Skip to content

eoprede/fortigate_api

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
api_prefix_list_not_working.py
api_prefix_list_not_working.py
 
 
fw_api_test.py
fw_api_test.py
 
 

Repository files navigation

fw_api_test

Main library to interface with the Fortigate API It's best to use it with Fortigates running code 5.4 and later, as 5.2 lacks lots of API calls.

Consider taking a look at the Ansible modules that are based on this library, as they provide lots of additional functionality for managing the Fortigate Firewalls.

Usage:

Instantiate object
fw = fortigate_api('1.2.3.4:10443', un, pw)

Proxy servers are supported as well: Note that you will need to install socks5 for requests library: http://docs.python-requests.org/en/master/user/advanced/#socks

proxy={'https': 'socks5://127.0.0.1:9000'}
fw = fortigate_api('1.2.3.4:10443', un, pw, proxies=proxy)

You can enable HTTPS warnings if you are using real certs:

fw = fortigate_api('1.2.3.4:10443', un, pw, disable_warnings=False)

Show parameters of an object

For example, to print all the interfaces:

a = fw.show(['cmdb', 'system', 'interface'])
fw.print_data(a)

You can print only specific interface:

a = fw.show('cmdb/system/interface/port1') # note that you can provide either string or a list for API path
fw.print_data(a)

Sometimes it's hard to find the exact API path, so you can display the API schema (beware that it's very large)

fw.show(['cmdb', 'system', 'interface'], params={'action':'schema'}))

or for all the configurable objects (9M file), you can do

fw.show(['cmdb'], params={'action':'schema'}))

Edit parameters of an object

For example, edit route 1 and display OK if change successful:

a = fw.edit(['cmdb', 'router', 'static', '1'], data={"device": "FW_IP_outbound","dst": "0.0.0.0 0.0.0.0","gateway": "10.0.1.1","comment": "Default route for FW outbound"})
fw.print_data(a)

Remove object

For example, remove DHCP server 1

fw.remove(['cmdb', 'system.dhcp', 'server', '1'])

Create new object

For example, create new firewall rule:

policy = {"action": "accept",
            "dstaddr": [{"name": "all"}],
            "dstintf": [{"name": "Ext1"}],
            "name": "Allow_all_in",
            "nat": "disable",
            "policyid": 1,
            "schedule": "always",
            "service": [{"name": "ALL"}],
            "srcaddr": [{"name": "all"}],
            "srcintf": [{"name": "Ext2"}],
            "status": "disable"}
fw.create (['cmdb','firewall','policy'], data=policy)

Move policy around

By default, new policy is being placed at the end of the rules list. You can move it aroud as needed with the following code:

fw.edit(['cmdb', 'firewall', 'policy', '3'], params={"action": "move", "before": "1"})
fw.edit(['cmdb', 'firewall', 'policy', '3'], params={"action": "move", "after": "1"})

Note that you are referencing policies by their ID and not their position in the list. The first example above does not guarantee that the rule will be placed 1st in the rule list, as policy with ID 1 can be located anywhere in the list.

Working with VDOMs

By default, you are working with VDOM root, but you can specify any other VDOM with params={'vdom':'WAN'} For example, previous API call with VDOM would look like this:

fw.create (['cmdb','firewall','policy'], params={'vdom':'WAN'}, data=policy)

Known issues

  • Error checking is non-existent. For example, failed authentication would be raised as a JSON exception (as there would be nothing to decode from an API response, as there would be none)

About

Scripts to work with the Fortigate API

Resources

Readme
Activity

Stars

37 stars

Watchers

5 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages