| Description |
This article describes the failure of administrator to obtain information on FortiGate via REST-API using Python/CURL when post-login-banner is enabled. |
| Scope | FortiGate, REST-API. |
| Solution |
1) FortiGate is configured with a pre-login-banner and post-login-banner:
An administrator account with super_admin_readonly is configured to obtain information about FortiGate via CURL/Python command:
2) To login to Fortigate via CURL, the following can be used:
3) It will be possible to see the response of the login as successful:
4) However, error 401 Unauthorized would appear if there is an attempt to obtain information on the FortiGate. An attempt to retrieve FortiGate system information with the following command will be executed:
5) The admin session is recorded in FortiGate, however, there will be no log indicating that the user logged in:
6) When logging into the web GUI via HTTPS, it would be possible to log in without issue:
7) The root cause is that the authentication with CURL is not complete when post-login-banner is enabled in the global setting.
9) As a solution, it will be necessary to disable post-login-banner from global setting:
10) Once the above has been disabled, it would be possible to retrieve information on the FortiGate via CURL GET option:
11) In the system event log, the login event will be observed accordingly:
Note: This is expected behavior as the administrator login would only be considered complete after acknowledging the post-login-banner if the respective is being configured. |
