the FortiProxy server.
Exclude Address Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to create in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to create in the FortiProxy server.
Allow Routing (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address group in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address Group

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall address groups) is returned.

Input parameters

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall address groups from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Meta Information Select this option if you want to include meta information such as type ID, references, etc. about each object.
Include Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want t call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Filter on Property Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall address groups from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Properties Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Address Group Details

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall address group whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Address Group

Input parameters

Parameter Description
Address Group Name Specify the firewall address group name you want to update in the FortiProxy server.
Member (Optional)Specify the address objects to be contained within the firewall address group you want to update in the FortiProxy server.
Comment (Optional) Specify the comment that you want to associate with the firewall address group you want to update in the FortiProxy server.
Exclude Address Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to update in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to update in the FortiProxy server.
Allow Routing (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".
Custom Properties (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address group in the FortiProxy server.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Address Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall address group you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Create Firewall Service Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group that you want to create in the FortiProxy server.
Proxy Select enable if you want to enable the web proxy for the firewall service group you want to create in the FortiProxy server; else select disable.
Member Specify the address objects to be contained within the firewall service group you want to create in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to create in the FortiProxy server.
Comment (Optional) Specify the comment that you want to associate with the firewall service group you want to create in the FortiProxy server.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
New Resource ID (Optional) If the "Action" parameter value is specified as "clone", then specify the ID for the new resource to be created. For example, to clone `address1` to `address1_clone`, specify the "Action" parameter as "clone" and "New Resource ID" parameter as "address1_clone".
Note: This parameter can only be used when the "Action" parameter is set to "clone".

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Service Group

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.

Input parameters

Parameter Description
Data Source Select this option if you want to include the data source information for each linked object.
Start Specify the starting entry index from which you want this operation to fetch firewall service groups from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Meta Information Select this option if you want to include meta information such as type ID, references, etc. about each object.
Include Contents Hash Select this option if you want to include a checksum of each object's contents.
Skip Select this option if you want t call the 'CLI skip' operator used to hide skipped properties.
Include Properties Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Filter Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
Operator Description
== Case insensitive match with the pattern
!= Does not match with pattern (case insensitive)
=@ Pattern found in object value (case insensitive)
!@ ?Pattern not? found in object value (case insensitive)
<= Value must be less than or equal to ?pattern?
< Value must be less than ?pattern?
>= Value must be greater than or equal to ?pattern?
> Value must be greater than ?pattern?
Logical OR Separate filters using commas ','
Logical AND Filter strings can be combined to create logical AND queries by including multiple filters in the request
Combining AND and OR You can combine AND and OR filters together to create more complex filters.
Filter on Property Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation.
Pattern Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation.
Scope Specify the scope using which you want to retrieve firewall service address groups from the FortiProxy server. For example, [global,vdom,both*]
Exclude Default Properties Select this option if you want to exclude properties/objects with a default value.
Meta Only Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results.
Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'.
Action

Specify the action of the firewall policies that this operation returns. You can choose from the following options:

  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the schema for the entire CLI tree.
VDOM Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Firewall Service Group Details

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group whose details you want to retrieve from the FortiProxy server.
Data Source (Optional) Select this option if you want to include the data source information for each linked object.
Meta Information (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object.
Skip (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties.
Include Properties (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf
Action (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
  • Default: Returns the CLI default values for the entire CLI tree
  • Schema: Returns the CLI schema for this object type
  • Revision: Returns the CMDB revision for this object type
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}

operation: Update Firewall Service Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group that you want to update in the FortiProxy server.
Member (Optional) Specify the address objects to be contained within the firewall service group you want to update in the FortiProxy server.
Color (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to update in the FortiProxy server.
Comment (Optional) Specify the comment that you want to associate with the firewall service group you want to update in the FortiProxy server.
Security Fabric Object (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)
Action (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.
Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned.
Before (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1' to before 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.
Note: Use this parameter only when the "Action" parameter is set to "move".
After (Optional) If the "Action" parameter value is specified as "move", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1' to after 'object 2', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.
Note: Use this parameter only when the "Action" parameter is set to "move".

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Delete Firewall Service Group

Input parameters

Parameter Description
Address Group Name Specify the name of the firewall service group you want to delete from the FortiProxy server.
VDOM (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
  • vdom=root (Single VDOM)
  • vdom=vdom1,vdom2 (Multiple VDOMs)
  • vdom=* (All VDOMs)

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get Authenticated Firewall Users List

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.

Parameter Description
Start Specify the starting entry index from which you want this operation to fetch the list of authenticated firewall users from the FortiProxy server.
Count Specify the maximum count of records that you want this operation to fetch from the FortiProxy server.
Include IPV4 Users Select this option (default is selected) to include IPv4 users.
Include IPV6 Users Select this option to include IPv6 users.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"results": [],
"vdom": "",
"path": "",
"name": "",
"action": "",
"status": "",
"serial": "",
"version": "",
"build": ""
}

operation: DeAuthenticate Firewall Users

Input parameters

Parameter Description
User Type Specify the type of users you want to de-authenticate from the authgrp access group in the FortiProxy server.
User ID Specify the ID of users you want to de-authenticate from the authgrp access group in the FortiProxy server.
IP Address Specify the IP address of the users you want to de-authenticate from the authgrp access group in the FortiProxy server.
IP Version Specify the IP version [ip4|ip6] of the users, you want to de-authenticate from the authgrp access group in the FortiProxy server.
Note: This parameter is required only if the User Type is 'firewall'.
Authentication Method Specify the authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest] you want to de-authenticate from the authgrp access group in the FortiProxy server.
Note: This parameter is required only if the User Type is 'firewall'.
DeAuthenticate All Users Select this option if you want to de-authenticate all users from the authgrp access group in the FortiProxy server.
Note: If this parameter is selected, then all other parameters will be ignored.
Users Specify an array of user objects to de-authenticate from the authgrp access group in the FortiProxy server. Use this parameter to de-authenticate multiple users at the same time. Each object should include the above properties.

Output

The output contains a non-dictionary value.

operation: Add Users to Banned List

Input parameters

Parameter Description
IP Addresses Specify a comma-separated list of IP addresses that you want to add to the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported.
Expiry

Specify the time in seconds until the expiration of the ban. If you want the ban to be indefinite, then enter '0'.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}

operation: Get All Banned Users List

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"name": "",
"path": "",
"vdom": "",
"build": "",
"action": "",
"serial": "",
"status": "",
"results": [
{
"ipv6": "",
"source": "",
"created": "",
"ip_address": ""
}
],
"version": "",
"http_method": ""
}

operation: Clear All Banned Users List

Input parameters

None.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}

operation: Clear Banned Users List by IP

Input parameters

Parameter Description
IP Addresses Specify the list of banned IP addresses that you want to remove from the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported.

Output

The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}

Included playbooks

The Sample - fortinet-fortiproxy - 1.0.0 playbook collection comes bundled with the Fortinet FortiProxy connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiProxy connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.

Previous
Next