Hi,
We have a fortigate (cluster/HA), running 6.4.6 and have started to pull some info using rest from external systems.
We have ran into some problems though.
Some servers get blocked by the default policy 0 (deny all) stating threat 262144 while other machines can access the fw information via the rest account without problem.
We're running using a token at this moment and web access (port 443) using curl.
Some special local-in policy required or?
Any ideas?
Kenth
FortiGate
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Are other querying machines coming from the same IP address?
When allowing API access to api-user pay attention that allowed IP of this user shoulde be a SUBSET of the trusted host(s) used in any of the admin users.
As the last option - you can run debug and try to understand, but make sure no one works on the GUI as admin, as you will get a lot of output. Save the output to a log file for further analysis.
dia debug enable
diagnose debug httpsd -1
diagnose debug application httpsd -1
Hi Yuri,
So if I understand you correctly the ip for the device making the request should come from an ip or subnet that is allowed for an admin account (not the rest admin account but the "real" admin accounts) as well?
We have tried with restadmin account with no trusted hosts set for it as well as trusted hosts on ip or subnet fort the restadmin but that did not make any difference.
I'l run the diags as well to get better logs.
Yes, you get it right - FGT first checks trusted hosts on the regular admins, then trusted host(s) of api-user.
I am not aware of rate-limiting or any other limitation on the FGT REST side, but I work from 1-2 source IPs always on the other hand so...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.