To create a REST API Token on FortiGate, see the following documentation: Connect Fortigate Device via API Token.

Step 1: Configure Credentials for FortiGate to be used for remediation. Follow these steps:

• Go to Admin -> Setup.
• Under Credentials / Step 1: Enter Credentials and select New.
• The Access Method Definition should look like the following:

Name: <credentials_name>
Device Type: Fortinet FortiOS.
Access Protocol: HTTPS.
Note: Do not choose FORTIOS_REST_API, as it will not work with a remediation script.
Port: 443.
URI: https://<fortigate_ip>/api/v2/authentication.
User Name: <choose an admin name>.
Password: <REST API User access token>.
Note: The REST API User access token is not related to the 'User Name' field.

access method definition

Step 2: Create credential associations.
Still under the Admin/Setup window:

• Under Credentials / Step 2: Enter the IP Range to Credential Associations and select New.
• Enter the IP/Hostname of the FortiGate.
• For Credentials, select the credential created in Step 1.

Test the credentials:

Testing:

• Go to Incidents and choose an Incident to remediate.
• Select Actions -> Remediate Incident.
• Select the remediation script: 'Fortinet FortiOS - Block Source IP FortiOS 7.x via FortiOS API'.
• The protocol to be used is HTTPS and cannot be changed
• Select Run On: Super/Collector.

remediation

Select Run and check if the remediation has been applied.