Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
mrafat
Staff
Staff

Created on ‎12-20-2023 02:52 AM Edited on ‎03-20-2024 12:10 PM By Moderator

Article Id 290036

Technical Tip: Deleting of an object using FortiManager API calls

Description

 

This article describes how to use FortiManager REST API Calls to delete an object from Policy & objects.

 

Scope

 

FortiManager VM, FortiManager appliances.

 

Solution

 

Prerequisites:

  • Make sure that the FortiManager administrator profile will have JSON Read/write access as below:

 

Read_Write Profile.png

 

  • To make the API requests from the desired tool, it is necessary to have a session ID.

A login operation is required to get this session ID.

This session ID can be used in all subsequent FortiManager JSON API requests.

 

In the below example, the REST API Calls will be demonstrated in Postman:

 

POST: https://x.x.x.x/jsonrpc     x.x.x.x : FMG IP

 

Request:

 

{

  "id": 1,

  "method": "exec",

  "params": [

    {

      "data": [

        {

          "passwd": "",

          "user": "admin"

        }

      ],

      "url": "sys/login/user"

    }

  ],

  "session": null,

}

 

Response:

 

{

    "result": [

        {

            "status": {

                "code": 0,

                "message": "OK"

            },

            "url": "sys/login/user"

        }

    ],

    "session": "BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==

",

    "id": 1

}

 

The REST API Call for the deletion:

  1. Now that there is the Session ID, the next step will be requesting the deletion of the object.
  2. In the 'URL' section inside the JSON Body, it is necessary to mention the name of the ADOM where the object exists.

i.e.: in this example, the object is located in 'root' ADOM and called 'Test_address'.

 

  1. The below REST API will force the deletion of the object even if it is being used in a policy:

     

    used address.png

    The policy.png

     

 Request:

 

{

"method": "delete",

"params": [

{

"option": "force",

"url": "/pm/config/adom/root/obj/firewall/address",

"filter":["name","like","Test_address"],

"confirm":1

}

],

"session": "BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==",

"id": 1

}


Response:

 

    {

    "result": [

        {

            "status": {

                "code": 0,

                "message": "OK"

            },

            "url": "/pm/config/adom/root/obj/firewall/address"

        }

    ],

    "id": 1

}

 

 

  1. The deleted object will be replaced by 'none' as below:

    after deletion.png

     

Troubleshooting:

 

The following commands can be used on the FortiManager CLI to debug the REST API Calls:


diagnose debug service httpd 255

diagnose debug service main 255

607
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.