Technical Tip: How to Synchronize FortiGate Policy Package with FortiManager using API queries
Description
This article describes how the FortiGate Policy Package can be synchronized with FortiManager using API queries in three steps.
Scope
FortiManager, FortiManager Cloud.
Solution
Note: Policy Block and Global Policy cannot be imported using the steps below. Also, VPN Manager configuration cannot be synchronized using this method.
This process requires three steps.
- Perform the dynamic interface mapping.
The API Request is the following:
{
"id": ANY-NUMBER,
"method": "exec",
"params": [
{
"data": {
"adom": "ADOM-NAME",
"dst_name": "PACKAGE-NAME",
"if_all_policy": "enable",
"import_action": "policy_search",
"name": "DEVICE-NAME",
"vdom": "root",
"if_all_objs": "none",
"add_mappings": "enable"
},
"url": "/securityconsole/import/dev/objs"
}
],
"session": "SESSION-ID"
}
-
Perform dynamic object mappings.
The API Request is the following:
{
"id": 16,
"method": "exec",
"params": [
{
"data": {
"adom": "ADOM-NAME",
"dst_name": "PACKAGE-NAME",
"if_all_policy": "enable",
"import_action": "obj_search",
"name": "DEVICE-NAME",
"vdom": "root",
"if_all_objs": "none",
"add_mappings": "enable"
},
"url": "/securityconsole/import/dev/objs"
}
],
"session": "SESSION-ID"
}
-
Importing policies and dependent dynamic interfaces and objects.
The API Request is the following:
{
"id": ANY-NUMBER,
"method": "exec",
"params": [
{
"data": {
"adom": "ADOM-NAME",
"dst_name": "PACKAGE-NAME",
"if_all_policy": "enable",
"import_action": "do",
"name": "DEVICE-NAME",
"vdom": "root",
"if_all_objs": "filter"
},
"url": "/securityconsole/import/dev/objs"
}
],
"session": "SESSION-ID"
}
Troubleshooting:
The below commands can be used on FortiManager CLI to debug the API Calls:
diagnose debug service httpd 255
diagnose debug service main 255
Related article: