Description | This article describes step-by-step instructions on how to use the SMC API to monitor Virtual IP (VIP) usage. |
Scope | FortiGate SMC API. |
Solution |
This article covers the use of the SMC API to monitor the usage and impact of a Virtual IP (VIP). This article does not delve into the configuration details for setting up a virtual IP on a FortiGate; for that information, refer to Technical Tip: Using Virtual IPs to configure port forwarding. In order to know how many time a VIP has been hit, two sequential steps are required. First, extract the UUID of the specific VIP of interest. This information will be used to retrieve relevant data. The following command demonstrates this process:
curl -sk -X GET https://<the_ip>/api/v2/cmdb/firewall/vip/?access_token=<token>&vdom==<the_vdom>
The system response will contain extensive data. For the purposes of this article, it is advised to use the `jq` command to filter the output, resulting in a more concise format:
curl -sk -X GET https://<the_ip>/api/v2/cmdb/firewall/vip/?access_token=<token>&vdom==<the_vdom> | jq -r '{"vips":[.results[] | {name, uuid, extip}]}'
The output will resemble the following:
{
Upon obtaining the UUID of interest, the next step involves making another API call using it, as illustrated below:
curl -sk -X GET 'https://<your_ip>/api/v2/monitor/firewall/dnat?access_token=<token>&vdom==<your_vdom>&uuid==<uuid_of_interest>'
Similar to the previous call, this will yield a detailed response, but the key piece of information for the purposes of this article is the `hit_count`. To filter out unnecessary details, use `jq` as shown below:
curl -sk -X GET 'https://<your_ip>/api/v2/monitor/firewall/dnat?access_token=<token>&vdom==<your_vdom>&uuid==<uuid_of_interest>' | jq -r '.results[] | .hit_count'
This will provide the specific hit count relevant to any unique VIP monitoring needs. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.