FortiOS API POST new Policy

AskingForHelp · ‎12-19-2023

Hello Community,

Ive attempted to POST a new policy to a FortiWiFi 80F appliance. I am getting a 400 response due to bad syntax. I can do a GET to this same URL and it works without issue. What could be my issue?

POST

https://{{IP}}/api/v2/cmdb/firewall/policy/?access_token=7dpdqjH3bHjqfghw0Gkx9Ngxht8b8p

BODY

{
    "name": "TEST5",
    "srcintf": [
      {
        "name": "lan"
      }
    ],
    "dstintf": [
      {
        "name": "lan"
      }
    ],
    "action": "accept",
    "srcaddr": [
      {
        "name": "all"
      }
    ],
    "dstaddr": [
      {
        "name": "all"
      }
    ],
    "schedule": {
      "q_origin_key": "always"
    },
    "service": [
      {
        "name": "FTP"
      }
    ],
    "nat": "enable"
  }
}

AskingForHelp · ‎12-21-2023

Thank you both for your input!

Yes that closing bracket got me. Also I was able to get the command to run in cURL with the --insecure flag. I must not have that setup in the Postman environment.

View solution in original post

ozkanaltas · ‎12-19-2023

Hello @AskingForHelp ,

Your request seems good. I tried my FortiGate with your sample request on Postman, but I didn't get any error. My Fortigate created a policy without any problem.

I use FortiOS 7.2.5. Which version do you use?

Also, could you try add with "vdom" param end of the URL

https://{{IP}}/api/v2/cmdb/firewall/policy/?access_token=7dpdqjH3bHjqfghw0Gkx9Ngxht8b8p&vdom=root

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

AskingForHelp · ‎12-20-2023

The FortiWiFi is running 7.2.6. I tried adding vdom=root but did not get a success.

ozkanaltas · ‎12-20-2023

I saw your "Headers" tab. You send 10 headers, in my configuration I send 8 headers. What are you sending differently?

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

AskingForHelp · ‎12-20-2023

One more troubleshooting step I tired was to POST on the reboot API endpoint. That gave a 200 success.

Still the POST on the Policy endpoint gives a 400

Debbie_FTNT · ‎12-21-2023

Hey,

the Fortinet Developer Network includes an option to validate API requests, and I checked your snippet above against it - it looks like you have an extra closing bracket '}' in there.

Once I removed that, it came back fine. Can you check that that's not the bad syntax your FortiGate is complaining about?

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

AskingForHelp · ‎12-21-2023

Thank you both for your input!

Yes that closing bracket got me. Also I was able to get the command to run in cURL with the --insecure flag. I must not have that setup in the Postman environment.