Hi everyone I am trying to use the REST API to add IP addresses on our
Firewall. I have this python code: import os import requests import
urllib3 import getpass
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
baseURL = "REDACTED ...
I've tried to create an application control security profile for the DNS
requests of our DNS Server, so that only application data of the type
DNS (and ICMP/Ping) is allowed. The app profile looks like this: When I
did that, I saw in the logs that Go...
Hi Community we currently use an LDAP server and import groups from
there into fortigate user groups (create new user group -> add remote
group from the LDAP server) that we use in SSL-VPN policies to grant
access to the different ressources, that th...
Hi All I would like to leverage the automation in security fabric to ban
IP's that are trying to connect with the username "administrator". I've
made a trigger with the event "SSL VPN login fail" with the field filter
user:administrator: I've then cr...
Hi All we have a FGCP Cluster in A-P mode in our primary site and a
standalone Fortigate in our backup site. At the moment we don't have any
VDOMs, but we'd like to implement some and then only synchronize the
root VDOM to the backup site. In my head...
Has anyone found a solution or cause of this issue? Two of my users are
experiencing this, with another one having had this issue once but when
trying to log in again it then worked. The two others have the issue all
the time and have to enter the co...
Ok I found the issue. I had to encode it to json before passing it to
the post request. Here the updated code, if someone needs it. import os
import requests import urllib3 import getpass import json
urllib3.disable_warnings(urllib3.exceptions.Insecu...
Thank you for your reply. I've filtered the applications by protocol
where DNS is used and added them to the allowed applications (some
examples are Yahoo.Mail, Google.Hangouts and others). Is this enough or
do other applications behave like Google T...
Hi pminarik Thank you for your response. Alright we have to think about
a different way to do this then, but I'm glad that I know that it won't
work, without me trying to implement it and then finding out that it
doesn't solve my problem ^^