FortiProxy provides a secure web gateway that protects against web attacks with URL filtering, visibility and control of encrypted web traffic through SSL and SSH inspection, and application of granular web application policies.
This document provides information about the Fortinet FortiProxy Connector, which facilitates automated interactions, with a Fortinet FortiProxy server using FortiSOAR™ playbooks. Add the Fortinet FortiProxy Connector as a step in FortiSOAR™ playbooks and perform automated operations such as creating a firewall policy in the FortiProxy server, retrieving all firewall addresses or specific firewall addresses from the FortiProxy server, adding users to the banned list of the authgrp
access group in the FortiProxy server, etc.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.4.0-3024
Fortinet FortiProxy Version Tested on: 7.2.2-0333
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-fortinet-fortiproxy
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Fortinet FortiProxy connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | Specify the URL of the FortiProxy server to connect and perform automated operations. |
API Key | Specify the API key configured for your account for using the FortiProxy APIs. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Create Firewall Policy | Creates a firewall policy in the FortiProxy server based on Policy Name, Schedule Name, Source Interface, and other input parameters you have specified. | create_firewall_policy Investigation |
Get Firewall Policy | Retrieves all firewall policies or specific firewall policies from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_policy Investigation |
Get Firewall Policy Details | Retrieves details of a specific firewall policy from the FortiProxy server based on Policy ID, Properties, and other input parameters you have specified. | get_firewall_policy_details Investigation |
Update Firewall Policy | Updates a specific firewall policy in the FortiProxy server based on the Policy ID, type, and other input parameters you have specified. | update_firewall_policy Investigation |
Delete Firewall Policy | Deletes a specific firewall policy from the FortiProxy server based on the policy ID and VDOM details that you have specified. | delete_firewall_policy Investigation |
Create Firewall Address | Creates a firewall address in the FortiProxy server based on the name of the address, the type of the address, and other input parameters that you have specified. | create_firewall_address Investigation |
Get Firewall Address | Retrieves all firewall addresses or specific firewall addresses from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_address Investigation |
Get Firewall Address Details | Retrieves details of a specific firewall address from the FortiProxy server based on the Address Name, Properties, and other input parameters you have specified. | get_firewall_address_details Investigation |
Update Firewall Address | Updates a specific firewall policy in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. | update_firewall_address Investigation |
Delete Firewall Address | Deletes a specific firewall address from the FortiProxy server based on the name of the firewall address and VDOM details that you have specified. | delete_firewall_address Investigation |
Create Firewall Address Group | Creates a firewall address group in the FortiProxy server based on the name, members, category, type, etc of the address group, and other input parameters that you have specified. | create_firewall_address_group Investigation |
Get Firewall Address Group | Retrieves all firewall address groups or specific firewall address groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_address_group Investigation |
Get Firewall Address Group Details | Retrieves details of a specific firewall address group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. | get_firewall_address_group_details Investigation |
Update Firewall Address Group | Updates a specific firewall address group in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. | update_firewall_address_group Investigation |
Delete Firewall Address Group | Deletes a specific firewall address group from the FortiProxy server based on the name of the firewall address group and VDOM details that you have specified. | delete_firewall_address_group Investigation |
Create Firewall Service Group | Creates a firewall service group in the FortiProxy server based on the name of the address group, members, and other input parameters that you have specified. | create_firewall_service_group Investigation |
Get Firewall Service Group | Retrieves all firewall service groups or specific firewall service groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_service_group Investigation |
Get Firewall Service Group Details | Retrieves details of a specific firewall service group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. | get_firewall_service_group_details Investigation |
Update Firewall Service Group | Updates a specific firewall service group in the FortiProxy serve based on the name of the address group, members, and other input parameters that you have specified. | update_firewall_service_group Investigation |
Delete Firewall Service Group | Deletes a specific firewall service group from the FortiProxy server based on the name of the firewall service group and VDOM details that you have specified. | delete_firewall_service_group Investigation |
Get Authenticated Firewall Users List | Retrieves all authenticated firewall users or specific authenticated firewall users of the authgrp access group from the FortiProxy server based on the start index, count, and other input parameters that you have specified. |
get_authenticated_firewall_users_list Investigation |
DeAuthenticate Firewall Users | Deauthenticates firewall users from the authgrp access group in the FortiProxy server based on the user type, user ID, IP address, and other input parameters that you have specified. |
deauthenticate_firewall_users Investigation |
Add Users to Banned List | Adds users to the banned list of the authgrp access group in the FortiProxy server based on the IP addresses and the ban expiration time you have specified. |
add_users_to_banned_list Investigation |
Get All Banned Users List | Retrieves list of all banned users of the authgrp access group from the FortiProxy server. |
get_all_banned_users_list Investigation |
Clear All Banned Users List | Clears the list of all banned users of the authgrp access group from the FortiProxy server. |
clear_all_banned_users_list Investigation |
Clear Banned Users List by IP | Clears the list of all banned users of the authgrp access group from the FortiProxy server based on the IP addresses that you have specified. |
clear_banned_users_list_by_ip Investigation |
Parameter | Description |
---|---|
Policy Name | Specify the name of the firewall policy you want to create in the FortiProxy server. |
Schedule Name | Specify the name of the schedule associated with the firewall policy you want to create in the FortiProxy server. |
Policy Type | (Optional) Select the type of firewall policy that you want to create in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
|
Source Address | (Optional) Specify the source address and address group names to be associated with the firewall policy you want to create in the FortiProxy server. |
Destination Address | (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to create in the FortiProxy server. |
IPV6 Source Address | (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to create in the FortiProxy server. |
IPV6 Destination Address | (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to create in the FortiProxy server. |
Policy ID | (Optional) Specify the ID of the firewall policy that you want to create in the FortiProxy server. |
Policy Action | (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
|
Status | (Optional) Select the status to be set for the firewall policy that you want to create in the FortiProxy server. You can choose between enable or disable. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall policy in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall policies) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall policies from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
With Meta | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Key | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall policies from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Values | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the firewall policy whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Include Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the policy whose firewall policy you want to update in the FortiProxy server. |
Policy Name | (Optional) Specify the name of the policy whose firewall policy you want to update in the FortiProxy server. |
Schedule Name | (Optional) Specify the name of the schedule whose firewall policy you want to update in the FortiProxy server. |
Policy Type | (Optional) Select the type of firewall policy that you want to update in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
|
Source Address | (Optional) Specify the source address and address group names to be associated with the firewall policy you want to update in the FortiProxy server. |
Destination Address | (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to update in the FortiProxy server. |
IPV6 Source Address | (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to update in the FortiProxy server. |
IPV6 Destination Address | (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to update in the FortiProxy server. |
Policy Action | (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
|
Status | (Optional) Select the status to be set for the firewall policy that you want to update in the FortiProxy server. You can choose between enable or disable |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall policy in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the firewall policy you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Name | Specify the address name that you want to use to create the firewall address in the FortiProxy server. |
Address Type |
(Optional) Select the type of firewall address that you want to create in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.
|
Interface | (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided. Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall addresses) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall addresses from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
Include Meta Information | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Include Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want t call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Filter on Property | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall addresses from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Properties | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"subnet": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Name | Specify the name of the firewall address whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-tag": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
operation: Update Firewall Address
Input parameters
Parameter | Description |
---|---|
Address Name | Specify the name of the firewall address you want to update in the FortiProxy server. |
Address Type |
(Optional) Select the type of firewall address that you want to update in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.
|
Interface | (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided. Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
Custom Properties |
(Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Name | Specify the name of the firewall address you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall address group that you want to create in the FortiProxy server. |
Member | Specify the address objects to be contained within the firewall address group you want to create in the FortiProxy server. |
Address Group Type |
(Optional) Select the type of address group you want to create in the FortiProxy server. You can choose from the following options:
|
Comment | (Optional) Specify the comment that you want to associate with the firewall address group you want to create in the FortiProxy server. |
Exclude Address | Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to create in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to create in the FortiProxy server. |
Allow Routing | (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address group in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall address groups) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall address groups from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
Meta Information | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Include Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want t call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Filter on Property | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall address groups from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Properties | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall address group whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the firewall address group name you want to update in the FortiProxy server. |
Member | (Optional)Specify the address objects to be contained within the firewall address group you want to update in the FortiProxy server. |
Comment | (Optional) Specify the comment that you want to associate with the firewall address group you want to update in the FortiProxy server. |
Exclude Address | Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to update in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to update in the FortiProxy server. |
Allow Routing | (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address group in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall address group you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group that you want to create in the FortiProxy server. |
Proxy | Select enable if you want to enable the web proxy for the firewall service group you want to create in the FortiProxy server; else select disable. |
Member | Specify the address objects to be contained within the firewall service group you want to create in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to create in the FortiProxy server. |
Comment | (Optional) Specify the comment that you want to associate with the firewall service group you want to create in the FortiProxy server. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall service groups from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
Meta Information | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Include Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want t call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Filter on Property | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall service address groups from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Properties | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group that you want to update in the FortiProxy server. |
Member | (Optional) Specify the address objects to be contained within the firewall service group you want to update in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to update in the FortiProxy server. |
Comment | (Optional) Specify the comment that you want to associate with the firewall service group you want to update in the FortiProxy server. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.
Parameter | Description |
---|---|
Start | Specify the starting entry index from which you want this operation to fetch the list of authenticated firewall users from the FortiProxy server. |
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. |
Include IPV4 Users | Select this option (default is selected) to include IPv4 users. |
Include IPV6 Users | Select this option to include IPv6 users. |
The output contains the following populated JSON schema:
{
"http_method": "",
"results": [],
"vdom": "",
"path": "",
"name": "",
"action": "",
"status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
User Type | Specify the type of users you want to de-authenticate from the authgrp access group in the FortiProxy server. |
User ID | Specify the ID of users you want to de-authenticate from the authgrp access group in the FortiProxy server. |
IP Address | Specify the IP address of the users you want to de-authenticate from the authgrp access group in the FortiProxy server. |
IP Version | Specify the IP version [ip4|ip6] of the users, you want to de-authenticate from the authgrp access group in the FortiProxy server.Note: This parameter is required only if the User Type is 'firewall'. |
Authentication Method | Specify the authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest] you want to de-authenticate from the authgrp access group in the FortiProxy server.Note: This parameter is required only if the User Type is 'firewall'. |
DeAuthenticate All Users | Select this option if you want to de-authenticate all users from the authgrp access group in the FortiProxy server.Note: If this parameter is selected, then all other parameters will be ignored. |
Users | Specify an array of user objects to de-authenticate from the authgrp access group in the FortiProxy server. Use this parameter to de-authenticate multiple users at the same time. Each object should include the above properties. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
IP Addresses | Specify a comma-separated list of IP addresses that you want to add to the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported. |
Expiry |
Specify the time in seconds until the expiration of the ban. If you want the ban to be indefinite, then enter '0'. |
The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}
None.
The output contains the following populated JSON schema:
{
"name": "",
"path": "",
"vdom": "",
"build": "",
"action": "",
"serial": "",
"status": "",
"results": [
{
"ipv6": "",
"source": "",
"created": "",
"ip_address": ""
}
],
"version": "",
"http_method": ""
}
None.
The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
IP Addresses | Specify the list of banned IP addresses that you want to remove from the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported. |
The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}
The Sample - fortinet-fortiproxy - 1.0.0
playbook collection comes bundled with the Fortinet FortiProxy connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiProxy connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.
FortiProxy provides a secure web gateway that protects against web attacks with URL filtering, visibility and control of encrypted web traffic through SSL and SSH inspection, and application of granular web application policies.
This document provides information about the Fortinet FortiProxy Connector, which facilitates automated interactions, with a Fortinet FortiProxy server using FortiSOAR™ playbooks. Add the Fortinet FortiProxy Connector as a step in FortiSOAR™ playbooks and perform automated operations such as creating a firewall policy in the FortiProxy server, retrieving all firewall addresses or specific firewall addresses from the FortiProxy server, adding users to the banned list of the authgrp
access group in the FortiProxy server, etc.
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 7.4.0-3024
Fortinet FortiProxy Version Tested on: 7.2.2-0333
Authored By: Fortinet
Certified: Yes
Use the Content Hub to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum
command as a root user to install the connector:
yum install cyops-connector-fortinet-fortiproxy
For the procedure to configure a connector, click here
In FortiSOAR™, on the Connectors page, click the Fortinet FortiProxy connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details:
Parameter | Description |
---|---|
Server URL | Specify the URL of the FortiProxy server to connect and perform automated operations. |
API Key | Specify the API key configured for your account for using the FortiProxy APIs. |
Verify SSL | Specifies whether the SSL certificate for the server is to be verified or not. |
The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™:
Function | Description | Annotation and Category |
---|---|---|
Create Firewall Policy | Creates a firewall policy in the FortiProxy server based on Policy Name, Schedule Name, Source Interface, and other input parameters you have specified. | create_firewall_policy Investigation |
Get Firewall Policy | Retrieves all firewall policies or specific firewall policies from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_policy Investigation |
Get Firewall Policy Details | Retrieves details of a specific firewall policy from the FortiProxy server based on Policy ID, Properties, and other input parameters you have specified. | get_firewall_policy_details Investigation |
Update Firewall Policy | Updates a specific firewall policy in the FortiProxy server based on the Policy ID, type, and other input parameters you have specified. | update_firewall_policy Investigation |
Delete Firewall Policy | Deletes a specific firewall policy from the FortiProxy server based on the policy ID and VDOM details that you have specified. | delete_firewall_policy Investigation |
Create Firewall Address | Creates a firewall address in the FortiProxy server based on the name of the address, the type of the address, and other input parameters that you have specified. | create_firewall_address Investigation |
Get Firewall Address | Retrieves all firewall addresses or specific firewall addresses from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_address Investigation |
Get Firewall Address Details | Retrieves details of a specific firewall address from the FortiProxy server based on the Address Name, Properties, and other input parameters you have specified. | get_firewall_address_details Investigation |
Update Firewall Address | Updates a specific firewall policy in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. | update_firewall_address Investigation |
Delete Firewall Address | Deletes a specific firewall address from the FortiProxy server based on the name of the firewall address and VDOM details that you have specified. | delete_firewall_address Investigation |
Create Firewall Address Group | Creates a firewall address group in the FortiProxy server based on the name, members, category, type, etc of the address group, and other input parameters that you have specified. | create_firewall_address_group Investigation |
Get Firewall Address Group | Retrieves all firewall address groups or specific firewall address groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_address_group Investigation |
Get Firewall Address Group Details | Retrieves details of a specific firewall address group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. | get_firewall_address_group_details Investigation |
Update Firewall Address Group | Updates a specific firewall address group in the FortiProxy server based on the name of the firewall address, the type of the address, and other input parameters that you have specified. | update_firewall_address_group Investigation |
Delete Firewall Address Group | Deletes a specific firewall address group from the FortiProxy server based on the name of the firewall address group and VDOM details that you have specified. | delete_firewall_address_group Investigation |
Create Firewall Service Group | Creates a firewall service group in the FortiProxy server based on the name of the address group, members, and other input parameters that you have specified. | create_firewall_service_group Investigation |
Get Firewall Service Group | Retrieves all firewall service groups or specific firewall service groups from the FortiProxy server based on Properties, Start index, Count, and other input parameters you have specified. | get_firewall_service_group Investigation |
Get Firewall Service Group Details | Retrieves details of a specific firewall service group from the FortiProxy server based on the Address Group Name, Data Source, and other input parameters that you have specified. | get_firewall_service_group_details Investigation |
Update Firewall Service Group | Updates a specific firewall service group in the FortiProxy serve based on the name of the address group, members, and other input parameters that you have specified. | update_firewall_service_group Investigation |
Delete Firewall Service Group | Deletes a specific firewall service group from the FortiProxy server based on the name of the firewall service group and VDOM details that you have specified. | delete_firewall_service_group Investigation |
Get Authenticated Firewall Users List | Retrieves all authenticated firewall users or specific authenticated firewall users of the authgrp access group from the FortiProxy server based on the start index, count, and other input parameters that you have specified. |
get_authenticated_firewall_users_list Investigation |
DeAuthenticate Firewall Users | Deauthenticates firewall users from the authgrp access group in the FortiProxy server based on the user type, user ID, IP address, and other input parameters that you have specified. |
deauthenticate_firewall_users Investigation |
Add Users to Banned List | Adds users to the banned list of the authgrp access group in the FortiProxy server based on the IP addresses and the ban expiration time you have specified. |
add_users_to_banned_list Investigation |
Get All Banned Users List | Retrieves list of all banned users of the authgrp access group from the FortiProxy server. |
get_all_banned_users_list Investigation |
Clear All Banned Users List | Clears the list of all banned users of the authgrp access group from the FortiProxy server. |
clear_all_banned_users_list Investigation |
Clear Banned Users List by IP | Clears the list of all banned users of the authgrp access group from the FortiProxy server based on the IP addresses that you have specified. |
clear_banned_users_list_by_ip Investigation |
Parameter | Description |
---|---|
Policy Name | Specify the name of the firewall policy you want to create in the FortiProxy server. |
Schedule Name | Specify the name of the schedule associated with the firewall policy you want to create in the FortiProxy server. |
Policy Type | (Optional) Select the type of firewall policy that you want to create in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
|
Source Address | (Optional) Specify the source address and address group names to be associated with the firewall policy you want to create in the FortiProxy server. |
Destination Address | (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to create in the FortiProxy server. |
IPV6 Source Address | (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to create in the FortiProxy server. |
IPV6 Destination Address | (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to create in the FortiProxy server. |
Policy ID | (Optional) Specify the ID of the firewall policy that you want to create in the FortiProxy server. |
Policy Action | (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
|
Status | (Optional) Select the status to be set for the firewall policy that you want to create in the FortiProxy server. You can choose between enable or disable. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall policy in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall policies) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall policies from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
With Meta | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Key | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall policies from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Values | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the firewall policy whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Include Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"policyid": "",
"q_origin_key": "",
"type": "",
"status": "",
"name": "",
"uuid": "",
"uuid-idx": "",
"force-proxy": "",
"dynamic-bypass": "",
"srcintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"dstintf": [
{
"datasource": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"dstaddr": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"srcaddr6": [],
"dstaddr6": [],
"action": "",
"schedule": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"service": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"explicit-web-proxy": "",
"transparent": "",
"access-proxy": [],
"ztna-ems-tag": [],
"ztna-tags-match-logic": "",
"device-ownership": "",
"internet-service": "",
"pass-through": "",
"internet-service-name": [],
"internet-service-custom": [],
"utm-status": "",
"webproxy-profile": "",
"logtraffic": "",
"logtraffic-start": "",
"log-http-transaction": "",
"wanopt": "",
"wanopt-detection": "",
"wanopt-passive-opt": "",
"wanopt-profile": "",
"wanopt-peer": "",
"webcache": "",
"webcache-https": "",
"reverse-cache": "",
"http-tunnel-auth": "",
"ssh-policy-check": "",
"webproxy-forward-server": "",
"isolator-server": "",
"poolname": [],
"groups": [],
"users": [],
"disclaimer": "",
"comments": "",
"label": "",
"global-label": "",
"redirect-url": "",
"custom-log-fields": [],
"replacemsg-override-group": "",
"srcaddr-negate": "",
"dstaddr-negate": "",
"service-negate": "",
"internet-service-negate": "",
"decrypted-traffic-mirror": "",
"max-session-per-user": "",
"profile-type": "",
"profile-group": "",
"profile-protocol-options": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"ssl-ssh-profile": {
"q_origin_key": "",
"name": "",
"datasource": "",
"css-class": ""
},
"av-profile": "",
"ia-profile": "",
"webfilter-profile": "",
"dnsfilter-profile": "",
"emailfilter-profile": "",
"dlp-sensor": "",
"file-filter-profile": "",
"ips-sensor": "",
"application-list": "",
"icap-profile": "",
"cifs-profile": "",
"videofilter-profile": "",
"isolator-profile": "",
"ssh-filter-profile": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the policy whose firewall policy you want to update in the FortiProxy server. |
Policy Name | (Optional) Specify the name of the policy whose firewall policy you want to update in the FortiProxy server. |
Schedule Name | (Optional) Specify the name of the schedule whose firewall policy you want to update in the FortiProxy server. |
Policy Type | (Optional) Select the type of firewall policy that you want to update in the FortiProxy server. You can choose from the available options such as Explicit Web, Transparent, SSH, WanOpt, etc.
|
Source Address | (Optional) Specify the source address and address group names to be associated with the firewall policy you want to update in the FortiProxy server. |
Destination Address | (Optional) Specify the destination address and address group names to be associated with the firewall policy you want to update in the FortiProxy server. |
IPV6 Source Address | (Optional) Specify the IPv6 source address (web proxy only) of the firewall policy you want to update in the FortiProxy server. |
IPV6 Destination Address | (Optional) Specify the IPv6 destination address (web proxy only) of the firewall policy that you want to update in the FortiProxy server. |
Policy Action | (Optional) Select an action to be applied to the firewall policy you want to create in the FortiProxy server. You can choose from the following available options:
|
Status | (Optional) Select the status to be set for the firewall policy that you want to update in the FortiProxy server. You can choose between enable or disable |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall policy in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Policy ID | Specify the ID of the firewall policy you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Name | Specify the address name that you want to use to create the firewall address in the FortiProxy server. |
Address Type |
(Optional) Select the type of firewall address that you want to create in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.
|
Interface | (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided. Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall addresses) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall addresses from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
Include Meta Information | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Include Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want t call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Filter on Property | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall addresses from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Properties | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"subnet": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Name | Specify the name of the firewall address whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"uuid": "",
"type": "",
"sub-type": "",
"clearpass-spt": "",
"country": "",
"pattern-start": "",
"pattern-end": "",
"cache-ttl": "",
"sdn": "",
"fsso-group": [],
"interface": "",
"obj-tag": "",
"obj-type": "",
"tag-detection-level": "",
"tag-type": "",
"dirty": "",
"comment": "",
"associated-interface": "",
"color": "",
"filter": "",
"sdn-addr-type": "",
"node-ip-only": "",
"obj-id": "",
"list": [],
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
operation: Update Firewall Address
Input parameters
Parameter | Description |
---|---|
Address Name | Specify the name of the firewall address you want to update in the FortiProxy server. |
Address Type |
(Optional) Select the type of firewall address that you want to update in the FortiProxy server. You can select from the available options such as IP Mask, MAC, Interface Subnet, etc.
|
Interface | (Optional) Specify the name of the interface whose IP address is to be used to create a firewall address in the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided. Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
Custom Properties |
(Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Name | Specify the name of the firewall address you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall address group that you want to create in the FortiProxy server. |
Member | Specify the address objects to be contained within the firewall address group you want to create in the FortiProxy server. |
Address Group Type |
(Optional) Select the type of address group you want to create in the FortiProxy server. You can choose from the following options:
|
Comment | (Optional) Specify the comment that you want to associate with the firewall address group you want to create in the FortiProxy server. |
Exclude Address | Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to create in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to create in the FortiProxy server. |
Allow Routing | (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to create the firewall address group in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall address groups) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall address groups from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
Meta Information | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Include Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want t call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Filter on Property | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall address groups from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Properties | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall address group whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"type": "",
"category": "",
"uuid": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"exclude": "",
"exclude-member": [],
"color": "",
"tagging": [],
"allow-routing": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the firewall address group name you want to update in the FortiProxy server. |
Member | (Optional)Specify the address objects to be contained within the firewall address group you want to update in the FortiProxy server. |
Comment | (Optional) Specify the comment that you want to associate with the firewall address group you want to update in the FortiProxy server. |
Exclude Address | Select enable if you want to enable address exclusion or disable to disable address exclusion. If you select enable, then in the Exclude Member field, specify the address exclusion member that you want to assign to the firewall address group you want to update in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall address group you want to update in the FortiProxy server. |
Allow Routing | (Optional) Select enable if you want to enable the use of this group in the static route configuration or disable to disable the use of this group in the static route configuration. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
Custom Properties | (Optional) Additional properties (fields), in the JSON format, based on which you want to update the firewall address group in the FortiProxy server. |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall address group you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group that you want to create in the FortiProxy server. |
Proxy | Select enable if you want to enable the web proxy for the firewall service group you want to create in the FortiProxy server; else select disable. |
Member | Specify the address objects to be contained within the firewall service group you want to create in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to create in the FortiProxy server. |
Comment | (Optional) Specify the comment that you want to associate with the firewall service group you want to create in the FortiProxy server. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
New Resource ID | (Optional) If the "Action" parameter value is specified as "clone ", then specify the ID for the new resource to be created. For example, to clone `address1 ` to `address1_clone `, specify the "Action" parameter as "clone " and "New Resource ID" parameter as "address1_clone ".Note: This parameter can only be used when the "Action" parameter is set to "clone". |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.
Parameter | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Data Source | Select this option if you want to include the data source information for each linked object. | ||||||||||||||||||||||||
Start | Specify the starting entry index from which you want this operation to fetch firewall service groups from the FortiProxy server. | ||||||||||||||||||||||||
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. | ||||||||||||||||||||||||
Meta Information | Select this option if you want to include meta information such as type ID, references, etc. about each object. | ||||||||||||||||||||||||
Include Contents Hash | Select this option if you want to include a checksum of each object's contents. | ||||||||||||||||||||||||
Skip | Select this option if you want t call the 'CLI skip' operator used to hide skipped properties. | ||||||||||||||||||||||||
Include Properties | Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
||||||||||||||||||||||||
Filter | Specify multiple key/value pairs used to filter firewall policies retrieved from the FortiProxy server.
|
||||||||||||||||||||||||
Filter on Property | Specify the key, i.e, the name of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Pattern | Specify the pattern i.e, the value of a property, using which you want to filter objects retrieved by this operation. | ||||||||||||||||||||||||
Scope | Specify the scope using which you want to retrieve firewall service address groups from the FortiProxy server. For example, [global,vdom,both*] |
||||||||||||||||||||||||
Exclude Default Properties | Select this option if you want to exclude properties/objects with a default value. | ||||||||||||||||||||||||
Meta Only | Select this option if you want this operation to return only the total filtered count (based on the filter parameters) and table size, and table entries will not be emitted to results. Note: You should enable this option only when you are fetching the 'datasouce' table type and the filter is not on 'masterkey'. |
||||||||||||||||||||||||
Action |
Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
||||||||||||||||||||||||
VDOM | Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"size": "",
"matched_count": "",
"next_idx": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_contents_checksum": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group whose details you want to retrieve from the FortiProxy server. |
Data Source | (Optional) Select this option if you want to include the data source information for each linked object. |
Meta Information | (Optional) Select this option if you want to include meta information such as type ID, references, etc. about each object. |
Skip | (Optional) Select this option if you want to call the 'CLI skip' operator used to hide skipped properties. |
Include Properties | (Optional) Specify the list of property names separated by | that you want to include in the results of this operation. For example, policyid|srcintf |
Action | (Optional) Specify the action of the firewall policies that this operation returns. You can choose from the following options:
|
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"results": [
{
"name": "",
"q_origin_key": "",
"css-class": "",
"proxy": "",
"member": [
{
"datasource": "",
"css-class": "",
"name": "",
"q_origin_key": ""
}
],
"comment": "",
"color": "",
"fabric-object": "",
"q_ref": "",
"q_static": "",
"q_no_rename": "",
"q_global_entry": "",
"q_type": "",
"q_path": "",
"q_name": "",
"q_mkey_type": "",
"q_no_edit": "",
"q_class": ""
}
],
"vdom": "",
"path": "",
"name": "",
"mkey": "",
"status": "",
"http_status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group that you want to update in the FortiProxy server. |
Member | (Optional) Specify the address objects to be contained within the firewall service group you want to update in the FortiProxy server. |
Color | (Optional) Specify the color of the icon on the GUI that you want to assign to the firewall service group you want to update in the FortiProxy server. |
Comment | (Optional) Specify the comment that you want to associate with the firewall service group you want to update in the FortiProxy server. |
Security Fabric Object | (Optional) Select enable if you want to set the security fabric of the object as global or disable to set the security fabric of the object as local. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
Action | (Optional) If supported, the clone action can be specified. clone clones the specific resource, and when clone is set the "New Resource ID" parameter must be provided.Note: If this parameter is provided when it is not supported, the action will be ignored and an invalid request error will be returned. |
Before | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource before which this resource will be moved. For example, to move 'object 1 ' to before 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 2.Note: Use this parameter only when the "Action" parameter is set to "move". |
After | (Optional) If the "Action" parameter value is specified as "move ", use this parameter to specify the ID of the resource after which this resource will be moved. For example, to move 'object 1 ' to after 'object 2 ', use: the "Action" parameter as "move" and the "New Resource ID" parameter as 3.Note: Use this parameter only when the "Action" parameter is set to "move". |
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
Address Group Name | Specify the name of the firewall service group you want to delete from the FortiProxy server. |
VDOM | (Optional) Specify the Virtual Domain(s) from which results are returned or changes are applied. If this parameter is not provided, then the management VDOM is used. If the admin does not have access to the VDOM, a permission error is returned. The URL parameter must be one of the following:
|
The output contains the following populated JSON schema:
{
"http_method": "",
"revision": "",
"revision_changed": "",
"old_revision": "",
"mkey": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"serial": "",
"version": "",
"build": ""
}
Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list (of firewall service groups) is returned.
Parameter | Description |
---|---|
Start | Specify the starting entry index from which you want this operation to fetch the list of authenticated firewall users from the FortiProxy server. |
Count | Specify the maximum count of records that you want this operation to fetch from the FortiProxy server. |
Include IPV4 Users | Select this option (default is selected) to include IPv4 users. |
Include IPV6 Users | Select this option to include IPv6 users. |
The output contains the following populated JSON schema:
{
"http_method": "",
"results": [],
"vdom": "",
"path": "",
"name": "",
"action": "",
"status": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
User Type | Specify the type of users you want to de-authenticate from the authgrp access group in the FortiProxy server. |
User ID | Specify the ID of users you want to de-authenticate from the authgrp access group in the FortiProxy server. |
IP Address | Specify the IP address of the users you want to de-authenticate from the authgrp access group in the FortiProxy server. |
IP Version | Specify the IP version [ip4|ip6] of the users, you want to de-authenticate from the authgrp access group in the FortiProxy server.Note: This parameter is required only if the User Type is 'firewall'. |
Authentication Method | Specify the authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest] you want to de-authenticate from the authgrp access group in the FortiProxy server.Note: This parameter is required only if the User Type is 'firewall'. |
DeAuthenticate All Users | Select this option if you want to de-authenticate all users from the authgrp access group in the FortiProxy server.Note: If this parameter is selected, then all other parameters will be ignored. |
Users | Specify an array of user objects to de-authenticate from the authgrp access group in the FortiProxy server. Use this parameter to de-authenticate multiple users at the same time. Each object should include the above properties. |
The output contains a non-dictionary value.
Parameter | Description |
---|---|
IP Addresses | Specify a comma-separated list of IP addresses that you want to add to the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported. |
Expiry |
Specify the time in seconds until the expiration of the ban. If you want the ban to be indefinite, then enter '0'. |
The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}
None.
The output contains the following populated JSON schema:
{
"name": "",
"path": "",
"vdom": "",
"build": "",
"action": "",
"serial": "",
"status": "",
"results": [
{
"ipv6": "",
"source": "",
"created": "",
"ip_address": ""
}
],
"version": "",
"http_method": ""
}
None.
The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}
Parameter | Description |
---|---|
IP Addresses | Specify the list of banned IP addresses that you want to remove from the authgrp access group in the FortiProxy server. IPv4 and IPv6 addresses are supported. |
The output contains the following populated JSON schema:
{
"http_method": "",
"status": "",
"http_status": "",
"vdom": "",
"path": "",
"name": "",
"action": "",
"serial": "",
"version": "",
"build": ""
}
The Sample - fortinet-fortiproxy - 1.0.0
playbook collection comes bundled with the Fortinet FortiProxy connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Fortinet FortiProxy connector.
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during the connector upgrade and delete.