I can list all of the authenticated users to my vdom using https://10.40.100.1/api/v2/monitor/user/firewall/?vdom=Students, and I can deauth all of them using
https://10.40.100.1/api/v.../deauth/?vdom=Students
However, how do I deauth only one particular user? Is this possible via the API?
User type [proxy|firewall]. Required for both proxy and firewall users.
idstringUser ID. Required for both proxy and firewall users. ipstringUser IP address. Required for both proxy and firewall users. ip_versionstringIP version [ip4|ip6]. Only required if user_type is firewall.
methodstringAuthentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall.
allstringSet to true to deauthenticate all users. Other parameters will be ignored. usersstringArray of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties.}
Thank you. Found the documentation.
I have been unable to get this to work either using powershell or PHP. I want to be able to automate deauthenticating users for a system I am building. I will start by giving my powershell example:
$password = Read-Host -assecurestring "Please enter your password"
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
$fwaddress = "10.10.40.4"
$postParams = @{username='admin';secretkey=$password}
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/logincheck" -SessionVariable fgtSession -Method POST -Body $postParams
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Accept','application/json')
$headers.Add('Content-Type','application/json')
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/select/?vdom=Students" -WebSession $fgtSession -Method GET
$authUsers = $(ConvertFrom-Json -InputObject $request.Content).results
#$authUsers
$username = 'student@student.domain.edu'
$authUser = $authUsers | where { $_.username -eq $username }
$postParams = @{user_type='firewall';id=$authUser.id;ip=$authUser.ipaddr;method=$authUser.method;ip_version=$authUser.src_type}
$postParams
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/deauth/?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams
an example of the dataset I am using:
{
"type": "auth_logon",
"username": "student@student.domain.edu",
"usergroup": "Captive Portal",
"id": 0,
"duration": "538 seconds",
"duration_secs": 538,
"auth_type": 3,
"ipaddr": "192.168.147.152",
"src_type": "ip4",
"expiry": "5470 seconds",
"expiry_secs": 5470,
"method": "Firewall"
}
This command returns a 403 HTTP status.
Authentication and retrieval of all the authenticated users works great. Deauthing the single user gives me an error. Any thoughts would be greatly appreciated.
Hi, I am having the same problem. Any luck to get this function working properly?
No luck at all, I am actually thinking it might be because this functionality is paid, but I have not received an answer from our fortinet rep.
rpelletier wrote:No luck at all, I am actually thinking it might be because this functionality is paid, but I have not received an answer from our fortinet rep.
Please try with the HTTP body in the following format:
{"users": [...]}
Where [...] is a list of users that you'd like to deauthenticate. The "id=0" in your standalone user example is also a problem. This will be ignored.
Can you include httpsd debug output during the request? "diag debug app httpsd -1"
My apologies, I had not seen that anyone had replied.
I ran the test, but I do not see any output from the debug command. I have also been trying this command which should be more straightforward and I am having the same errors.
$ip = '192.168.144.31'
$name = 'Test1'
$address = $ip + " 255.255.255.255"
$postParams = @{name=$name;type='ipmask';subnet=$address}
Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/cmdb/firewall/address?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams
again, there is not output from the debug command
rpelletier wrote:Hi,My apologies, I had not seen that anyone had replied.
I ran the test, but I do not see any output from the debug command. I have also been trying this command which should be more straightforward and I am having the same errors.
$ip = '192.168.144.31'
$name = 'Test1'
$address = $ip + " 255.255.255.255"
$postParams = @{name=$name;type='ipmask';subnet=$address}
Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/cmdb/firewall/address?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams
again, there is not output from the debug command
You can look PowerFGT there is already support of Address
Thank you, this is an amazing project. We use VDOMs, which the functions do not natuvely supprt yet, but I went ahead and added them mysqlf and was able to add an addresses. I am going to work on seeing if I can build a function to deauth using starting from this great project. Thanks.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.