FortiGate

class fortigate_api.FortiGate(host: str, username: str = '', password: str = '', token: str = '', scheme: str = 'https', port: int = 0, timeout: int = 15, verify: bool = False, vdom: str = 'root', logging: bool = False, logging_error: bool = False, **kwargs)

FortiGate - Python wrapper for the FortiOS REST API.

Init FortiGate.

Parameters:

  • host (str) – Fortigate hostname or ip address.

  • username (str) – Administrator name. Mutually exclusive with token.

  • password (str) – Administrator password. Mutually exclusive with token.

  • token (str) – Token. Mutually exclusive with username and password.

  • scheme (str) – Access method: https or http. Default is https.

  • port (int) – TCP port. Default is 443 for scheme=`https`, 80 for scheme=`http`.

  • timeout (int) – Session timeout (minutes). Default is 15.

  • verify (bool) – Transport Layer Security. True - A TLS certificate required, False - Requests will accept any TLS certificate. Default is False.

  • vdom (str) – Name of the virtual domain. Default is root.

  • logging (bool) – Logging REST API response. Ture - Enable response logging, False - otherwise. Default is False.

  • logging_error (bool) – Logging only the REST API response with error. Ture - Enable errors logging, False - otherwise. Default is False.

login() None

Login to the Fortigate using REST API and creates a Session object.

  • Validate ‘token’ if object has been initialized with token parameter.

  • Validate password if object has been initialized with username parameter.

Returns:

None. Creates Session object.

logout() None

Logout from the Fortigate using REST API, deletes Session object.

  • No need to logo ut if object has been initialized with token parameter.

  • Log out if object has been initialized with username parameter.

Returns:

None. Deletes Session object

delete(url: str) Response

DELETE the fortigate-object from the Fortigate.

Parameters:

url (str) – REST API URL to the fortigate-object.

Returns:

Session response.

  • <Response [200]> Object successfully deleted,

  • <Response [400]> Invalid URL,

  • <Response [404]> Object not found in the Fortigate.

Return type:

Response

get(url: str) Response

GET a Response object from the Fortigate.

Parameters:

url (url) – REST API URL.

Returns:

Response object.

Return type:

Response

get_result(url: str) Dict[str, Any]

GET a single fortigate-object from the JSON results section.

Parameters:

url (url) – REST API URL to the fortigate-objects.

Returns:

dictionary of the fortigate-object.

Return type:

dict

get_results(url: str) List[Dict[str, Any]]

GET list of fortigate-objects from the JSON results section.

Parameters:

url (url) – REST API URL to the fortigate-objects.

Returns:

List of the fortigate-objects.

Return type:

List[dict]

get_list(url: str) list

GET list of items from the JSON root section.

Parameters:

url (str) – REST API URL to the fortigate-objects.

Returns:

List of the items.

Return type:

List[dict]

post(url: str, data: Dict[str, Any]) Response

POST (create) fortigate-object in the Fortigate based on the data.

Parameters:

  • url (str) – REST API URL to the fortigate-object.

  • data (dict) – Data of the fortigate-object.

Returns:

Session response.

  • <Response [200]> Object successfully created,

  • <Response [400]> Invalid URL,

  • <Response [500]> Object already exist.

Return type:

Response

put(url: str, data: Dict[str, Any]) Response

PUT (update) existing fortigate-object in the Fortigate.

Parameters:

  • url (str) – REST API URL to the fortigate-object.

  • data (dict) – Data of the fortigate-object.

Returns:

Session response.

  • <Response [200]> Object successfully updated,

  • <Response [400]> Invalid URL,

  • <Response [404]> Object has not been updated.

Return type:

Response

directory(url: str) List[Dict[str, Any]]

Get directory schema of available REST API data source.

Parameters:

url (str) – REST API URL to the directory.

Returns:

List of the fortigate-objects.

Return type:

List[dict]

exist(url: str) Response

Check if a fortigate-object exists in the Fortigate.

Parameters:

url (str) – REST API URL to the fortigate-object.

Returns:

Session response.

  • <Response [200]> Object exist,

  • <Response [400]> Invalid URL,

  • <Response [404]> Object does not exist.

Return type:

Response

Usage

"""FortiGate examples.

- Initialize FortiGate with optional parameters scheme=`https`, port=443
- FortiGate.post() - Create fortigate-object in the Fortigate
- FortiGate.get() - GetResponse object from the Fortigate
- FortiGate.get_results() - Get list of fortigate-objects from the JSON results section
- FortiGate.get_result() - Get single fortigate-object from the JSON results section
- FortiGate.get_list() - Get list of items from the JSON root section
- FortiGate.put() - Update existing fortigate-object in the Fortigate
- FortiGate.delete() - Delete the fortigate-object from the Fortigate
- FortiGate.exist() - Check iffortigate-object exists in the Fortigate
- Get Directory
- FortiGate `with` statement
"""

import logging
from pprint import pprint

from fortigate_api import FortiGate

logging.getLogger().setLevel(logging.DEBUG)

HOST = "host"
USERNAME = "username"
PASSWORD = "password"

# Initialize FortiGate with optional parameters scheme=`https`, port=443
fgt = FortiGate(
    host=HOST,
    username=USERNAME,
    password=PASSWORD,
    scheme="https",
    port=443,
    logging_error=True,
)
fgt.login()  # login is optional

# FortiGate.post() - Create fortigate-object in the Fortigate
data = {
    "name": "ADDRESS",
    "obj-type": "ip",
    "subnet": "127.0.0.100 255.255.255.252",
    "type": "ipmask",
}
response = fgt.post(url="api/v2/cmdb/firewall/address/", data=data)
print(f"POST {response}", )  # POST <Response [200]>

# FortiGate.get() - GetResponse object from the Fortigate
response = fgt.get(url="api/v2/cmdb/firewall/address/ADDRESS")
print(f"GET {response}", )  # POST <Response [200]>
result = response.json()["results"]
pprint(result)
#  [{"name": "ADDRESS",
#    "subnet": "127.0.0.100 255.255.255.252",
#    "uuid": "a386e4b0-d6cb-51ec-1e28-01e0bc0de43c",
#    ...
#    }]

# FortiGate.get_results() - Get list of fortigate-objects from the JSON results section
items = fgt.get_results(url="api/v2/cmdb/firewall/address")
print(f"addresses count={len(items)}")  # addresses count=14

# FortiGate.get_result() - Get single fortigate-object from the JSON results section
data = fgt.get_result(url="api/v2/cmdb/alertemail/setting")
pprint(data)
# {'FDS-license-expiring-days': 15,
#  'FDS-license-expiring-warning': 'disable',
#  'FDS-update-logs': 'disable',
#  ...

# FortiGate.get_list() - Get list of items from the JSON root section
output = fgt.get_list(url="/api/v2/monitor/firewall/policy?global=1")
pprint(output)
# [{'build': 2093,
#   'http_method': 'GET',
#   'name': 'policy',
#   'path': 'firewall',
#   'results': [{'active_sessions': 0,
#                'asic_bytes': 0,
#                'asic_packets': 0,
# ...

# FortiGate.put() - Update existing fortigate-object in the Fortigate
data = {"name": "ADDRESS", "subnet": "127.0.0.255 255.255.255.255"}
response = fgt.put(url="api/v2/cmdb/firewall/address/ADDRESS", data=data)
print(f"PUT {response}")  # PUT <Response [200]>

# FortiGate.delete() - Delete the fortigate-object from the Fortigate
response = fgt.delete(url="api/v2/cmdb/firewall/address/ADDRESS")
print(f"DELETE {response}", )  # DELETE <Response [200]>

# FortiGate.exist() - Check iffortigate-object exists in the Fortigate
response = fgt.exist(url="api/v2/cmdb/firewall/address/ADDRESS")
print(f"exist {response}", )  # exist <Response [404]>

# Get Directory
output = fgt.directory(url="/api/v2/log")
pprint(output)
output = fgt.directory(url="/api/v2/monitor")
pprint(output)

fgt.logout()

# FortiGate `with` statement
with FortiGate(host=HOST, username=USERNAME, password=PASSWORD) as fgt:
    response = fgt.exist(url="api/v2/cmdb/firewall/address/ADDRESS")
    print("exist", response)  # exist <Response [404]>