Fortinet FortiManager

the fortinet fortimanager connector enables streamlined management and automation of security policies and objects within the fortimanager platform fortinet fortimanager is a centralized security management platform that simplifies the orchestration of security policies across your network infrastructure this connector enables swimlane turbine users to automate the management of firewall configurations, domain filters, and security policies directly within the swimlane platform by integrating with fortimanager, security teams can enhance their response capabilities, enforce consistent security postures, and reduce manual configuration errors limitations fortimanager allows to install pending network and system settings changes only! it means that no pending security settings changes (like new/edited objects or policies) will be pushed down to managed devices during the install device settings operation supported version fortimanager is installing both pending device settings and pending security settings configuration prerequisites before you can use the fortinet fortimanager connector for turbine, ensure you have the following api key authentication with the following parameters url the endpoint url for the fortimanager api api key token a valid api key token to authenticate requests to fortimanager authentication methods api key authentication setup instructions the api key (or token) is obtained by defining an api user in fortimanager gui or cli an api user is a normal fortimanager user with the user type attribute set to api generating the api key using the fortimanager gui or cli use the following fortimanager cli command execute api user generate key api 001 it will return the api key new api key 33fzwixxxxxxxxxxxmg1to9p8wbi the generated api key is permanent (i e , never expires) however, you can renew it whenever you want using the fortimanager gui you can now interact with the fortimanager json rpc api without issuing an explicit login (or logout) operation document reference https //how to fortimanager api readthedocs io/en/latest/001 fmg json api introduction html#token based authentication https //how to fortimanager api readthedocs io/en/latest/001 fmg json api introduction html#token based authentication troubleshoot tips you can renew api key whenever you want using the fortimanager gui capabilities add domain filter block file hash create firewall address group create firewall address and block ip create firewall ipv6 address create firewall ipv6 address group create firewall wildcard fqdn delete firewall address delete firewall address group delete firewall ipv6 address delete firewall ipv6 address group delete firewall wildcard fqdn get domain filter get firewall address get firewall address group and so on add domain filter use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4143/5/pm/config/dnsfilter/ and choose the api /pm/config/adom/{adom}/obj/dnsfilter/domain filter (add) to find the parameters details url format /pm/config/adom/{adom}/obj/dnsfilter/domain filter block file hash use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4143/5/pm/config/ips/ and choose the api /pm/config/adom/{adom}/obj/ips/custom (add) to find the parameters details url format /pm/config/adom/{adom}/obj/ips/custom create firewall address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp (add) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp create firewall address and block ip use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address (add) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address create firewall ipv6 address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address6 (add) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address6 create firewall ipv6 address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp6 (add) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp6 create firewall wildcard fqdn use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom (add) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom delete firewall address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address/{address} (delete) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address/{address} delete firewall address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} (delete) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} delete firewall ipv6 address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address6/{address6} (delete) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address6/{address6} delete firewall ipv6 address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} (delete) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} delete firewall wildcard fqdn use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom (delete) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom/{custom} get domain filter use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4143/5/pm/config/dnsfilter/ and choose the api /pm/config/adom/{adom}/obj/dnsfilter/domain filter (get) to find the parameters details url format /pm/config/adom/{adom}/obj/dnsfilter/domain filter get firewall address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address/{address} (get) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address/{address} get firewall address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} (get) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} get firewall entries use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4143/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address/{address} (get) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address/{address} get firewall ipv6 address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address6/{address6} (get) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address/{address} get firewall ipv6 address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} (get) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} get firewall wildcard fqdn use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom (get) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom/{custom} update firewall address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address/{address} (update) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address/{address} update firewall address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} (update) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} update firewall ipv6 address use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/address6/{address6} (update) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/address6/{address6} update firewall ipv6 address group use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} (update) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} update firewall wildcard fqdn use this api document https //fndn fortinet net/index php?/fortiapi/5 fortimanager/4554/5/pm/config/firewall/ and choose the api /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom (update) to find the parameters details url format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom/{custom} configurations fortinet fortimanager api key authentication authenticates using an api key configuration parameters parameter description type required url a url to the target host string required apikey api key token string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions add domain filter creates a new domain filter in fortinet fortimanager using the provided administrative domain (adom) parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method to be used params array optional list of parameter objects data array optional list of domain filter data comment string optional optional comments entries array optional domain filter entries action string optional action for domain filter matches domain string optional domain entries to be filtered id number optional identifier for the entry status string optional enable or disable domain filter type string optional dns domain filter type id number optional identifier for the data object name string optional name of the domain filter table url string optional url for the domain filter url format should be /pm/config/adom/{adom}/obj/dnsfilter/domain filter replace {adom} with the administrative domain name session string optional session identifier id number optional identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data id number unique identifier status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] block file hash blocks a specified file hash across the network utilizing fortinet fortimanager an 'adom' path parameter is required endpoint url /jsonrpc method post input argument name type required description method string optional http method to use params array optional parameter for block file hash data array optional response data action string optional default action (pass or block) for this signature application array optional applications to be protected blank for all applications comment string optional comment location array optional protect client or server traffic log string optional enable/disable logging log packet string optional enable/disable packet logging os array optional operating system(s) that the signature protects blank for all operating systems protocol string optional protocol(s) that the signature scans blank for all protocols rule id number optional unique identifier severity string optional relative severity of the signature, from info to critical log messages generated by the signature include the severity sig name string optional signature name signature string optional custom signature enclosed in single quotes status string optional enable/disable this signature tag string optional signature tag url string optional url for the domain filter url format should be /pm/config/adom/{adom}/obj/ips/custom replace {adom} with the adom name session string optional session id id number optional id output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data tag string output field tag status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] create firewall address and block ip adds a new firewall address object and blocks an ip within a specified adom in fortinet fortimanager, using provided json body data endpoint url /jsonrpc method post input argument name type required description method string optional method to perform session string optional session id id string optional id of the address params array optional list of parameter objects url string optional url of the api endpoint the url should be in the format /pm/config/adom/{adom}/obj/firewall/address replace {adom} with the adom name data array optional list of address objects image base64 string optional base64 encoded image allow routing string optional enable or disable routing associated interface array optional network interface associated with address cache ttl number optional defines the minimal ttl of individual ip addresses in fqdn cache measured in seconds clearpass spt string optional spt (system posture token) value color number optional color of icon on gui comment string optional comment country array optional ip addresses associated to a country dirty string optional to be deleted address dynamic mapping array optional list of dynamic mappings image base64 string optional base64 encoded image scope array optional scope of the mapping allow routing string optional enable/disable use of this address in routing configurations associated interface string optional network interface associated with address cache ttl number optional defines the minimal ttl of individual ip addresses in fqdn cache measured in seconds clearpass spt string optional spt (system posture token) value color number optional color of icon on gui comment string optional comment country array optional ip addresses associated to a country output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] create firewall address group adds a new address group to the firewall configuration in fortinet fortimanager, requiring a 'json body' with details endpoint url /jsonrpc method post input argument name type required description method string optional method to perform session string optional session id id string optional id of the address group params array optional list of parameter objects data array optional list of address group objects image base64 string optional base64 encoded image allow routing string optional enable or disable routing category string optional address group category color number optional color of icon on gui $unsigned int32 to be used comment string optional comment for the address group dynamic mapping array optional list of dynamic mapping objects image base64 string optional base64 encoded image scope array optional list of scope objects allow routing string optional enable or disable routing category string optional address group category color number optional color of icon on gui comment string optional comment for the address group exclude string optional enable or disable exclusion exclude member array optional list of exclusion members fabric object string optional security fabric global object global object number optional global object setting member array optional support meta variable address objects contained within the group tags array optional list of tags type string optional address group type uuid string optional universally unique identifier (uuid; automatically assigned but can be manuallyreset) output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] create firewall ipv6 address adds a new ipv6 address object to the fortinet fortimanager firewall requires 'adom' as a path parameter and details in the json body endpoint url /jsonrpc method post input argument name type required description method string optional method to perform action params array optional list of parameter objects data array optional list of data objects image base64 string optional parameter for create firewall ipv6 address cache ttl number optional minimal ttl of individual ipv6 addresses in fqdn cache color number optional integer value to determine the color of the icon in the gui (range 1 to 32, default = 0, which sets the value to 1) comment string optional comment for the address country array optional ipv6 addresses for specific country dynamic mapping array optional dynamic mapping details image base64 string optional parameter for create firewall ipv6 address scope array optional scope details cache ttl number optional minimal ttl of individual ipv6 addresses in fqdn cache color number optional integer value to determine the color of the icon in the gui (range 1 to 32, default = 0, which sets the value to 1) comment string optional comment for the address country array optional ipv6 addresses for specific country end ip string optional final ip address (inclusive) in the range for the address (format xxxx\ xxxx\ xxxx\ xxxx\ xxxx\ xxxx\ xxxx \ xxxx ) end mac string optional final mac address in range epg name string optional endpoint group name fabric object string optional security fabric global object setting fqdn string optional fully qualified domain name global object number optional global object setting host string optional host ipv6 address host type string optional host type ip6 string optional ipv6 address prefix (format xxxx\ xxxx\ xxxx\ xxxx\ xxxx\ xxxx\ xxxx \ xxxx /xxx) macaddr array optional multiple mac address ranges output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] create firewall ipv6 address group create a new ipv6 address group in a specified adom on fortinet fortimanager with mandatory url and method fields endpoint url /jsonrpc method post input argument name type required description method string optional method to perform action params array optional list of parameter objects data array optional list of data objects image base64 string optional parameter for create firewall ipv6 address group color number optional integer value to determine the color of the icon in the gui (1 32, default = 0, which sets the value to 1) comment string optional comment for the address group dynamic mapping array optional list of dynamic mapping objects image base64 string optional parameter for create firewall ipv6 address group scope array optional list of scope objects color number optional integer value to determine the color of the icon in the gui (1 32, default = 0, which sets the value to 1) comment string optional comment for dynamic mapping exclude string optional enable or disable exclusion exclude member array optional list of exclusion members fabric object string optional security fabric global object setting global object number optional global object identifier member array optional list of address objects tags array optional list of tags uuid string optional universally unique identifier visibility string optional visibility setting exclude string optional enable or disable exclusion exclude member array optional list of exclusion members fabric object string optional security fabric global object setting member array optional list of address objects name string optional ipv6 address group name tagging array optional list of tagging entries output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] create firewall wildcard fqdn adds a new wildcard fqdn to the specified adom in the fortinet fortimanager firewall configuration, requiring a json body input endpoint url /jsonrpc method post input argument name type required description method string optional http method to be used params array optional list of parameter objects data array optional list of data objects color number optional gui icon color identifier comment string optional comment for the entry name string optional address name for the entry uuid string optional universally unique identifier (uuid; automatically assigned but can be manually reset) wildcard fqdn string optional wildcard fqdn for the entry url string optional url for the request url should be in the format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom replace {adom} with the adom name session string optional session identifier for the request id number optional identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "add", "result" \[], "id" 1 } } ] delete firewall address removes a specified firewall address from fortinet fortimanager using the 'adom' and 'address' identifiers provided in the json body endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects url string optional url for the delete request url format should be /pm/config/adom/{adom}/obj/firewall/address/{address} replace {adom} and {address} with actual values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "delete", "result" \[], "id" 1 } } ] delete firewall address group removes a specified address group from the firewall configuration in fortinet fortimanager using 'adom' and 'addrgrp' as path parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of url parameters url string optional url path parameter url format should be like /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} replace {adom} and {addrgrp} with actual values session string optional session identifier string id number optional unique request identifier output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "delete", "result" \[], "id" 1 } } ] delete firewall ipv6 address removes a specified ipv6 address object from a fortimanager adom, requiring 'adom' and 'address6' path parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method to be used params array optional list of url parameters url string optional url path parameter url should be in the format /pm/config/adom/{adom}/obj/firewall/address6/{address6} replace the {adom} and {address6} with the actual values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "delete", "result" \[], "id" 1 } } ] delete firewall ipv6 address group removes a specified ipv6 address group from the fortinet fortimanager firewall configuration endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects url string optional url path for the request this url path should be in the format /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} replace {adom} and {addrgrp6} with actual values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "delete", "result" \[], "id" 1 } } ] delete firewall wildcard fqdn removes a specified custom wildcard fqdn from the firewall configuration in fortinet fortimanager, requiring 'adom' and 'custom' path parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of url parameters url string optional url path for the request the url should be in the format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom/{custom} replace the {adom} and {custom} with the actual values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "delete", "result" \[], "id" 1 } } ] get domain filter retrieve domain filter settings from fortinet fortimanager for a specified administrative domain endpoint url /jsonrpc method post input argument name type required description method string optional http method to perform params array optional list of parameter objects attr string optional the name of the attribute to retrieve its datasource only used with datasrc option fields array optional limit the output by returning only the attributes specified in the string array if none specified, all attributes will be returned filter array optional filter the result according to a set of criteria get used number optional return used objects flag loadsub number optional enable or disable the return of any sub objects if not specified, the default is to return all sub objects option string optional set fetch option for the request if no option is specified, by default the attributes of the objects will be returned range array optional limit the number of output for a range of \[a, n], the output will contain n elements, starting from the a matching result sortings array optional specify the sorting of the returned result url string optional url to perform the action the url should be in the format /pm/config/adom/{adom}/obj/dnsfilter/domain filter replace {adom} with the administrative domain name session string optional session identifier id number optional request identifier output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data array response data comment string output field comment entries array output field entries action string output field action domain string output field domain id number unique identifier status string status value type string type of the resource id number unique identifier name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] get firewall address retrieve details of a specific firewall address in fortinet fortimanager using the administrative domain (adom) and address name endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects option string optional set fetch option for the request if no option is specified, by default the attributes of the object will be returned url string optional url of the request the url should be in the format of /pm/config/adom/{adom}/obj/firewall/address/{address} replace {adom} and {address} with the actual administrative domain and address name session string optional session identifier string id number optional identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data image base64 string output field image base64 allow routing string output field allow routing associated interface array output field associated interface cache ttl number output field cache ttl clearpass spt string output field clearpass spt color number output field color comment string output field comment country array output field country dirty string output field dirty dynamic mapping array output field dynamic mapping image base64 string output field image base64 scope array output field scope name string name of the resource vdom string output field vdom allow routing string output field allow routing associated interface string output field associated interface cache ttl number output field cache ttl clearpass spt string output field clearpass spt color number output field color comment string output field comment example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] get firewall address group retrieve details of a specific firewall address group in fortinet fortimanager using required 'adom' and 'addrgrp' parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects option string optional set fetch option for the request if no option is specified, by default the attributes of the object will be returned url string optional url of the object to be fetched the url should be in the format /pm/config/adom/{adom}/obj/firewall/addrgrp/{addrgrp} replace {adom} and {addrgrp} with the appropriate values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data image base64 string output field image base64 allow routing string output field allow routing category string output field category color number output field color comment string output field comment dynamic mapping array output field dynamic mapping image base64 string output field image base64 scope array output field scope name string name of the resource vdom string output field vdom allow routing string output field allow routing category string output field category color number output field color comment string output field comment exclude string output field exclude exclude member array output field exclude member fabric object string output field fabric object global object number output field global object member array output field member tags array output field tags example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] get firewall entries retrieve firewall address entries from fortimanager using specified administrative domain and parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects option string optional fetch option for the request url string optional url for the request the url should be in the format of /pm/config/adom/{adom}/obj/firewall/address/{address} replace {adom} and {address} with the actual values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data image base64 string output field image base64 allow routing string output field allow routing associated interface array output field associated interface cache ttl number output field cache ttl clearpass spt string output field clearpass spt color number output field color comment string output field comment country array output field country dirty string output field dirty dynamic mapping array output field dynamic mapping image base64 string output field image base64 scope array output field scope name string name of the resource vdom string output field vdom allow routing string output field allow routing associated interface string output field associated interface cache ttl number output field cache ttl clearpass spt string output field clearpass spt color number output field color comment string output field comment example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] get firewall ipv6 address retrieve details of a specific ipv6 address within the firewall configuration on fortinet fortimanager, requiring 'adom' and 'address6' path parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects option string optional fetch option for the request set fetch option for the request if no option is specified, by default the attributes of the object will be returned the possible values are scope member, chksum, datasrc scope member return a list of scope members along with other attributes chksum return the check sum value instead of attributes datasrc return all objects that can be referenced by an attribute require attr parameter url string optional url for the request the url should be in the format /pm/config/adom/{adom}/obj/firewall/address/{address} replace {adom} and {address} with the actual values session string optional session identifier id number optional identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data image base64 string output field image base64 allow routing string output field allow routing associated interface array output field associated interface cache ttl number output field cache ttl clearpass spt string output field clearpass spt color number output field color comment string output field comment country array output field country dirty string output field dirty dynamic mapping array output field dynamic mapping image base64 string output field image base64 scope array output field scope name string name of the resource vdom string output field vdom allow routing string output field allow routing associated interface string output field associated interface cache ttl number output field cache ttl clearpass spt string output field clearpass spt color number output field color comment string output field comment example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] get firewall ipv6 address group retrieve details of a specific ipv6 address group in fortinet fortimanager using 'adom' and 'addrgrp6' identifiers endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects option string optional fetch option for the request set fetch option for the request if no option is specified, by default the attributes of the object will be returned the possible values are scope member, chksum, datasrc scope member return a list of scope members along with other attributes chksum return the check sum value instead of attributes datasrc return all objects that can be referenced by an attribute require attr parameter url string optional url for the request the url should be in the format /pm/config/adom/{adom}/obj/firewall/addrgrp6/{addrgrp6} replace {adom} and {addrgrp6} with the actual values session string optional session identifier string id number optional unique identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data image base64 string output field image base64 color number output field color comment string output field comment dynamic mapping array output field dynamic mapping image base64 string output field image base64 scope array output field scope name string name of the resource vdom string output field vdom color number output field color comment string output field comment exclude string output field exclude exclude member array output field exclude member fabric object string output field fabric object global object number output field global object member array output field member tags array output field tags uuid string unique identifier visibility string output field visibility exclude string output field exclude exclude member array output field exclude member example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] get firewall wildcard fqdn retrieve details of a specific wildcard fqdn in the fortinet fortimanager firewall, requiring 'adom' and 'custom' path parameters endpoint url /jsonrpc method post input argument name type required description method string optional http method for the request params array optional list of parameter objects option string optional set fetch option for the request if no option is specified, by default the attributes of the object will be returned url string optional url of the object to be fetched the url should be in the format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom/{custom} replace {adom} and {custom} with the actual values session string optional session identifier id number optional identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data color number output field color comment string output field comment name string name of the resource uuid string unique identifier wildcard fqdn string output field wildcard fqdn status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "get", "result" \[], "id" 1 } } ] update firewall address updates an existing firewall address object within a specified adom on fortinet fortimanager using provided json body data endpoint url /jsonrpc method post input argument name type required description method string optional method to perform params array optional list of parameter objects data object optional data object for address image base64 string optional base64 encoded image allow routing string optional enable or disable routing associated interface array optional network interface associated cache ttl number optional minimal ttl in seconds clearpass spt string optional system posture token value color number optional color of icon on gui comment string optional comment country array optional ip addresses for specific country dirty string optional address deletion status dynamic mapping array optional dynamic mapping details scope array optional scope details allow routing string optional enable or disable routing associated interface string optional network interface associated cache ttl number optional minimal ttl in seconds clearpass spt string optional system posture token value color number optional color of icon on gui comment string optional comment country array optional ip addresses for specific country dirty string optional address deletion status end ip string optional final ip address in range end mac string optional final mac address in range epg name string optional endpoint group name output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "update", "result" \[], "id" 1 } } ] update firewall address group updates an existing firewall address group in fortinet fortimanager using a specified adom and identifier endpoint url /jsonrpc method post input argument name type required description method string optional method to perform on the endpoint session string optional session identifier id number optional identifier for the request params array optional list of parameter objects data object optional data object containing address group details image base64 string optional parameter for update firewall address group allow routing string optional enable or disable routing use category string optional address group category color number optional color of icon on the gui comment string optional comment for the address group dynamic mapping array optional list of dynamic mapping objects image base64 string optional parameter for update firewall address group scope array optional scope of the dynamic mapping allow routing string optional enable or disable routing use category string optional address group category color number optional color of icon on the gui comment string optional comment for the dynamic mapping exclude string optional enable or disable address exclusion exclude member array optional address exclusion members fabric object string optional security fabric global object setting global object number optional global object setting member array optional address objects in the group tags array optional tags for the dynamic mapping type string optional address group type uuid string optional universally unique identifier output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "update", "result" \[], "id" 1 } } ] update firewall ipv6 address updates an existing ipv6 address object within a specified adom and address6 in the fortinet fortimanager firewall, with required json body endpoint url /jsonrpc method post input argument name type required description method string optional method to perform params array optional parameter for update firewall ipv6 address data object optional response data image base64 string optional parameter for update firewall ipv6 address cache ttl number optional minimal ttl of individual ipv6 addresses in fqdn cache color number optional integer value to determine the color of the icon in the gui (range 1 to 32, default = 0, which sets the value to 1) comment string optional comment for the address country array optional ipv6 addresses for specific country dynamic mapping array optional parameter for update firewall ipv6 address image base64 string optional parameter for update firewall ipv6 address scope array optional parameter for update firewall ipv6 address cache ttl number optional minimal ttl for ipv6 addresses color number optional integer value to determine the color of the icon in the gui (range 1 to 32, default = 0, which sets the value to 1) comment string optional comment for the address country array optional ipv6 addresses for specific country end ip string optional final ip address in range end mac string optional final mac address in range epg name string optional endpoint group name fabric object string optional security fabric global object setting fqdn string optional fully qualified domain name global object number optional global object setting host string optional host ipv6 address host type string optional host type ip6 string optional ipv6 address prefix macaddr array optional multiple mac address ranges output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "update", "result" \[], "id" 1 } } ] update firewall ipv6 address group updates an existing ipv6 address group in fortinet fortimanager using specified 'adom' and 'addrgrp6' endpoint url /jsonrpc method post input argument name type required description method string optional method to perform update params array optional parameters for the update method data object optional data for the address group image base64 string optional parameter for update firewall ipv6 address group color number optional integer value to determine the color of the icon in the gui (1 32, default = 0, which sets the value to 1) comment string optional comment for the address group dynamic mapping array optional dynamic mapping configurations image base64 string optional parameter for update firewall ipv6 address group scope array optional scope of the dynamic mapping color number optional integer value to determine the color of the icon in the gui (1 32, default = 0, which sets the value to 1) comment string optional comment for the mapping exclude string optional enable or disable exclusion exclude member array optional members to exclude fabric object string optional security fabric global object global object number optional global object setting member array optional address objects in group tags array optional tags for the group uuid string optional universally unique identifier visibility string optional visibility setting exclude string optional enable or disable exclusion exclude member array optional members to exclude fabric object string optional security fabric global object member array optional address objects in group name string optional ipv6 address group name tagging array optional tagging entries output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "content length" "140", "content type" "application/json", "date" "thu, 2 may 2024 20 37 23 gmt" }, "reason" "ok", "json body" { "method" "update", "result" \[], "id" 1 } } ] update firewall wildcard fqdn updates a custom wildcard fqdn in fortinet fortimanager, requiring an administrative domain and custom parameters endpoint url /jsonrpc method post input argument name type required description method string optional method to perform update params array optional list of parameter objects data object optional data object containing update details color number optional gui icon color identifier comment string optional comment for the address name string optional name of the address uuid string optional universally unique identifier (uuid; automatically assigned but can be manually reset) wildcard fqdn string optional wildcard fully qualified domain name url string optional url for the request url should be in the format /pm/config/adom/{adom}/obj/firewall/wildcard fqdn/custom/{custom} replace {adom} and {custom} with the appropriate values session string optional session identifier id number optional identifier for the request output parameter type description status code number http status code of the response reason string response reason phrase method string http method to use result array result of the operation data object response data name string name of the resource status object status value code number output field code message string response message url string url endpoint for the request id number unique identifier example \[ { "status code" 200, "response headers" { "connection" "keep alive", "content length" 65, "content type" "text/html; charset=iso 8859 1 ", "date" "thu,07 nov 2024 08 04 44 gmt", "keep alive" "timeout=5,max=100", "permissions policy" "geolocation=(self),microphone=()", "referrer policy" "no referrer when downgrade", "server" "apache/2 4 41 (ubuntu)", "strict transport security" "max age=31536000; includesubdomains; preload", "x content type options" "nosniff", "x frame options" "sameorigin" }, "reason" "ok", "json body" { "method" "update", "result" \[], "id" 1 } } ] response headers header description example connection http response header connection keep alive content length the length of the response body in bytes 140 content type the media type of the resource application/json date the date and time at which the message was originated thu,07 nov 2024 08 04 44 gmt keep alive http response header keep alive timeout=5,max=100 permissions policy http response header permissions policy geolocation=(self),microphone=() referrer policy http response header referrer policy no referrer when downgrade server information about the software used by the origin server apache/2 4 41 (ubuntu) strict transport security http response header strict transport security max age=31536000; includesubdomains; preload x content type options http response header x content type options nosniff x frame options http response header x frame options sameorigin