This article describes how the FortiGate Policy Package can be synchronized with FortiManager using API queries in three steps.
FortiManager, FortiManager Cloud.
Note: Policy Block and Global Policy cannot be imported using the steps below. Also, VPN Manager configuration cannot be synchronized using this method.
This process requires three steps.
The API Request is the following:
{
"id": ANY-NUMBER,
"method": "exec",
"params": [
{
"data": {
"adom": "ADOM-NAME",
"dst_name": "PACKAGE-NAME",
"if_all_policy": "enable",
"import_action": "policy_search",
"name": "DEVICE-NAME",
"vdom": "root",
"if_all_objs": "none",
"add_mappings": "enable"
},
"url": "/securityconsole/import/dev/objs"
}
],
"session": "SESSION-ID"
}
Perform dynamic object mappings.
The API Request is the following:
{
"id": 16,
"method": "exec",
"params": [
{
"data": {
"adom": "ADOM-NAME",
"dst_name": "PACKAGE-NAME",
"if_all_policy": "enable",
"import_action": "obj_search",
"name": "DEVICE-NAME",
"vdom": "root",
"if_all_objs": "none",
"add_mappings": "enable"
},
"url": "/securityconsole/import/dev/objs"
}
],
"session": "SESSION-ID"
}
Importing policies and dependent dynamic interfaces and objects.
The API Request is the following:
{
"id": ANY-NUMBER,
"method": "exec",
"params": [
{
"data": {
"adom": "ADOM-NAME",
"dst_name": "PACKAGE-NAME",
"if_all_policy": "enable",
"import_action": "do",
"name": "DEVICE-NAME",
"vdom": "root",
"if_all_objs": "filter"
},
"url": "/securityconsole/import/dev/objs"
}
],
"session": "SESSION-ID"
}
Troubleshooting:
The below commands can be used on FortiManager CLI to debug the API Calls:
diagnose debug service httpd 255
diagnose debug service main 255
Related article:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.