FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
ycho
Staff
Staff
Article Id 286384
Description

This article describes how to resolve an invalid protocol number when retrieving a Service Object from FortiGate registered with FortiManager using JSON API.

Scope FortiManager.
Solution

FortiManager responds to an invalid protocol number when retrieving service objects using JSON API as below:

 

[Request]
{
  "method": "get",
  "params": [
    {
      "option": "{option}",
      "url": "/pm/config/adom/root/obj/firewall/service/custom/ALL_TCP"
    }
  ],
  "session": "MU887MBN7utmvDu31Fc8kK/RQ5J900Gn0kh5NwDc5mSFgIWheLtG67HaMEB8BH3IIUIPzOepWd2gYDeuZjfshZod6po6jUyx",
  "id": 1
}
[Response]
{
    "id": 1,
    "result": [
        {
            "data": {
                "app-category": [],
                "app-service-type": 0,
                "application": [],
                "category": [
                    "General"
                ],
                "check-reset-range": 3,
                "color": 0,
                "comment": null,
                "fabric-object": 0,
                "fqdn": null,
                "global-object": 0,
                "helper": 1,
                "iprange": "0.0.0.0",
                "name": "ALL_TCP",
                "obj seq": 2,
                "oid": 3194,
                "protocol": 5,
                "proxy": 0,
                "sctp-portrange": [],
                "session-ttl": "0",
                "tcp-halfclose-timer": 0,
                "tcp-halfopen-timer": 0,
                "tcp-portrange": [
                    "1-65535"
                ],
                "tcp-timewait-timer": 0,
                "udp-idle-timer": 0,
                "udp-portrange": [],
                "visibility": 1
            },
            "status": {
                "code": 0,
                "message": "OK"
            },
            "url": "/pm/config/adom/root/obj/firewall/service/custom/ALL_TCP"
        }

+ ALL_UDP
………..
                "name": "ALL_UDP",
                "obj seq": 3,
                "oid": 3195,
                "protocol": 5,
………..

+ ALL_ICMP6
………..
                "name": "ALL_ICMP6",
                "obj seq": 5,
                "oid": 3197,
                "protocol": 6,
………..

 

The Protocol numbers for each service are as follows: 

  • ALL_TCP: 6
  • ALL_UDP: 17
  • ALL_ICMP6: 58
  • ALL_ICMP: 1

 

However, the reason why the protocol number included in the code returned by FortiManager is different is that this value is not a protocol number in FortiManabger, but an internal mapping of option enum to an integer.

 

FortiManager has the internal mapping of an option enum to an integer:

 

ICMP: 1
IP: 2
TCP/UDP/SCTP : 5
ICMP6: 6
HTTP: 7
FTP: 8
CONNECT: 9
SOCKS: 10
ALL: 11
SOCKS-TCP : 12
SOCKS-UDP : 13

 

Related articles: