Hi,
I'm trying to add ip addresses to my Fortigate but I'm getting an HTTP Forbidden.
Here are the commands I run:
curl -k -i -X POST https://X.X.X.X/logincheck -d "username=apiuser&secretkey=apiuser" --dump-header header.txt -c cookies.txt
curl -k -i -X POST https://X.X.X.X/api/v2/cmdb/firewall/address -d "{'name':'test','subnet':'1.1.1.1/32' }" -b header.txt
My user apiuser has the profile super_admin.
Do you know why I'm getting an HTTP/1.1 403 Forbidden?
Thank you in advance.
All the best,
Hyjaal
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 05-07-2024 01:24 AM Edited on 05-07-2024 01:35 AM
Hello,
I just found my answer :)
Here are the commands:
curl -k -c fgtcookies -d username=apiuser -d secretkey=apiuser https://X.X.X.X/logincheck
token=$(grep token fgtcookies | awk -F '"' '{print $2}')
curl -s -b fgtcookies -k -X POST -H "Content-Type: application/json" -d "{'name':'test','subnet':'1.1.1.1/32' }" -H "X-CSRFTOKEN: $token" https://X.X.X.X/api/v2/cmdb/firewall/address
curl -k -i -X GET https://X.X.X.X/logout -b fgtcookies
This method allows you to create hosts.For example, I was able to create 3 hosts :
test1 1.1.1.1/32
test2 1.1.1.2/32
test3 1.1.1.3/32
Hyjaal
Hello @Hyjaal ,
For Fortigate doesn't need to api-username on the request.
Can you try it like that?
curl -k -i -X POST https://X.X.X.X/api/v2/cmdb/firewall/address?access_token=<YOUR_API_KEY> -d "{'name':'test','subnet':'1.1.1.1/32' }"
https://community.fortinet.com/t5/FortiGate/Technical-Tip-About-REST-API/ta-p/195425
Hello @ozkanaltas,
I don't have an API KEY as I use session cookies.
apiuser is an administrator account and not REST API Admin, I don't know if it makes a difference.
I don't see myself generating an API KEY on each of my Fortigates (~500devices)
If I can't use session cookies, is there a cli command to generate the token?
Have a nice day,
Hyjaal
Created on 05-06-2024 07:33 AM Edited on 05-06-2024 07:34 AM
Hello @Hyjaal ,
Can you try your request with "cookies.txt"?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-REST-API-Access-FortiGate/ta-p/196540
This will generate 2 files:
headers.txt: It contains all information about the authentication. This file will be needed for GET commands
cookies.txt: It contain the cookie generated for the authentication. This file will be needed for POST commands
If you want to create the rest API user and key via cli you can follow this document.
hi,
I confirm that it works by calling the cookies.txt file.
curl -k -i -X GET https://X.X.X.X/api/v2/cmdb/router/static -b cookies.txt | grep -i "seq"
% Total % Received % Xferd Average Speed Time Time Time Current
Download Upload Total Spent Left Speed
100 2277 100 2277 0 0 12005 0 --:--:-- --:--:-- --:--:-- 12047
"seq-num":1,
"seq-num":2,
"seq-num":3,
That's why I don't understand why I have an HTTP Forbidden for adding an ip address
Created on 05-07-2024 01:24 AM Edited on 05-07-2024 01:35 AM
Hello,
I just found my answer :)
Here are the commands:
curl -k -c fgtcookies -d username=apiuser -d secretkey=apiuser https://X.X.X.X/logincheck
token=$(grep token fgtcookies | awk -F '"' '{print $2}')
curl -s -b fgtcookies -k -X POST -H "Content-Type: application/json" -d "{'name':'test','subnet':'1.1.1.1/32' }" -H "X-CSRFTOKEN: $token" https://X.X.X.X/api/v2/cmdb/firewall/address
curl -k -i -X GET https://X.X.X.X/logout -b fgtcookies
This method allows you to create hosts.For example, I was able to create 3 hosts :
test1 1.1.1.1/32
test2 1.1.1.2/32
test3 1.1.1.3/32
Hyjaal
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1645 | |
1070 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.