| Solution |
Creating the IPSec Template via JSON API involves the below steps:
- Create the IPSec Template.
- Create tunnel.
- Add IPSec phase1 to the tunnel.
- Add IPSec phase2 to the tunnel.
- Assign the template to a managed FortiGate.
- Create the IPSec Template.
{
"method": "set",
"params": [
{
"data": {
"name": "TEMPLATE_NAME",
"template setting": {
"stype": "_ipsec",
"widgets": [
"_ipsec"
]
},
"type": "template"
},
"url":"/pm/template/_ipsec/adom/ADOM_NAME/"
}
],
"session": "{{session}}",
"id": 1
}
Sample output:
- Create Tunnel:
{
"method": "set",
"params": [
{
"data": {
"dynamic_mapping": null,
"var-list": null,
"seq": 1,
"action": "conf-ipsec-template",
"model": "all",
"value": {
"automatic-routing": "disable",
"local-addr-type": "dynamic",
"name": "TUNNEL_NAME",
"nat": "disable",
"remote-subnet": [
"IP_ADDRESS/SUBNET MASK"
]
}
},
"url": "/pm/config/adom/ADOM_NAME/template/_ipsec/TEMPLATE_NAME/action-list/"
}
],
"session": "{{session}}",
"id": 1
}
Sample Output:
-
Add IPSec phase1 to the tunnel:
{
"method": "set",
"params": [
{
"data": {
"name": "TUNNEL_NAME",
"type": 0,
"interface": [
"<interface>"
],
"local-gw": "<LOCAL GW_IP>",
"localid": "<LOCAL_ID>",
"dpd": 3,
"nattraversal": 1,
"dhgrp": 12,
"proposal": [
"aes256-sha256"
],
"keylife": 86400,
"authmethod": 1,
"peertype": 1,
"add-gw-route": 0,
"distance": 15,
"priority": 1,
"remote-gw": "<REMOTE_GW_IP>",
"psksecret": [
"PSKSECRET"
]
},
"url": "/pm/config/adom/ADOM_NAME/template/_ipsec/TEMPLATE_NAME/vpn/ipsec/phase1-interface/"
}
],
"session": "{{session}}",
"id": 1
}
Sample Output:
- Add IPSec phase2 to the tunnel:
{
"method": "set",
"params": [
{
"data": {
"name": "TUNNEL_NAME",
"phase1name": [
"TUNNEL_NAME"
],
"proposal": [
"aes256-sha256",
"3des-md5"
],
"replay": 1,
"auto-negotiate": 1,
"src-subnet": [
"0.0.0.0",
"0.0.0.0"
],
"src-addr-type": 0,
"src-port": 0,
"dst-addr-type": 0,
"dst-port": 0,
"keylifeseconds": 43200,
"dst-subnet": [
"0.0.0.0",
"0.0.0.0"
]
},
"url": "/pm/config/adom/ADOM_NAME/template/_ipsec/TEMPLATE_NAME/vpn/ipsec/phase2-interface/"
}
],
"session": "{{session}}",
"id": 1
}
Sample Output:
- Assign the template to a managed FortiGate:
{
"method": "set",
"params": [
{
"data": {
"name": "FORTIGATE",
"vdom": "VDOM"
},
"url": "/pm/template/_ipsec/adom/ADOM_NAME/TEMPLATE_NAME/scope member"
}
],
"session": "{{session}}",
"id": 1
}
Sample Output:
- Verify the IPSec Template:
{
"method": "get",
"params": [
{
"url": "/pm/template/_ipsec/adom/ADOM_NAME"
}
],
"session": "{{session}}",
"id": 1
}
Output:
- Check on FortiManager GUI -> Device Manager -> Provisioning Templates -> IPSec Template:
- For a complete list of FortiManager API calls and details, refer to Fortinet Development Network (FNDN).
Related documents:
Technical Tip: Using FortiManager API
Fortinet Development Network (FNDN) - FortiManager
Technical Tip: Managing the JSON API call with Postman and how to delete, create and update an ADOM ...
|
