Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
segla_samaty
New Contributor

Fitering table based on mutiple params FMG 6.4.8

Hello,

I'm trying to collect (through the json-rpc api) the firewall service objects that match 

 

 

 

 

["tcp-portrange", "==", ["443", "80"]] 

 

 

 

 

and 

 

 

 

 

["udp-portrange", "==",["53"]]

 

 

 

 

.

 How can I use the "&&" operator to combine those two filtering conditions.
 
The doc isn't so clear to me.
 
I tried many things including this

 

 

 

{
        "method": "get",
        "params": [
                   {
                         "filter": [
                              ["tcp-portrange", "==",["443", "80"]],
                              "&&",
                              ["udp-portrange", "==",["53"]]
                          ],
                          "url": "/pm/config/adom/ADOM-DC-FR-1/obj/firewall/service/custom"
                   }
           ],
          "session": "{{session}}",
          "id": "1"
}​

 

 

 

still having code -11
 
@oholecek_FTNT Need your help
1 Solution
oholecek_FTNT

Hello Segla,

 

First thing to say (putting aside the UDP filter for now) is that if you want to list services that have TCP port either 443 or 80, you cannot use the filter you have, but you need to either use two separate filters which are by default joined with logical OR:

 

"filter": [
  [ "tcp-portrange", "==", "80"],
  [ "tcp-portrange", "==", "443"]
]

 

 

Or single filter with "in" operator (notice that ports are NOT in nested array in this case):
"filter": [
  [ "tcp-portrange", "in", "80", "443" ]
]

 

Note: This might not work as you expect for services that use real range, like SNMP service with range "161-162", because it is a text and must be compared as it.

 

I have added some examples to our Postman collection request List firewall services with OR filter.

 

 

 

Now, for the AND logic. Using "&&" is really the correct way. See our Postman collection request List firewall services with AND filter.

 

From your description it is not clear what you want to achieve. You write that you want to list services that have TCP port range (443 or 80) and UDP port range 53 at the same time (this is what "&&" operator means), but with standard configuration you would get nothing because there is no such service predefined. There is a possibility that you defined some weird service like that manually, so you can use the request from example above if that is the case.

 

However, don't you rather want to list all services that have TCP port 80 or 443 or UDP port 53? In standard configuration, that would return 3 services: HTTP, HTTPS and DNS. The filter would look like this:

 

"filter": [
  [ "tcp-portrange", "in", "80", "443" ],
  [ "udp-portrange", "==", "53" ]
]

 

This is exactly what List firewall services with OR filter example does.

 

I hope this helps.

Ondrej

View solution in original post

5 REPLIES 5
asrour
Staff
Staff

what is the ADOM name?

 "url": "/pm/config/adom/{{adom}}/obj/firewall/service/custom"
A Srour
segla_samaty

Hi @asrour 

 

I'm using Postman, {{adom}} is a variable holding the actual ADOM name. I didn't think my ADOM name could be an issue but, "ADOM-DC-FR-1" is  the name.

 

url be like 

 

"url": "/pm/config/adom/ADOM-DC-FR-1/obj/firewall/service/custom"

 

 

segla_samaty

Help pls, I'm stuck! 

 

What a really want is to get all services with "tcp-portrange" == ["443", "80"] and
"udp-portrange" == ["53"] at the same time.

segla_samaty
New Contributor

Help pls, I'm stuck! 

What a really want is to get all services with "tcp-portrange" == ["443", "80"] and
"udp-portrange" == ["53"] at the same time.

oholecek_FTNT

Hello Segla,

 

First thing to say (putting aside the UDP filter for now) is that if you want to list services that have TCP port either 443 or 80, you cannot use the filter you have, but you need to either use two separate filters which are by default joined with logical OR:

 

"filter": [
  [ "tcp-portrange", "==", "80"],
  [ "tcp-portrange", "==", "443"]
]

 

 

Or single filter with "in" operator (notice that ports are NOT in nested array in this case):
"filter": [
  [ "tcp-portrange", "in", "80", "443" ]
]

 

Note: This might not work as you expect for services that use real range, like SNMP service with range "161-162", because it is a text and must be compared as it.

 

I have added some examples to our Postman collection request List firewall services with OR filter.

 

 

 

Now, for the AND logic. Using "&&" is really the correct way. See our Postman collection request List firewall services with AND filter.

 

From your description it is not clear what you want to achieve. You write that you want to list services that have TCP port range (443 or 80) and UDP port range 53 at the same time (this is what "&&" operator means), but with standard configuration you would get nothing because there is no such service predefined. There is a possibility that you defined some weird service like that manually, so you can use the request from example above if that is the case.

 

However, don't you rather want to list all services that have TCP port 80 or 443 or UDP port 53? In standard configuration, that would return 3 services: HTTP, HTTPS and DNS. The filter would look like this:

 

"filter": [
  [ "tcp-portrange", "in", "80", "443" ],
  [ "udp-portrange", "==", "53" ]
]

 

This is exactly what List firewall services with OR filter example does.

 

I hope this helps.

Ondrej

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors