Fortinet Fortigate

the fortinet fortigate connector allows for seamless integration with fortigate's security infrastructure, enabling automated management of security policies and network configurations fortinet fortigate is a leading provider of network security appliances that offer comprehensive cybersecurity solutions the fortinet fortigate connector for swimlane turbine enables users to automate the creation, management, and deletion of address objects and groups, as well as the establishment of ipv4 firewall policies this integration empowers security teams to efficiently enforce security policies, manage network traffic, and respond to threats with agility by leveraging the connector, users can enhance their security operations with streamlined configurations and rapid policy updates, all within the swimlane turbine platform prerequisites to effectively utilize the fortinet fortigate connector with swimlane turbine, ensure you have the following prerequisites http bearer token authentication with the following parameters url endpoint url for the fortinet fortigate api api token a valid token to authenticate requests to the fortinet fortigate api obtaining an api key step 1 determine your source address the source address is needed to ensure the api token can only be used from trusted hosts this step can be skipped if the trusted host ip address is already known on the fortigate gui, select the status dashboard and locate the administrators widget click your userid > show active administrator sessions make note of the source address for your userid as it will be needed to create the trusted host in step 3 create the rest api admin step 2 create an administrator profile on the fortigate gui, select system > admin profiles > create new populate the following fields security fabric, fortiview, user & device, firewall, log & report, network, system, security profile, vpn, wan opt & cache and wifi & switch click ok step 3 create the rest api admin on the fortigate gui, select system > administrators > create new > rest api admin populate the following fields username, administrator profile, cors and trusted hosts the trusted host must be specified to ensure that your local host can reach the fortigate for example, to restrict requests as coming from only 10 20 100 99, enter 10 20 100 99/32 the trusted host is created from the source address obtained in step 1 determine your source address click ok and an api token will be generated make note of the api token as it is only shown once and cannot be retrieved click close to complete creation of the rest api admin about filtering addresses, address groups and group members the following 3 fields are mandatory key, objects will be filtered on property with this name pattern, objects will be filtered on property with this value filter, see table below operator description == case insensitive match with pattern != does not match with pattern (case insensitive) =@ pattern found in object value (case insensitive) !@ pattern not found in object value (case insensitive) <= value must be less than or equal to pattern < value must be less than pattern >= value must be greater than or equal to pattern > value must be greater than pattern logical or separate filters using commas ',' logical and filter strings can be combined to create logical and queries by including multiple filters in the request combining and and or you can combine and and or filters together to create more complex filters capabilities the fortinet fortigate connector provides the following capabilities create address create address group create ipv4 firewall policy create policy delete address get addresses get group members update address group this connector was last tested against product version 7 configurations fortinet fortigate http bearer authentication authenticates using bearer token configuration parameters parameter description type required url a url to the target host string required token api token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional pem b64 pem certificate in base64 format string optional actions create address creates a new address object within fortinet fortigate to be used in security policies and configurations endpoint url /api/v2/cmdb/firewall/address method post input argument name type required description parameters vdom string optional specify the virtual domain(s) from which results are returned or changes are applied to if this parameter is not provided, the management vdom will be used if the admin does not have access to the vdom, a permission error will be returned parameters action string optional if supported, an action can be specified "clone" clone this specific resource when action=clone is set, the extra parameters nkey must be provided parameters nkey string optional if action=clone, use nkey to specify the id for the new resource to be created name string optional name of the resource uuid string optional unique identifier subnet string optional parameter for create address type string optional type of the resource sub type string optional type of the resource clearpass spt string optional parameter for create address macaddr array optional parameter for create address macaddr macaddr string optional parameter for create address start ip string optional parameter for create address end ip string optional parameter for create address fqdn string optional parameter for create address country string optional parameter for create address wildcard fqdn string optional parameter for create address cache ttl number optional parameter for create address wildcard string optional parameter for create address sdn string optional parameter for create address fsso group array optional parameter for create address fsso group name string optional name of the resource interface string optional parameter for create address tenant string optional parameter for create address organization string optional parameter for create address epg name string optional name of the resource input example {"parameters" {"vdom" "vdom1,vdom2","action" "clone","nkey" "testkey1"},"json body" {"name" "exampleaddress","uuid" "123e4567 e89b 12d3 a456 426655440000","subnet" "192 168 1 0/24","type" "ipmask","sub type" "sdn","clearpass spt" "healthy","macaddr" \[{"macaddr" "00 11 22 33 44 55 00 11 22 33 44 66"}],"start ip" "192 168 1 10","end ip" "192 168 1 20","fqdn" "example com","country" "us","wildcard fqdn" " example com","cache ttl" 3600,"wildcard" "192 168 2 0/255 255 255 0","sdn" "example sdn","fsso group" \[{"name" "examplefssogroup"}],"interface" "example interface","tenant" "example tenant","organization" "exampleorg/domain","epg name" "exampleepg","subnet name" "examplesubnet","sdn tag" "examplesdntag","policy group" "examplepolicygroup","obj tag" "exampleobjtag","obj type" "ip","tag detection level" "exampletagdetection","tag type" "exampletagtype","comment" "example comment","associated interface" "example associated interface","color" 15,"filter" "example filter","sdn addr type" "private","node ip only" "enable","obj id" "exampleobjid","list" \[{"ip" "192 168 1 100"}],"tagging" \[{"name" "exampletagname","category" "exampletagcategory","tags" \["tag1","tag2"]}],"allow routing" "enable","fabric object" "enable"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 may 2023 21 41 54 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","content length" "354","content type" "text/html; charset=iso 8859 1","connection" "keep alive"},"reason" "ok","json body" {}} create address group creates a new address group in fortinet fortigate to efficiently manage multiple addresses endpoint url /api/v2/cmdb/firewall/addrgrp method post input argument name type required description name string optional name of the resource type string optional type of the resource category string optional parameter for create address group uuid string optional unique identifier member array optional parameter for create address group member name string optional name of the resource comment string optional parameter for create address group exclude string optional parameter for create address group exclude member array optional parameter for create address group exclude member name string optional name of the resource color number optional parameter for create address group tagging array optional parameter for create address group tagging name string optional name of the resource tagging category string optional parameter for create address group tagging tags array optional parameter for create address group allow routing string optional parameter for create address group fabric object string optional parameter for create address group input example {"json body" {"name" "exampleaddressgroupname","type" "default","category" "default","uuid" "123e4567 e89b 12d3 a456 426655440000","member" \[{"name" "exampleaddress1"},{"name" "exampleaddress2"}],"comment" "example comment","exclude" "enable","exclude member" \[{"name" "exampleexcludeaddress1"},{"name" "exampleexcludeaddress2"}],"color" 15,"tagging" \[{"name" "exampletagname","category" "exampletagcategory","tags" \["tag1","tag2"]}],"allow routing" "enable","fabric object" "enable"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 may 2023 21 41 54 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","content length" "354","content type" "text/html; charset=iso 8859 1","connection" "keep alive"},"reason" "ok","json body" {}} create ipv4 firewall policy establishes a new ipv4 firewall policy in fortinet fortigate to manage network traffic endpoint url /api/v2/cmdb/firewall/policy method post input argument name type required description policyid number optional unique identifier status string optional status value name string optional name of the resource uuid string optional unique identifier srcintf array optional parameter for create ipv4 firewall policy srcintf name string optional name of the resource dstintf array optional parameter for create ipv4 firewall policy dstintf name string optional name of the resource action string optional parameter for create ipv4 firewall policy nat64 string optional parameter for create ipv4 firewall policy nat46 string optional parameter for create ipv4 firewall policy ztna status string optional status value ztna device ownership string optional parameter for create ipv4 firewall policy srcaddr array optional parameter for create ipv4 firewall policy srcaddr name string optional name of the resource dstaddr array optional parameter for create ipv4 firewall policy dstaddr name string optional name of the resource srcaddr6 array optional parameter for create ipv4 firewall policy srcaddr6 name string optional name of the resource dstaddr6 array optional parameter for create ipv4 firewall policy dstaddr6 name string optional name of the resource ztna ems tag array optional parameter for create ipv4 firewall policy ztna ems tag name string optional name of the resource ztna tags match logic string optional parameter for create ipv4 firewall policy ztna geo tag array optional parameter for create ipv4 firewall policy input example {"json body" {"policyid" 1,"status" "enable","name" "examplepolicyname","uuid" "123e4567 e89b 12d3 a456 426655440000","srcintf" \[{"name" "ingressinterface1"}],"dstintf" \[{"name" "egressinterface1"}],"action" "accept","nat64" "enable","nat46" "enable","ztna status" "enable","ztna device ownership" "enable","srcaddr" \[{"name" "sourceaddress1"}],"dstaddr" \[{"name" "destinationaddress1"}],"srcaddr6" \[{"name" "sourceaddressipv61"}],"dstaddr6" \[{"name" "destinationaddressipv61"}],"ztna ems tag" \[{"name" "ztnaemstag1"}],"ztna tags match logic" "or","ztna geo tag" \[{"name" "ztnageotag1"}],"internet service" "enable","internet service name" \[{"name" "internetservicename1"}],"internet service group" \[{"name" "internetservicegroupname1"}],"internet service custom" \[{"name" "custominternetservicename1"}],"network service dynamic" \[{"name" "dynamicnetworkservicename1"}],"internet service custom group" \[{"name" "custominternetservicegroupname1"}],"internet service src" "enable","internet service src name" \[{"name" "internetservicesourcename1"}],"internet service src group" \[{"name" "internetservicesourcegroupname1"}],"internet service src custom" \[{"name" "custominternetservicesourcename1"}],"network service src dynamic" \[{"name" "dynamicnetworkservicesourcename1"}],"internet service src custom group" \[{"name" "custominternetservicesourcegroupname1"}],"reputation minimum" 0,"reputation direction" "source","src vendor mac" \[{"id" 1}],"internet service6" "enable","internet service6 name" \[{"name" "ipv6internetservicename1"}],"internet service6 group" \[{"name" "ipv6internetservicegroupname1"}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 may 2023 21 41 54 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","content length" "354","content type" "text/html; charset=iso 8859 1","connection" "keep alive"},"reason" "ok","json body" {}} create policy establish a new network policy within fortinet fortigate to oversee and regulate security procedures endpoint url /api/v2/cmdb/firewall/dos policy method post input argument name type required description policyid number optional unique identifier status string optional status value name string optional name of the resource comments string optional parameter for create policy interface string optional parameter for create policy srcaddr array optional parameter for create policy srcaddr name string optional name of the resource dstaddr array optional parameter for create policy dstaddr name string optional name of the resource service array optional parameter for create policy service name string optional name of the resource anomaly array optional parameter for create policy anomaly name string optional name of the resource anomaly status string optional status value anomaly log string optional parameter for create policy anomaly action string optional parameter for create policy anomaly quarantine string optional parameter for create policy anomaly quarantine expiry string optional parameter for create policy anomaly quarantine log string optional parameter for create policy anomaly threshold number optional parameter for create policy anomaly threshold(default) number optional parameter for create policy input example {"json body" {"policyid" 9999,"status" "enable","name" "string","comments" "string","interface" "string","srcaddr" \[{"name" "string"}],"dstaddr" \[{"name" "string"}],"service" \[{"name" "string"}],"anomaly" \[{"name" "string","status" "disable","log" "enable","action" "pass","quarantine" "none","quarantine expiry" "string","quarantine log" "disable","threshold" 2147483647,"threshold(default)" 4294967295}]}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 may 2023 21 41 54 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","content length" "354","content type" "text/html; charset=iso 8859 1","connection" "keep alive"},"reason" "ok","json body" {}} delete address removes a specified address object from fortinet fortigate configurations by using the provided name endpoint url /api/v2/cmdb/firewall/address/{{name}} method delete input argument name type required description path parameters name string required parameters for the delete address action input example {"path parameters" {"name" "foo"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 08 may 2023 21 41 54 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","content length" "354","content type" "text/html; charset=iso 8859 1","connection" "keep alive"},"reason" "ok","json body" {}} get addresses fetches a list of configured addresses from fortinet fortigate to enhance security automation playbooks endpoint url /api/v2/cmdb/firewall/address/ method get input argument name type required description parameters filter string optional query string to filter the results format is example values are name==test, name!=test etc for operator values pls refer https //fndn fortinet net/index php?/fortiapi/1 fortios/94/ https //fndn fortinet net/index php?/fortiapi/1 fortios/94/ input example {"parameters" {"filter" "name==2 2 2 2"}} output parameter type description status code number http status code of the response reason string response reason phrase http method string http method to use revision string output field revision results array result of the operation results q origin key string result of the operation results name string name of the resource results uuid string unique identifier results subnet string result of the operation results type string type of the resource results start mac string result of the operation results end mac string result of the operation results start ip string result of the operation results end ip string result of the operation results fqdn string result of the operation results country string result of the operation results wildcard fqdn string result of the operation results cache ttl number result of the operation results wildcard string result of the operation results sdn string result of the operation results interface string result of the operation results tenant string result of the operation results organization string result of the operation results epg name string name of the resource results subnet name string name of the resource output example {"status code" 429,"response headers" {"date" "mon, 08 may 2023 21 41 54 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","content length" "354","content type" "text/html; charset=iso 8859 1","connection" "keep alive"},"reason" "too many requests","json body" {"http method" "get","revision" "124 0 206 9538334086041268915 1559577065","results" \[{}]}} get group members retrieve a list of members from a specified group within the fortinet fortigate system endpoint url /api/v2/cmdb/firewall/addrgrp/ method get input argument name type required description parameters filter string optional query string to filter the results format is example values are name==test, name!=test etc for operator values pls refer https //fndn fortinet net/index php?/fortiapi/1 fortios/94/ https //fndn fortinet net/index php?/fortiapi/1 fortios/94/ input example {"parameters" {"filter" "name==swimlane demo group"}} output parameter type description status code number http status code of the response reason string response reason phrase http method string http method to use revision string output field revision results array result of the operation results name string name of the resource results q origin key string result of the operation results type string type of the resource results category string result of the operation results uuid string unique identifier results member array result of the operation results member name string name of the resource results member q origin key string result of the operation results comment string result of the operation results exclude string result of the operation results exclude member array result of the operation results exclude member file name string name of the resource results exclude member file string result of the operation results color number result of the operation results tagging array result of the operation results tagging file name string name of the resource results tagging file string result of the operation results allow routing string result of the operation results fabric object string result of the operation vdom string output field vdom output example {"status code" 200,"response headers" {"date" "fri, 01 aug 2025 06 00 08 gmt","x frame options" "sameorigin","content security policy" "frame ancestors 'self'","x xss protection" "1; mode=block","access control allow credentials" "true","vary" "origin","etag" "0fa4f0e2ab56a2b4dec69ca64947634cef88a14b7a5d2a6d49b07477d4662738","content length" "630","cache control" "no cache, must revalidate","content type" "application/json","content encoding" "gzip","connection" "keep alive"},"reason" "ok","json update address group updates an existing network address group in fortinet fortigate using the specified group name endpoint url /api/v2/cmdb/firewall/addrgrp/{{name}} method put input argument name type required description path parameters name string required parameters for the update address group action parameters vdom string optional specify the virtual domain(s) from which results are returned or changes are applied to if this parameter is not provided, the management vdom will be used if the admin does not have access to the vdom, a permission error will be returned parameters action string optional if supported, an action can be specified "clone" clone this specific resource when action=clone is set, the extra parameters nkey must be provided parameters nkey string optional if action=clone, use nkey to specify the id for the new resource to be created name string optional to update the name, provide new name here type string optional type of the resource category string optional parameter for update address group uuid string optional unique identifier member array optional parameter for update address group member name string optional name of the resource comment string optional parameter for update address group exclude string optional parameter for update address group exclude member array optional parameter for update address group exclude member name string optional name of the resource color number optional parameter for update address group tagging array optional parameter for update address group tagging name string optional name of the resource tagging category string optional parameter for update address group tagging tags array optional parameter for update address group allow routing string optional parameter for update address group fabric object string optional parameter for update address group input example {"parameters" {"vdom" "vdom1,vdom2","action" "clone","nkey" "testkey1"},"json body" {"name" "addressgroupname update","type" "default","category" "default","uuid" "123e4567 e89b 12d3 a456 426655440000","member" \[{"name" "exampleaddress1"},{"name" "exampleaddress2"}],"comment" "test comment","exclude" "enable","exclude member" \[{"name" "exampleexcludeaddress1"},{"name" "exampleexcludeaddress2"}],"color" 15,"tagging" \[{"name" "exampletagname","category" "exampletagcategory","tags" \["tag1","tag2"]}],"allow routing" "enable"},"path parameters" {"name" "addressgroupname"}} output parameter type description status code number http status code of the response reason string response reason phrase output example {"status code" 200,"response headers" {"date" "mon, 16 oct 2023 17 08 40 gmt","content length" "354","content type" "text/html; charset=iso 8859 1","content type" "text/xml;charset=utf 8","transfer encoding" "chunked","connection" "keep alive","x frame options" "sameorigin","x xss protection" "1; mode=block","strict transport security" "max age=63072000; includesubdomains;"},"reason" "","json body" {}} response headers header description example access control allow credentials http response header access control allow credentials true cache control directives for caching mechanisms no cache, must revalidate connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 354 content security policy http response header content security policy frame ancestors 'self' content type the media type of the resource text/xml;charset=utf 8 date the date and time at which the message was originated mon, 08 may 2023 21 41 54 gmt etag an identifier for a specific version of a resource 0fa4f0e2ab56a2b4dec69ca64947634cef88a14b7a5d2a6d49b07477d4662738 strict transport security http response header strict transport security max age=63072000; includesubdomains; transfer encoding http response header transfer encoding chunked vary http response header vary origin x frame options http response header x frame options sameorigin x xss protection http response header x xss protection 1; mode=block