Fortinet Community

pablo_embasa · ‎04-25-2022

Hi,

I´m tring to integrate my Fortigates with an script.

My script can add any already created address in an specific group, but I can´t find a way to remove only one address, all I can use is add just an address or change all adresses all at once.

Any help would be appraciented.

pminarik · ‎04-26-2022

Hi pablo_embasa,

There's a neat little trick to this. You can directly target array-like keys in an object with POST requests to append to them, or directly do a DELETE request on one of the items in the array. Example below:

1, Get current members of an address group named "test_group":

GET /api/v2/cmdb/firewall/addrgrp/test_group

=> addr_1, addr_2, addr_3 (to keep this short, I am showing just the members after the command is run, not the actual JSON output)

2, Append a new address object to it:

POST /api/v2/cmdb/firewall/addrgrp/test_group/member

payload: {"name": "addr_4"}

=> addr_1, addr_2, addr_3, addr_4

3, Remove a single address object from it, but leave the rest:
DELETE /api/v2/cmdb/firewall/addrgrp/test_group/member/addr_2

=> addr_1, addr_3, addr_4

[ corrections always welcome ]

View solution in original post

Debbie_FTNT · ‎04-25-2022

Hey Pablo,

if I remember correctly, you can update the address group (including the member fields) with an HTTP PUT request.

I believe an HTTP put with '"member":[<array of all addresses except the one you want to remove>]' should do it.
You could do a GET request to have the addressgroup object, copy&paste the data, remove the address you want, and then send back with PUT request.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++

pablo_embasa · ‎04-25-2022

I know that I can do this, but the software that I´m using doesn´t permit any kind of algorithm, it only supports an API call, so it needs to be on only one request.

pminarik · ‎04-26-2022