User Operations¶
Firewall Address Objects¶
Get¶
To get all address objects from your device:
>>> addresses = device.get_firewall_address()
You can select a single object by passing the name of the object as an unnamed parameter, or by using the ‘specific’ parameter:
>>> my_address = device.get_firewall_address('Test')
>>> my_address = device.get_firewall_address(specific='Test')
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> addresses = device.get_firewall_address(filters='visibility==enable')
The output of these functions will be a list. If you’ve asked for a specific address, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_firewall_address('Test')
[{'name': 'Test', 'q_origin_key': 'Test', 'uuid': '264b09e6-984f-51e7-5ca7-5fc5d32b3a2b', 'subnet': '10.0.0.0 255.0.0.0', 'type': 'ipmask', 'start-ip': '10.0.0.0', 'end-ip': '255.0.0.0', 'fqdn': '', 'country': '\n', 'wildcard-fqdn': '', 'cache-ttl': 0, 'wildcard': '10.0.0.0 255.0.0.0', 'comment': '', 'visibility': 'enable', 'associated-interface': '', 'color': 0, 'tags': [], 'allow-routing': 'disable'}]
Update¶
To update an address object, you’ll need to pass two parameters to the update_firewall_address function. The name of the address object being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'subnet': '192.168.0.0 255.255.255.0'}"
>>> device.update_firewall_address('Test', payload)
200
>>> device.get_firewall_address('Test')[0]['subnet']
'192.168.0.0 255.255.255.0'
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create an address object, you’ll need to provide two parameters to the create_firewall_address function. The name of the address object being created (”address”), and a JSON formatted object configuration (”data”):
>>> payload = "{'name': 'Test', 'type': 'subnet', 'subnet': '192.168.0.0 255.255.255.0'}"
>>> device.create_firewall_address('Test', payload)
200
Delete¶
To delete an address object, you just need to pass the address name to the delete_firewall_address function:
>>> device.delete_firewall_address('Test')
200
>>> device.get_firewall_address('Test')
404
Address Groups¶
Get¶
To get all address groups from your device:
>>> groups = device.get_address_group()
You can select a single object by passing the name of the object as an unnamed parameter, or by using the ‘specific’ parameter:
>>> my_group = device.get_address_group('Test Group')
>>> my_group = device.get_address_group(specific='Test Group')
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> groups = device.get_address_group(filters='visibility==enable')
The output of these functions will be a list. If you’ve asked for a specific group, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_address_group('Test Group')
[{'name': 'Test Group', 'q_origin_key': 'Test Group', 'uuid': '505cbc26-9871-51e7-63ce-8e5b80914ff9', 'member': [{'name': 'Test', 'q_origin_key': 'Test'}], 'comment': '', 'visibility': 'enable', 'color': 0, 'tags': [], 'allow-routing': 'disable'}]
Update¶
To update an address group, you’ll need to pass two parameters to the update_address_group function. The name of the address group being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'member': [{'name': 'Test'}]}"
>>> device.update_address_group('Test Group', payload)
200
>>> device.get_address_group('Test Group')[0]['member']
[{'name': 'Test', 'q_origin_key': 'Test'}]
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create an address group, you’ll need to provide two parameters to the create_address_group function. The name of the address group being created (”group_name”), and a JSON formatted object configuration (”data”):
>>> payload = "{'name': 'Test Group', 'member': [{'name': 'Test'}]}"
>>> device.create_address_group('Test Group', payload)
200
Delete¶
To delete an address group, you just need to pass the group name to the delete_address_group function:
>>> device.delete_address_group('Test Group')
200
Service Categories¶
Get¶
To get all service categories from your device:
>>> categories = device.get_service_category()
You can select a single object by passing the name of the object as an unnamed parameter, or by using the ‘specific’ parameter:
>>> my_cat = device.get_service_category('Test Category')
>>> my_cat = device.get_service_category(specific='Test Category')
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> categories = device.get_service_category(filters='visibility==enable')
The output of these functions will be a list. If you’ve asked for a specific service category, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_service_category('Test Category')
[{'name': 'Test Category', 'q_origin_key': 'Test Category', 'comment': 'A category for testing.'}]
Update¶
To update a service category, you’ll need to pass two parameters to the update_service_category function. The name of the category being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'comment': 'Test test test!'}"
>>> device.update_service_category('Test Category', payload)
200
>>> device.get_service_category('Test Category')[0]['comment']
'Test test test!'
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create a service category, you’ll need to provide two parameters to the create_service_category function. The name of the service category being created (”category”), and a JSON formatted object configuration (”data”):
>>> payload = "{'name': 'Test Category', 'comment': 'A category for testing.'}"
>>> device.create_service_category('Test Category', payload)
200
Delete¶
To delete a service category, you just need to pass the category name to the delete_service_category function:
>>> device.delete_service_category('Test Category')
200
Service Groups¶
Get¶
To get all service groups from your device:
>>> groups = device.get_service_group()
You can select a single object by passing the name of the object as an unnamed parameter, or by using the ‘specific’ parameter:
>>> my_group = device.get_service_group('Test Group')
>>> my_group = device.get_service_group(specific='Test Group')
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> groups = device.get_service_group(filters='visibility==enable')
The output of these functions will be a list. If you’ve asked for a specific group, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_service_group('Test Group')
[{'name': 'Test Group', 'q_origin_key': 'Test Group', 'member': [{'name': 'Test', 'q_origin_key': 'Test'}], 'proxy': 'disable', 'comment': '', 'color': 0}]
Update¶
To update a service group, you’ll need to pass two parameters to the update_service_group function. The name of the service group being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'member': [{'name': 'Test'}]}"
>>> device.update_service_group('Test Group', payload)
200
>>> device.get_service_group('Test Group')[0]['member']
[{'name': 'Test', 'q_origin_key': 'Test'}]
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create a service group, you’ll need to provide two parameters to the create_service_group function. The name of the service group being created (”group_name”), and a JSON formatted object configuration (”data”):
>>> payload = "{'name': 'Test Group', 'member': [{'name': 'Test'}]}"
>>> device.create_service_group('Test Group', payload)
200
Delete¶
To delete a service group, you just need to pass the group name to the delete_service_group function:
>>> device.delete_service_group('Test Group')
200
Firewall Service¶
Get¶
To get all firewall services from your device:
>>> services = device.get_firewall_service()
You can select a single object by passing the name of the object as an unnamed parameter, or by using the ‘specific’ parameter:
>>> my_service = device.get_firewall_service('Test')
>>> my_service = device.get_firewall_service(specific='Test')
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> services = device.get_firewall_service(filters='visibility==enable')
The output of these functions will be a list. If you’ve asked for a specific group, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_firewall_service('Test')
[{'name': 'Test', 'q_origin_key': 'Test', 'proxy': 'disable', 'category': 'General', 'protocol': 'TCP/UDP/SCTP', 'helper': 'auto', 'iprange': '0.0.0.0', 'fqdn': '', 'protocol-number': 6, 'icmptype': '', 'icmpcode': '', 'tcp-portrange': '80', 'udp-portrange': '123', 'sctp-portrange': '', 'tcp-halfclose-timer': 0, 'tcp-halfopen-timer': 0, 'tcp-timewait-timer': 0, 'udp-idle-timer': 0, 'session-ttl': 0, 'check-reset-range': 'default', 'comment': '', 'color': 0, 'visibility': 'enable', 'app-service-type': 'disable', 'app-category': [], 'application': []}]
Update¶
To update a firewall service, you’ll need to pass two parameters to the update_firewall_service function. The name of the firewall service being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'tcp-portrange': '80 443'}"
>>> device.update_firewall_service('Test', payload)
200
>>> device.get_firewall_service('Test')[0]['tcp-portrange']
'80 443'
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create a firewall service, you’ll need to provide two parameters to the create_firewall_service function. The name of the service being created (”service_name”), and a JSON formatted object configuration (”data”):
>>> payload = "{'name': 'Test', 'category': 'General', 'tcp-portrange': '80', 'udp-portrange': '123'}"
>>> device.create_firewall_service('Test', payload)
200
Delete¶
To delete a firewall service, you just need to pass the service name to the delete_firewall_service function:
>>> device.delete_firewall_service('Test')
200
Firewall Policy¶
Get¶
To get all firewall policies from your device:
>>> policies = device.get_firewall_policy()
Alternatively, you can pass a single unnamed parameter, or a named parameter (‘specific’) which can be provided to target a single object. Specific in this instance can be either a policy name, or a policy ID:
>>> my_policy = device.get_firewall_policy(specific='Test Policy')
>>> my_policy = device.get_firewall_policy(500)
>>> device.get_firewall_policy(specific='Test Policy') == device.get_firewall_policy(500)
True
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> policies = device.get_firewall_policy(filters='visibility==enable')
>>> policies = device.get_firewall_policy(filters='visibility==enable&comment=@SearchTerm')
The output of these functions will be a list. If you’ve asked for a specific group, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_firewall_policy(500)
[{'policyid': 500, 'q_origin_key': 500, 'name': 'Test Policy', 'uuid': '9b70d28a-990f-51e7-95ef-dd4f2065b5ce', 'srcintf': [{'name': 'lan', 'q_origin_key': 'lan'}], 'dstintf': [{'name': 'wan', 'q_origin_key': 'wan'}], 'srcaddr': [{'name': 'all', 'q_origin_key': 'all'}], 'dstaddr': [{'name': 'Test', 'q_origin_key': 'Test'}], 'internet-service': 'disable', 'internet-service-id': [], 'internet-service-custom': [], 'rtp-nat': 'disable', 'rtp-addr': [], 'learning-mode': 'disable', 'action': 'accept', 'send-deny-packet': 'disable', 'firewall-session-dirty': 'check-all', 'status': 'enable', 'schedule': 'always', 'schedule-timeout': 'disable', 'service': [{'name': 'ALL', 'q_origin_key': 'ALL'}], 'dscp-match': 'disable', 'dscp-negate': 'disable', 'dscp-value': '000000', 'tcp-session-without-syn': 'disable', 'utm-status': 'disable', 'profile-type': 'single', 'profile-group': '', 'av-profile': '', 'webfilter-profile': '', 'dnsfilter-profile': '', 'spamfilter-profile': '', 'dlp-sensor': '', 'ips-sensor': '', 'application-list': '', 'voip-profile': '', 'icap-profile': '', 'waf-profile': '', 'profile-protocol-options': '', 'ssl-ssh-profile': '', 'logtraffic': 'utm', 'logtraffic-start': 'disable', 'traffic-shaper': '', 'traffic-shaper-reverse': '', 'per-ip-shaper': '', 'application': [], 'app-category': [], 'url-category': [], 'nat': 'enable', 'permit-any-host': 'disable', 'permit-stun-host': 'disable', 'fixedport': 'disable', 'ippool': 'disable', 'poolname': [], 'session-ttl': 0, 'vlan-cos-fwd': 255, 'vlan-cos-rev': 255, 'inbound': 'disable', 'outbound': 'enable', 'natinbound': 'disable', 'natoutbound': 'disable', 'wccp': 'disable', 'ntlm': 'disable', 'ntlm-guest': 'disable', 'ntlm-enabled-browsers': [], 'fsso': 'disable', 'wsso': 'enable', 'rsso': 'disable', 'fsso-agent-for-ntlm': '', 'groups': [], 'users': [], 'devices': [], 'auth-path': 'disable', 'disclaimer': 'disable', 'vpntunnel': '', 'natip': '0.0.0.0 0.0.0.0', 'match-vip': 'disable', 'diffserv-forward': 'disable', 'diffserv-reverse': 'disable', 'diffservcode-forward': '000000', 'diffservcode-rev': '000000', 'tcp-mss-sender': 0, 'tcp-mss-receiver': 0, 'comments': '', 'label': '', 'global-label': '', 'auth-cert': '', 'auth-redirect-addr': '', 'redirect-url': '', 'identity-based-route': '', 'block-notification': 'disable', 'custom-log-fields': [], 'tags': [], 'replacemsg-override-group': '', 'srcaddr-negate': 'disable', 'dstaddr-negate': 'disable', 'service-negate': 'disable', 'internet-service-negate': 'disable', 'timeout-send-rst': 'disable', 'captive-portal-exempt': 'disable', 'ssl-mirror': 'disable', 'ssl-mirror-intf': [], 'scan-botnet-connections': 'disable', 'dsri': 'disable', 'radius-mac-auth-bypass': 'disable', 'delay-tcp-npu-session': 'disable'}]
Update¶
To update a firewall policy, you’ll need to pass two parameters to the update_firewall_policy function. The ID of the firewall policy being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'status': 'disable'}"
>>> device.update_firewall_policy(500, payload)
200
>>> device.get_firewall_policy(500)[0]['status']
'disable'
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create a firewall policy, you’ll need to provide two parameters to the create_firewall_policy function. The ID of the firewall policy being created (”policy_id”), and a JSON formatted object configuration (”data”):
>>> payload = {'policyid': 500,
'name': 'Test Policy',
'srcintf': [{'name': 'lan'}],
'dstintf': [{'name': 'wan'}],
'srcaddr': [{'name': 'all'}],
'dstaddr': [{'name': 'Test'}],
'action': 'accept',
'status': 'enable',
'schedule': 'always',
'service': [{'name': 'ALL'}],
'nat': 'enable',
'fsso': 'enable',
'wsso': 'disable',
'rsso': 'enable'}
>>> payload = repr(payload)
>>> device.create_firewall_policy(500, payload)
200
Move¶
To move a firewall policy, you’ll need to call the move_firewall_policy function and pass in three parameters:
- policy_id (the ID of the policy being moved)
- position (“before” or “after”)
- neighbour (the ID of the policy being used as a positional anchor)
>>> device.move_firewall_policy(policy_id=500,
position="after",
neighbour=2)
200
Delete¶
To delete a firewall policy, you just need to pass the policy ID to the delete_firewall_policy function:
>>> device.delete_firewall_policy(500)
200
SNMP Community¶
Get¶
To get all SNMP communities from your device:
>>> communities = device.get_snmp_community()
Alternatively, you can pass a single unnamed parameter, or a named parameter (‘specific’) which can be provided to target a single object. Specific in this instance can be either a community name, or a community ID:
>>> my_community = device.get_snmp_community(specific='my_community_string')
>>> my_community = device.get_snmp_community(100)
>>> device.get_snmp_community('my_community_string') == device.get_snmp_community(specific=100)
True
This method also accepts a named parameter ‘filters’ which can accept a raw Fortigate API filter to pass through, for example:
>>> communities = device.get_snmp_community(filters='query-v2c-status==enable')
The output of these functions will be a list. If you’ve asked for a specific community, this list will be one item long, but will still be a list.
Each member of the list will be a Python dictionary, directly mapped from the FortiGate API’s JSON result. This can be seen in the example below:
>>> device.get_snmp_community('my_community_string')
[{'id': 100, 'q_origin_key': 100, 'name': 'my_community_string', 'status': 'enable', 'hosts': [{'id': 1, 'q_origin_key': 1, 'source-ip': '0.0.0.0', 'ip': '192.168.0.0 255.255.255.0', 'ha-direct': 'disable', 'host-type': 'any'}], 'hosts6': [], 'query-v1-status': 'enable', 'query-v1-port': 161, 'query-v2c-status': 'enable', 'query-v2c-port': 161, 'trap-v1-status': 'enable', 'trap-v1-lport': 162, 'trap-v1-rport': 162, 'trap-v2c-status': 'enable', 'trap-v2c-lport': 162, 'trap-v2c-rport': 162, 'events': 'cpu-high mem-low log-full intf-ip vpn-tun-up vpn-tun-down ha-switch ha-hb-failure ips-signature ips-anomaly av-virus av-oversize av-pattern av-fragmented fm-if-change bgp-established bgp-backward-transition ha-member-up ha-member-down ent-conf-change av-conserve av-bypass av-oversize-passed av-oversize-blocked ips-pkg-update ips-fail-open faz-disconnect wc-ap-up wc-ap-down fswctl-session-up fswctl-session-down load-balance-real-server-down'}]
Update¶
To update an SNMP Community, you’ll need to pass two parameters to the update_snmp_community function. The ID of the community being updated, and a JSON formatted object configuration (only the fields being updated are required):
>>> payload = "{'status': 'disable'}"
>>> device.update_snmp_community(100, payload)
200
>>> device.get_snmp_community(100)[0]['status']
'disable'
Note: you can’t just use a Python dictionary as your payload. Please refer to the “424” section in Common Issues.
Create¶
To create an SNMP community, you’ll need to provide two parameters to the create_snmp_community function. The ID of the SNMP community being created (”community_id”), and a JSON formatted object configuration (”data”):
>>>payload = {'id': 100,
'name': 'my_community_string',
'status': 'enable',
'hosts': [{'ip': '192.168.0.0 255.255.255.0'}]}
>>> payload = repr(payload)
>>> device.create_snmp_community(100, payload)
Delete¶
To delete an SNMP Community, you just need to pass the community ID to the delete_snmp_community function:
>>> device.delete_snmp_community(100)
200