Technical Tip: How to install preview and review the output of the configuration changes using API in FortiManager

mrafat · ‎02-26-2024

Description

This article describes how to extract the install preview output using REST API calls for FortiManager.

Scope

FortiManager-VM and FortiManager.

Solution

Prerequisites:

Make sure that the FortiManager administrator profile will have JSON Read/write access as shown below:

To make the API requests from the tool chosen, it is necessary to have a session ID. A login operation is required to get this session ID. This session ID can be used in all subsequent FortiManager JSON API requests.

In the example below, the REST API Calls will be demonstrated in Postman:

POST: https://x.x.x.x/jsonrpc x.x.x.x : FMG IP

Request:

{

"id": 1,

"method": "exec",

"params": [

{

"data": [

{

"passwd": "",

"user": "admin"

}

],

"url": "sys/login/user"

}

],

"session": null,

}

Response:

{

"result": [

{

"status": {

"code": 0,

"message": "OK"

},

"url": "sys/login/user"

}

],

"session": "BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==

",

"id": 1

}

Now that the Session ID has been obtained, the next step will be doing the request for executing the installation with the flag 'preview'. This means that the FortiManager will not install the changes until the preview first is checked.

Below is the Request and expected response, where:

The policy package name is 'Test'.
The ADOM is 'root'.
The FortiGate name is 'brainy-fmg-esx26'.
The VDOM of FortiGate through which this policy will be installed: root.

Request:

{

"id": 1,

"method": "exec",

"params": [

{

"data": {

"adom": "root",

"flags": [

"preview"

],

"pkg": "Test",

"scope":

{

"name": "brainy-fmg-esx26",

"vdom": "root"

}

},

"url": "/securityconsole/install/package"

}

],

"session": " BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==",

"verbose": 1

}

Response:

{
"result": [
{
"data": {
"task": 1
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/securityconsole/install/package"
}
],
"id": 1
}

The Second request will be for performing the preview request and preparing the install preview log file to be reviewed later as below:

Request:

{

"id": 1,

"method": "exec",

"params": [

{

"data": {

"adom": "root",

"device": "brainy-fmg-esx26",

"flags": [

"none"

],

"vdoms": "root"

},

"url": "/securityconsole/install/preview"

}

],

"session": " BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==",

"verbose": 1

}

Response:

{
"result": [
{
"data": {
"task": 2
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/securityconsole/install/preview"
}
],
"id": 1
}

The last step will show the install preview output to review it, and the example below shows the request and the expected response for it:

Request:

{

"id": 1,

"method": "exec",

"params": [

{

"data": {

"adom": "root",

"device": "brainy-fmg-esx26"

},

"url": "/securityconsole/preview/result"

}

],

"session": " BEvR3fyRHNQ5b4fE1huzRD+wfy3vk5sN6h1by7pUG+9QHdy7ywgIGfuUdtI9UYCegiqJFTNNzqgy4i3nqjybnw==",

"verbose": 1

}

Response:

{
"result": [
{
"data": {
"message": "config webfilter ftgd-local-cat\n purge\nend\nconfig system interface\n edit \"port1\"\n set description \"test ..etc”
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/securityconsole/preview/result"
}
],
"id": 1
}

Note that the message output in the last request has been truncated for better article readability.

Troubleshooting:

The following commands can be used on FortiManagerCLI to debug the REST API Calls:

diagnose debug service httpd 255

diagnose debug service main 255

Related articles: