I want to create a vlan interface by the REST API on a FortiGate. Here is a JSON code:
{
"name": "vl405",
"vdom": "prod",
"mode": "static",
"dhcp-relay-interface-select-method": "auto",
"dhcp-relay-interface": "",
"dhcp-relay-service": "enable",
"dhcp-relay-ip": "\"x.x.x.x\" \"y.y.y.y\" ",
"dhcp-relay-type": "regular",
"dhcp-relay-agent-option": "enable",
"ip": "z.z.z.z 255.255.254.0",
"allowaccess": "ping",
"speed": "auto",
"status": "down",
"type": "vlan",
"interface": "ag_inside",
"vlan-protocol": "8021q",
"vlanid": 405,
"alias": "VDI",
}
When I POST it, I get this result:
{
"http_method": "POST",
"revision": ".....",
"revision_changed": true,
"old_revision": ".....",
"cli_error": "current vf=root:0\nentry not found in datasource\n\nvalue parse error before 'prod'\nCommand fail. Return code -3\nCommand fail. Return code 1\n",
"error": -3,
"status": "error",
"http_status": 500,
"vdom": "root",
"path": "system",
"name": "interface",
"serial": "FGT3KDT.....",
"version": "v6.4.6",
"build": 1879
}
I created the interface manually, get its configuration by the GET method, deleted it from the obtained JSON deleted some keys (fortilink, ipv6, snmp, q_origin_key, switch-controller, etc. ) and when I tried to POST it back I got the same result.
The vlan interface had to be created in a prod vdom on a ag_inside aggregated interface, which belongs to the root vdom. The admin profile for the REST API administrator allows full control of the device. I tried to post the JSON with a specified vdom in the URL, but it didn't help.
I tried to create the interface on an other FortiGate (500E) device, and the code works there. The only difference is, the aggregated link on which I create the vlan interface belongs to the same vdom in where I create the vlan. Could this cause the problem? If not, what is the reason?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi gbagitafr,
I vaguely remember seeing an issue like this, but I can't find what the solution was exactly. First thing that comes to mind - can you try with the REST API admin's profile set to global scope?
show full sys accprofile <name-of-profile> | grep scope
Hi gbagitafr,
I vaguely remember seeing an issue like this, but I can't find what the solution was exactly. First thing that comes to mind - can you try with the REST API admin's profile set to global scope?
show full sys accprofile <name-of-profile> | grep scope
It helped. Thanks ;)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1086 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.