| Solution |
In order to fetch data from the FortiGate API, it is first necessary required to set up an API user. This API user will then provide the API key, which is needed for the queries to work. For the steps on how to do this and retrieve the API key, see Technical Tip: How to create a REST API Admin user and assign it to an admin profile.
The session count on FortiGate can be retrieved using the following methods:
- To retrieve from a specific VDOM:
Syntax:
https://<FGT IP:PORT>/api/v2/cmdb/system/vdom-property/<VDOM name>?access_token=<API access key>
Example request URL:
curl -vk https://10.191.37.34:443/api/v2/cmdb/system/vdom-property/test-vdom?access_token=qstc9wgjNr78gwq63fkjp4rbNpw342
Output:
{
"http_method": "GET",
"size": 2,
"limit_reached": false,
"matched_count": 1,
"next_idx": 1,
"revision": "a2386756c423cadf647362c62009cc00",
"results": [
{
"name": "test-vdom",
"q_origin_key": "test-vdom",
"description": "property limits for vdom test-vdom",
"snmp-index": 2,
"session": "10000 10000", <----- Session limit enforced on test-vdom.
"ipsec-phase1": "0 0",
"ipsec-phase2": "0 0",
"ipsec-phase1-interface": "0 0",
"ipsec-phase2-interface": "0 0",
"dialup-tunnel": "0 0",
"firewall-policy": "0 0",
"firewall-address": "0 0",
"firewall-addrgrp": "0 0",
"custom-service": "0 0",
"service-group": "0 0",
"onetime-schedule": "0 0",
"recurring-schedule": "0 0",
"user": "0 0",
"user-group": "0 0",
"sslvpn": "0 0",
"proxy": "0 0",
"log-disk-quota": "0 0"
}
- To retrieve the session limit from all the VDOMs:
Syntax:
https://<FGT IP:PORT>/api/v2/cmdb/system/vdom-property?access_token=<API access key>
Example request URL:
curl -vk https://10.47.32.188:443/api/v2/cmdb/system/vdom-property?access_token=qstc9wgjNr78gwq63fkjp4rbNpw34...
Output:
{
"http_method": "GET",
"size": 2,
"limit_reached": false,
"matched_count": 2,
"next_idx": 1,
"revision": "a2386756c423cadf647362c62009cc00",
"results": [
{
"name": "root",
"q_origin_key": "root",
"description": "property limits for vdom root",
"snmp-index": 1,
"session": "15000 15000",
"ipsec-phase1": "0 0",
"ipsec-phase2": "0 0",
"ipsec-phase1-interface": "0 0",
"ipsec-phase2-interface": "0 0",
"dialup-tunnel": "0 0",
"firewall-policy": "0 0",
"firewall-address": "0 0",
"firewall-addrgrp": "0 0",
"custom-service": "0 0",
"service-group": "0 0",
"onetime-schedule": "0 0",
"recurring-schedule": "0 0",
"user": "0 0",
"user-group": "0 0",
"sslvpn": "0 0",
"proxy": "0 0",
"log-disk-quota": "0 0"
},
{
"name": "test-vdom",
"q_origin_key": "test-vdom",
"description": "property limits for vdom test-vdom",
"snmp-index": 2,
"session": "10000 10000",
"ipsec-phase1": "0 0",
"ipsec-phase2": "0 0",
"ipsec-phase1-interface": "0 0",
"ipsec-phase2-interface": "0 0",
"dialup-tunnel": "0 0",
"firewall-policy": "0 0",
"firewall-address": "0 0",
"firewall-addrgrp": "0 0",
"custom-service": "0 0",
"service-group": "0 0",
"onetime-schedule": "0 0",
"recurring-schedule": "0 0",
"user": "0 0",
"user-group": "0 0",
"sslvpn": "0 0",
"proxy": "0 0",
"log-disk-quota": "0 0"
}
],
The output will display the configured session limit for the specified VDOM in the format session: max_value, guaranteed_value. In this example, the output shows that the configured session limit for VDOM 'root' is 15000 15000, whereasfor 'test-vdom', it is 10000 10000
- To retrieve the overall session limit value (global scope):
Syntax:
https://<FGT IP:PORT>/api/v2/monitor/system/global-resources?access_token=<<API access key>
Example request URL:
curl -vk https://10.47.32.188:443/api/v2/monitor/system/global-resources?access_token=qstc9wgjNr78gwq63fkjp4r...
Output:
{
"http_method": "GET",
"results": {
"session": {
"id": 0,
"custom_max": 0,
"min_custom_value": 25000,
"max_custom_value": 0,
"global_max": 0,
"current_usage": 18,
"usage_percent": 0
},
The above output displays total session limit enforced across the VDOMs.
"max_custom_value":0 denotes the max session count value based on platform limit.
Additional note:
|
