Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gbagitafr
New Contributor

REST API unable to create interface

I want to create a vlan interface by the REST API on a FortiGate. Here is a JSON code:

{
"name": "vl405",
"vdom": "prod",
"mode": "static",
"dhcp-relay-interface-select-method": "auto",
"dhcp-relay-interface": "",
"dhcp-relay-service": "enable",
"dhcp-relay-ip": "\"x.x.x.x\" \"y.y.y.y\" ",
"dhcp-relay-type": "regular",
"dhcp-relay-agent-option": "enable",
"ip": "z.z.z.z 255.255.254.0",
"allowaccess": "ping",
"speed": "auto",
"status": "down",
"type": "vlan",
"interface": "ag_inside",
"vlan-protocol": "8021q",
"vlanid": 405,
"alias": "VDI",
}

When I POST it, I get this result:

{
"http_method": "POST",
"revision": ".....",
"revision_changed": true,
"old_revision": ".....",
"cli_error": "current vf=root:0\nentry not found in datasource\n\nvalue parse error before 'prod'\nCommand fail. Return code -3\nCommand fail. Return code 1\n",
"error": -3,
"status": "error",
"http_status": 500,
"vdom": "root",
"path": "system",
"name": "interface",
"serial": "FGT3KDT.....",
"version": "v6.4.6",
"build": 1879
}

I created the interface manually, get its configuration by the GET method, deleted it from the obtained JSON deleted some keys (fortilink, ipv6, snmp, q_origin_key, switch-controller, etc. ) and when I tried to POST it back I got the same result.

The vlan interface had to be created in a prod vdom on a ag_inside aggregated interface, which belongs to the root vdom. The admin profile for the REST API administrator allows full control of the device. I tried to post the JSON with a specified vdom in the URL, but it didn't help.

I tried to create the interface on an other FortiGate (500E) device, and the code works there. The only difference is, the aggregated link on which I create the vlan interface belongs to the same vdom in where I create the vlan. Could this cause the problem? If not, what is the reason?

1 Solution
pminarik
Staff
Staff

Hi gbagitafr,

I vaguely remember seeing an issue like this, but I can't find what the solution was exactly. First thing that comes to mind - can you try with the REST API admin's profile set to global scope?

show full sys accprofile <name-of-profile> | grep scope
[ test signature, please ignore ]

View solution in original post

2 REPLIES 2
pminarik
Staff
Staff

Hi gbagitafr,

I vaguely remember seeing an issue like this, but I can't find what the solution was exactly. First thing that comes to mind - can you try with the REST API admin's profile set to global scope?

show full sys accprofile <name-of-profile> | grep scope
[ test signature, please ignore ]
gbagitafr

It helped. Thanks ;)