Hi there,
i want to reboot my FortiGate 60E via the REST-API. Im using this endpoint:
doing this Request(obviously already authenticated):
curl -k -i -H "Accept: application/json" -X POST "https://ip:port/api/v2/monitor/system/os/reboot" --cookie cookie.txt
But I receive a Forbidden:
{
"http_method":"POST",
"status":"error",
"http_status":403,
"vdom":"root",
"path":"system",
"name":"os",
"action":"reboot",
"serial":"serial",
"version":"v6.0.5",
"build":268
}
How do I reboot the FortiGate via REST API?
PS: Im trying this with a user who has RW permission on all Categorys
Thank you!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Btw just tested and it works for me using the CSRFTOKEN also ;)
supports-MacBook-Pro:Downloads ken$ cat fgtcookies # Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk. #HttpOnly_192.168.1.99 FALSE / TRUE 0 APSCOOKIE_79100365 "Era%3D0%26Payload%3DBqjjbe7htCOsFsYzarB2IEMxijyyM0neq8nLlRqdPhTTvad7eL0LZpsb161uxmQC%0AsYzlEA9fitnCbWPkYrtdAXttq3v+u7JbmALCfl5T+ALAE1e1dgquZbFA7iWbn%2FRX%0AjMI7Pvc0zLzCbKRaSWynEw4C2gQXazjG9tdCsTkjydzANRRwh6uulPiNj%2F83T8bg%0Al3DihIFtCw8WjHnA%2F+xK2Q%3D%3D%0A%26AuthHash%3DCA4eiUKEM0zcXjGIij0hoUdQwG4A%0A"192.168.1.99 FALSE / TRUE 0 ccsrftoken_79100365 "FB4B8AD9C51C5E5CBEBECD63EE2457A9"192.168.1.99 FALSE / TRUE 0 ccsrftoken "FB4B8AD9C51C5E5CBEBECD63EE2457A9" supports-MacBook-Pro:Downloads ken$ curl -X POST -s -b fgtcookies -k -H "Content-Type: application/json" -H "X-CSRFTOKEN: FB4B8AD9C51C5E5CBEBECD63EE2457A9" https://192.168.1.99/api/..onitor/system/os/rebootsupports-MacBook-Pro:Downloads ken$ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8): 56 data bytesRequest timeout for icmp_seq 0Request timeout for icmp_seq 1Request timeout for icmp_seq 2 I use my admin account so that profile show be able to reboot the appliance. Cookies were grabbed on the logincheck by using this approach http://socpuppet.blogspot.com/2018/07/howto-use-fortios-api-to-add-delete.html YMMV but I didn't have any issues once I had the right URI in either case e.g /api/v2/monitor/system/os/reboot vrs /api/v2/monitor/system/dashboard/reboot I still think your profile is not correct for sysgrp and the action:reboot, just my hunch and this might lead into the 4xx status codes that are coming back. Ken Felix
PCNSE
NSE
StrongSwan
Btw just tested and it works for me using the CSRFTOKEN also ;)
supports-MacBook-Pro:Downloads ken$ cat fgtcookies # Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk. #HttpOnly_192.168.1.99 FALSE / TRUE 0 APSCOOKIE_79100365 "Era%3D0%26Payload%3DBqjjbe7htCOsFsYzarB2IEMxijyyM0neq8nLlRqdPhTTvad7eL0LZpsb161uxmQC%0AsYzlEA9fitnCbWPkYrtdAXttq3v+u7JbmALCfl5T+ALAE1e1dgquZbFA7iWbn%2FRX%0AjMI7Pvc0zLzCbKRaSWynEw4C2gQXazjG9tdCsTkjydzANRRwh6uulPiNj%2F83T8bg%0Al3DihIFtCw8WjHnA%2F+xK2Q%3D%3D%0A%26AuthHash%3DCA4eiUKEM0zcXjGIij0hoUdQwG4A%0A"192.168.1.99 FALSE / TRUE 0 ccsrftoken_79100365 "FB4B8AD9C51C5E5CBEBECD63EE2457A9"192.168.1.99 FALSE / TRUE 0 ccsrftoken "FB4B8AD9C51C5E5CBEBECD63EE2457A9" supports-MacBook-Pro:Downloads ken$ curl -X POST -s -b fgtcookies -k -H "Content-Type: application/json" -H "X-CSRFTOKEN: FB4B8AD9C51C5E5CBEBECD63EE2457A9" https://192.168.1.99/api/..onitor/system/os/rebootsupports-MacBook-Pro:Downloads ken$ ping 8.8.8.8PING 8.8.8.8 (8.8.8.8): 56 data bytesRequest timeout for icmp_seq 0Request timeout for icmp_seq 1Request timeout for icmp_seq 2 I use my admin account so that profile show be able to reboot the appliance. Cookies were grabbed on the logincheck by using this approach http://socpuppet.blogspot.com/2018/07/howto-use-fortios-api-to-add-delete.html YMMV but I didn't have any issues once I had the right URI in either case e.g /api/v2/monitor/system/os/reboot vrs /api/v2/monitor/system/dashboard/reboot I still think your profile is not correct for sysgrp and the action:reboot, just my hunch and this might lead into the 4xx status codes that are coming back. Ken Felix
PCNSE
NSE
StrongSwan
How do I lookup the httpsd log you just mentioned, is there a CLI command? ( I have not a lot of experience with these Fortinet, Im just a software-dev :-/)?
diag debug enable
diag debug application httpsd -1
But you should earlier logs so I guess you figured that part out? I would just open 2 ssh sessions and do the debugging in the 2nd session but you're on the right track.
Do you have a 2nd unit that you can test on ?
Ken Felix
PCNSE
NSE
StrongSwan
Every other API call that I've found was not working for me.
So I just did the reboot through the Webclient and inspected the network traffic, since the Webclient obviously also uses the REST API.
There I found the endpoint I just posted. This is the same endpoint the Webclient calls on a reboot.
If I generate a new API_USER or a new Token doesnt make any difference. How do I lookup the httpsd log you just mentioned, is there a CLI command? ( I have not a lot of experience with these Fortinet, Im just a software-dev :-/)?
Ok, its working now! I rebooted the device and everything is working just fine now, dont know what happened. Thank you!
PS: Not whole trueth! Also got a typo for the Header ....
Good, I was going to point out that one of a dev-ops developer was doing something where his script overwrote the token and the token was bad or invalid. I believe that will give you a 401 also iirc, so I was going to suggest that you validate that this is not what is happening.
The API_USER is much user-friendly than the CSFRTOKEN imho.
I would also suggest if you're developing towards the API, to use something like PostMAN. I do like 99% of my API diag, debug or research with it, and it very helpful if you want to save and share your collections. ,
https://www.getpostman.com I begin to tell you how many cases I worked where API credentials were hosed up, expired, wrong,etc........ Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.