FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
vraev
Staff
Staff
Article Id 358584
Description

 

This article describes how to make an API call using the Terraform with FortiManager/FortiAnalyzer-Cloud.

 

Scope

 

FortiManager/FortiAnalyzer-Cloud.

 

Solution

 

To review the steps of creating an API user for FortiManager/FortiAnlyzer-Cloud, follow this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud.

 

The Terraform is using a file with an extension .tf.

After the file is created then use:

terraform init
terraform apply

An example file called test.tf is shown below:

terraform {

required_providers {

fortimanager = {

source = "fortinetdev/fortimanager"

version = "1.12.1"

}

}

}

# Configure the Provider for FortiManager

provider "fortimanager" {

hostname = "xxxx.fortimanager.forticloud.com"

username = "6BD4E324xxx"

password = "xxxxxx"

fmg_type = "forticloud"

insecure = "true"

scopetype = "adom"

adom = "root"

}

 

# Create a firewall vip object

resource "fortimanager_object_firewall_vip" "trname2" {

scopetype = "inherit"

adom = "root"

extintf = "any"

extip = "1.10.10.10-2.10.10.10"

mappedip = ["12.10.10.10-13.10.10.10"]

name = "viptest1"

}

 

Another option is to use variables for specific information for the provider part:

export "FORTIMANAGER_ACCESS_USERNAME"="admin"
export "FORTIMANAGER_ACCESS_PASSWORD"="admin"

 

Instead of username/password can be used the token as in this KB article: Technical Tip: Set up an API call to FortiManager or FortiAnalyzer Cloud

 

export "FORTIMANAGER_ACCESS_TOKEN"="xxxxxx"


The same in the provider section of the .tf file can be written in the following way:


fmg_cloud_token = "xxxxxx"


The object created can be reviewed From FortiManager-Cloud:

 

fmg_cloud_terraform_object_1.png

 

Troubleshooting:

In some cases, the Terraform can give an error about a locked file. It is then possible to overcome it with:

 

terraform apply -lock=false

 

To gather debug information use the following variables:

 

export TF_LOG="DEBUG"

export TF_LOG_PATH="terraform.txt"

 

For more debug information use:

 

export TF_LOG="TRACE"

Contributors