Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jrodriguez
New Contributor

Rest API error when creating a firewall policy on a Fortigate 5.4.6

Hello,

I'm trying to use the Fortigate REST API to add various objets on our 1500D. It works quite fine except for adding new firewall policies. The firewall throws a 405 error when posting (POST) a request on this API URL (/api/v2/cmdb/firewall/policy/?vdom=VDOMNAME)

Here are the details :

 

JSON request :

{
                'action': 'accept',
                'srcintf':[
                        {
                                'name':'IFNAME02',
                        }
                ],
                'dstintf':[
                        {
                                'name':'IFNAME01',
                        }
                ],
                'srcaddr':[
                        {
                                'name':'all',
                        }
                ],
                'dstaddr':[
                        {
                                'name':'all',
                        }
                ],
                'service':[
                        {
                                'name':'ALL',
                        }
                ],
                'status':'enable',
                'schedule':'always',
                'nat':'disable',
                'logtraffic':'utm',
        }

 

And the error :

405 Method Not Allowed

{
"http_method": "POST",
"status": "error",
"http_status": 405,
"vdom": "VDOMNAME",
"path": "firewall",
"name": "policy",
"action": "accept",
"serial": "FG1K",
"version": "v5.4.6",
"build": 1165
}

 

If I remove the parameter "action" in my JSON data, the policy is created but with a default deny value, which is not what I want.

 

Any ideas ?

 

Regards.

3 REPLIES 3
jrodriguez
New Contributor

Hello,

 

If it can help someone, I've found the error cause in the FortiOS 5.4 REST API Reference Guide. Here are the explaination from the guide :

 

Limitation If the body data has the same name as some reserved URL parameters, such as name, path, or action, the request would fail due to the conflict. For example, firewall policy has 'name' and 'action' attribute which conflict with the reserved URL parameter 'name' and 'action'. POST/PUT with normal method would fail with 405 error. A workaround is to enclosed all object data in a 'json' keyword so the API can correctly identify object data.

 

This would work :

{'json':{'name':"test_policy", 'srcintf': [{"name":"port1"}], 'dstintf': [{"name":"port2"}],'srcaddr': [{"name":"all"}], 'dstaddr': [{"name":"all"}],'action':"accept",'status': "enable",'schedule':"always",'service':[{'name':"ALL"}], 'nat':"disable"}}

 

Regards. 

emnoc
Esteemed Contributor III

That goods new  news and glad you found out the issue. I alway like to get exit policy for the structure and craft the right  json attribute keyvalue and add { POST } items . It can be challenging  modifying items also, so  I would  test the right  syntax when you make modifications. Here's a post on what I just wrote up on my blog, and  forum user contacted me about some API issues a few months and I decided to write a small snippet on it.

 

http://socpuppet.blogspot...api-to-add-delete.html

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
xxddpac
New Contributor

hi, can show me your python code ?

 

I creat a address objects return 403 error using rest api 

 

thanks!!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors