Description
This article describes how to use FortiManager REST API Calls to delete an object from Policy & objects.
Scope
FortiManager VM, FortiManager appliances.
Solution
Prerequisites:
- Make sure that the FortiManager administrator profile will have JSON Read/write access as below:
- To make the API requests from the desired tool, it is necessary to have a session ID.
A login operation is required to get this session ID.
This session ID can be used in all subsequent FortiManager JSON API requests.
In the below example, the REST API Calls will be demonstrated in Postman:
POST: https://x.x.x.x/jsonrpc x.x.x.x : FMG IP
Request:
{
"id": 1,
"method": "exec",
"params": [
{
"data": [
{
"passwd": "",
"user": "admin"
}
],
"url": "sys/login/user"
}
],
"session": null,
}
Response:
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "sys/login/user"
}
],
"session": "BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==
",
"id": 1
}
The REST API Call for the deletion:
- Now that there is the Session ID, the next step will be requesting the deletion of the object.
- In the 'URL' section inside the JSON Body, it is necessary to mention the name of the ADOM where the object exists.
i.e.: in this example, the object is located in 'root' ADOM and called 'Test_address'.
-
The below REST API will force the deletion of the object even if it is being used in a policy:
Request:
{
"method": "delete",
"params": [
{
"option": "force",
"url": "/pm/config/adom/root/obj/firewall/address",
"filter":["name","like","Test_address"],
"confirm":1
}
],
"session": "BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==",
"id": 1
}
Response:
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/adom/root/obj/firewall/address"
}
],
"id": 1
}
-
The deleted object will be replaced by 'none' as below:
Troubleshooting:
The following commands can be used on the FortiManager CLI to debug the REST API Calls:
diagnose debug service httpd 255
diagnose debug service main 255