FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
akaratas
Staff
Staff
Article Id 351367
Description

 

This article describes how the FortiGate Policy Package can be synchronized with FortiManager using API queries in three steps.

 

Scope

 

FortiManager, FortiManager Cloud.

 

Solution

 

Note: Policy Block and Global Policy cannot be imported using the steps below. Also, VPN Manager configuration cannot be synchronized using this method.

 

This process requires three steps.

 

  1. Perform the dynamic interface mapping.

 

The API Request is the following:

 

{

  "id": ANY-NUMBER,

  "method": "exec",

  "params": [

      {

          "data": {

              "adom": "ADOM-NAME",

              "dst_name": "PACKAGE-NAME",

              "if_all_policy": "enable",

              "import_action": "policy_search",

              "name": "DEVICE-NAME",

              "vdom": "root",

              "if_all_objs": "none",

              "add_mappings": "enable"

          },

          "url": "/securityconsole/import/dev/objs"

      }

  ],

  "session": "SESSION-ID"

}

 

  1. Perform dynamic object mappings.

     

    The API Request is the following:

    {

      "id": 16,

      "method": "exec",

      "params": [

          {

              "data": {

                  "adom": "ADOM-NAME",

                  "dst_name": "PACKAGE-NAME",

                  "if_all_policy": "enable",

                  "import_action": "obj_search",

                  "name": "DEVICE-NAME",

                  "vdom": "root",

                  "if_all_objs": "none",

                  "add_mappings": "enable"

              },

              "url": "/securityconsole/import/dev/objs"

          }

      ],

      "session": "SESSION-ID"

    }

     

  2. Importing policies and dependent dynamic interfaces and objects.

     

     

The API Request is the following:

  {

    "id": ANY-NUMBER,

    "method": "exec",

    "params": [

        {

            "data": {

                "adom": "ADOM-NAME",

                "dst_name": "PACKAGE-NAME",

                "if_all_policy": "enable",

                "import_action": "do",

                "name": "DEVICE-NAME",

                "vdom": "root",

                "if_all_objs": "filter"

            },

            "url": "/securityconsole/import/dev/objs"

        }

    ],

    "session": "SESSION-ID"

}

 

Troubleshooting:

The below commands can be used on FortiManager CLI to debug the API Calls:

 

diagnose debug service httpd 255

diagnose debug service main 255

 

Related article:

Technical Tip: Managing the JSON API call with Postman and how to delete, create and update an ADOM ...