How to Execute FortiGate REST API Requests

Cisco Training Courses

Insoft has been serving IT community with official Cisco training offering since 2010. Find all the relevant information on Cisco training on this page.

View More

Cisco Certifications

Experience a blended learning approach that combines the best of instructor-led training and self-paced e-learning to help you prepare for your certification exam.

View More

Cisco Training Catalogue

Explore a wide variety of the Cisco courses, across different countries as well as online courses.

Browse Catalogue

Cisco Learning Credits

Cisco Learning Credits (CLCs) are prepaid training vouchers redeemed directly with Cisco that make planning for your success easier when purchasing Cisco products and services.

Have CLCs and want to redeem them?

Cisco Continuing Education

The Cisco Continuing Education Program offers all active certification holders flexible options to recertify by completing a variety of eligible training items.

View More

Cisco Digital Learning

Certified employees are VALUED assets. Explore Cisco official Digital Learning Library to educate yourself through recorded sessions.

Browse CDLL Catalogue

Cisco Business Enablement

The Cisco Business Enablement Partner Program focuses on sharpening the business skills of Cisco Channel Partners and customers.

View More

Fortinet Technical Certifications

The Fortinet Network Security Expert (NSE) program is an eight-level training and certification program to teach engineers of their network security for Fortinet FW skills and experience.

View More

Fortinet Technical Courses

Insoft is recognised as Fortinet Authorized Training Center in selected locations across EMEA.

View More

Fortinet Training Catalogue

Explore the full Fortinet training catalogue. The program includes a wide range of self-paced and instructor-led courses.

Browse Catalogue

Official ATC Status

Check our ATC Status across selected countries in Europe.

View More

Fortinet Services Packages

Insoft Services has developed a specific solution to streamline and simplify the process of installing or migrating to Fortinet Products.

Browse Packages

Prepforce Bootcamp

The only comprehensive source available today to prepare for Fortinet NSE 8 certification globally.

View More

Microsoft Training

Insoft Services provides Microsoft training in EMEAR. We offer Microsoft technical training and certification courses that are led by world-class instructors.

View More

Technical Training

The evolution of Extreme Networks Technical Training provides a comprehensive progressive pathway from Associate to Professional accreditation.

View More

Technical Certification

We provide comprehensive curriculum of technical competency skills on the certification accomplishment.

View More

Courses Catalogue

Find all the Extreme Networks online and instructor led class room based calendar here.

View More

ATP Accreditation

As an authorised training partner (ATP), Insoft Services ensures that you receive the highest standards of education available.

View More

Consulting package

We provide innovative and advanced support for designing, implementing and optimising IT solutions. Our client-base includes some of the largest Telcos globally.

Solutions and services

Globally recognised team of certified experts helps you make a smoother transition with our pre-defined consultancy, installation and migration packages for a wide range of Fortinet products.

About Us

Our training portfolio includes a wide range of IT training from IP providers, including Cisco, Extreme Networks, Fortinet, Microsoft, to name a few, in EMEA.

View More
  • +44 20 7131 0263
  • How to Execute FortiGate REST API Requests?

    7th April, 2022

    In this article, we’re going to test out our first firewall address REST API requests. First, log into the FortiGate GUI under Policy & Objects > Addresses. Here you will see all your firewall addresses.

     

     

    NOTE: Access token is the API key associated with the REST API admin.”firewall/address” maps to “config firewall address” in the CLI.

    The exercises below must be performed in a private browsing window.

    To ensure maximum security, only HTTPS access is allowed.

    Get started with your FortiGate training: Become a certified Fortinet NSE 4 Professional

    Return all firewall addresses:

    Step 1: To return all firewall addresses, open a private browser window, Open a new incognito window to retrieve the same object list by sending requests.

    Step 2: Into the URL field type in the protocol, IP address of your FortiGate; including the port number ending with the firewall address question mark (?).

    Step 3: To make the request valid, you have to include the previously generated API token. The URL should take the format like the one below:

    https:///api/v2/cmdb/firewall/address/?access_token=

    Step 4: Replace the placeholders with values for your FortiGate:

    • < YOUR-FORTGATE-ADDRESS > is the IP address or hostname of your FortiGate as well as the HTTPS port number.
    • < YOUR-API-TOKEN > is the token you generated in Generate an API token.

    Hit Enter to send the request. The complete entry list will be displayed as a result in your browser window. If you want a filtered response, type in the filtering parameter after the API key starting with an ‘n’ symbol. Your browser will display results that start out similar to the following:

    {
    "http_method": "GET",
    "revision": "51.0.135.9536802507053456306.1586267865",
    "results": [
    {
    "q_origin_key": "FABRIC_DEVICE",
    "name": "FABRIC_DEVICE",
    "uuid": "0dbba182-679d-51e9-e734-450162bcc3cc",
    "subnet": "0.0.0.0 0.0.0.0",
    "type": "ipmask",
    "start-mac": "00:00:00:00:00:00",
    "end-mac": "00:00:00:00:00:00",
    "start-ip": "0.0.0.0",
    "end-ip": "0.0.0.0",
    "fqdn": "",
    "country": "",
    "wildcard-fqdn": "",
    "cache-ttl": 0,
    "wildcard": "0.0.0.0 0.0.0.0",
    "sdn": "",
    "interface": "",
    "tenant": "",
    "organization": "",
    "epg-name": "",
    "subnet-name": "",
    "sdn-tag": "",
    "policy-group": "",
    "comment": "IPv4 addresses of Fabric Devices.",
    "visibility": "enable",
    "associated-interface": "",
    "color": 0,
    "filter": "",
    "sdn-addr-type": "private",
    "obj-id": "",
    "list": [],
    "tagging": [],
    "allow-routing": "disable"
    },

    You can compare these results with what you see in the FortiGate GUI under Policy & Objects => Address.

    Return only the name and comment for all firewall address

    To return only the name and comment for all firewall addresses, update the URL to add the “format” parameter; &format=name|comment (returns only entries with ‘name’ and ‘comment’, now the response is reduced to entries with name and comment.

     

    Compare the results with the listings of your FortiGate to see a complete match.

    https://< YOUR-FORTGATE-ADDRESS >/api/v2/cmdb/firewall/address/?access_token=< YOUR-API-TOKEN >&format=name|comment

    Your browser will display results that start out similar to the following:

    {

    "http_method": "GET",
    "revision": "51.0.135.9536802507053456306.1586267865",
    "results": [
    {
    "q_origin_key": "FABRIC_DEVICE",
    "name": "FABRIC_DEVICE",
    "comment": "IPv4 addresses of Fabric Devices."
    },
    {
    "q_origin_key": "FIREWALL_AUTH_PORTAL_ADDRESS",
    "name": "FIREWALL_AUTH_PORTAL_ADDRESS",
    "comment": ""
    },
    {
    "q_origin_key": "LOCAL_SUBNET",
    "name": "LOCAL_SUBNET",
    "comment": ""
    },

    ],

    Return only those entries with “SSLVPN_TUNNEL_ADDR1” in the name

    To return only the name and comment for firewall addresses that include “SSLVPN_TUNNEL_ADDR1” in the name, you’ll need the “format” parameter as well as the “filter” parameter in the URL. Confirm the results by hitting Enter. Your response will only have entries with sales in it.

    https://< YOUR-FORTGATE-ADDRESS >/api/v2/cmdb/firewall/address/?access_token=< YOUR-API-TOKEN >&format=name|comment&filter=name=@SSLVPN_TUNNEL_ADDR1

    Your browser will display results similar to the following:

    {
    "http_method": "GET",
    "revision": "51.0.135.9536802507053456306.1586267865",
    "results": [
    {
    "q_origin_key": "SSLVPN_TUNNEL_ADDR1",
    "name": "SSLVPN_TUNNEL_ADDR1",
    "uuid": "7bc707ce-7916-51e7-8d08-5a142c3eef19",
    "subnet": "10.212.134.200 10.212.134.210",
    "type": "iprange",
    "start-mac": "00:00:00:00:00:00",
    "end-mac": "00:00:00:00:00:00",
    "start-ip": "10.212.134.200",
    "end-ip": "10.212.134.210",
    "fqdn": "",
    "country": "",
    "wildcard-fqdn": "",
    "cache-ttl": 0,
    "wildcard": "10.212.134.200 10.212.134.210",
    "sdn": "",
    "interface": "",
    "tenant": "",
    "organization": "",
    "epg-name": "",
    "subnet-name": "",
    "sdn-tag": "",
    "policy-group": "",
    "comment": "",
    "visibility": "enable",
    "associated-interface": "ssl.root",
    "color": 0,
    "filter": "",
    "sdn-addr-type": "private",
    "obj-id": "",
    "list": [],
    "tagging": [],
    "allow-routing": "disable"
    }
    ],

     

    More Blogs for you:

     

    Relevant Exams: NSE 4