Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ydong01
Staff
Staff

Created on ‎10-08-2024 09:54 PM Edited on ‎09-11-2025 02:08 AM By Community Manager

Article Id 347729

Technical Tip: How to query firewall user use include_wad parameter in API after v7.0.6 and v7.2.1

Description

This article provides an option for listing or not listing a WAD user when querying a firewall user via API.
Scope FortiGate.
Solution

After v7.0.6 and v7.2.1, a new parameter (include_wad) was introduced to query firewall users. The default setting is include_wad=true.

 

Example:

From CLI: There are 3 FSSO users and 1 WAD user.

 

diagnose firewall auth list

10.56.1.78, ADMINISTRATOR
type: fsso, id: 0, duration: 3757, idled: 3757
server: ADServer
packets: in 0 out 0, bytes: in 0 out 0
group_id: 33554456 33554484 33554460 33554459 33554457 33554454 33554483 33554445
group_name: CN=DOMAIN USERS,CN=USERS,DC=LAB,DC=ORG CN=ADMINISTRATORS,CN=BUILTIN,DC=LAB,DC=ORG CN=SCHEMA ADMINS,CN=USERS,DC=LAB,DC=ORG CN=ENTERPRISE ADMINS,CN=USERS,DC=LAB,DC=ORG CN=DOMAIN ADMINS,CN=USERS,DC=LAB,DC=ORG CN=GROUP POLICY CREATOR OWNERS,CN=USERS,DC=LAB,DC=ORG CN=USERS,CN=BUILTIN,DC=LAB,DC=ORG CN=DENIED RODC PASSWORD REPLICATION GROUP,CN=USERS,DC=LAB,DC=ORG

10.171.2.197, IT1
type: fsso, id: 0, duration: 11049, idled: 11049
server: ADServer
packets: in 0 out 0, bytes: in 0 out 0
user_id: 16777221
group_id: 33554456 33554435 33554483
group_name: CN=DOMAIN USERS,CN=USERS,DC=LAB,DC=ORG CN=IT,CN=USERS,DC=LAB,DC=ORG CN=USERS,CN=BUILTIN,DC=LAB,DC=ORG

10.173.1.26, proxy
type: fw, id: 0, duration: 875, idled: 875
expire: 4525, allow-idle: 5400
packets: in 0 out 0, bytes: in 0 out 0
group_id: 2 16777218
group_name: LocalGRP grp_16777218

10.173.1.78, ADMINISTRATOR
type: fsso, id: 0, duration: 3757, idled: 3757
server: ADServer
packets: in 0 out 0, bytes: in 0 out 0
group_id: 33554456 33554484 33554460 33554459 33554457 33554454 33554483 33554445
group_name: CN=DOMAIN USERS,CN=USERS,DC=LAB,DC=ORG CN=ADMINISTRATORS,CN=BUILTIN,DC=LAB,DC=ORG CN=SCHEMA ADMINS,CN=USERS,DC=LAB,DC=ORG CN=ENTERPRISE ADMINS,CN=USERS,DC=LAB,DC=ORG CN=DOMAIN ADMINS,CN=USERS,DC=LAB,DC=ORG CN=GROUP POLICY CREATOR OWNERS,CN=USERS,DC=LAB,DC=ORG CN=USERS,CN=BUILTIN,DC=LAB,DC=ORG CN=DENIED RODC PASSWORD REPLICATION GROUP,CN=USERS,DC=LAB,DC=ORG

----- 4 listed, 0 filtered ------

 

From the diagnose wad user list, there is 1 wad user:

 

diagnose wad user list

ID: 2, VDOM: root, IPv4: 10.173.1.26
user name : proxy
worker : 0
duration : 872
auth_type : IP
auth_method : Basic
pol_id : 1
g_id : 2
user_based : 0
expire : 4528
LAN:
bytes_in=171 bytes_out=398
WAN:
bytes_in=454 bytes_out=98

 

From API: With include_wad=true:

 

https://<Fortigate IP>/api/v2/monitor/user/firewall?include_wad=true&include_fsso=false&access_token=<API Token>

 

include_wad_true.PNG

 

From API: With include_wad=false:

 

https://<Fortigate IP>/api/v2/monitor/user/firewall?include_wad=false&include_fsso=false&access_token=<API Token>

 

include_wad_false.PNG

 

For more details, join FNDN.

 

Labels:
296
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.