Fortiosapi’s documentation!

You will find here the overall documentation of the opensource fortiosapi module for Fortigate/Fortios devices Available on pypi.

class fortiosapi.FortiOSAPI[source]

Global class / example for FortiOSAPI

check_session()[source]

Helper fonction to check if the session on the FortiOSAPI object is valid :return:

True or raise NotLogged or InvalidLicense
static debug(status)[source]

Set the debug to on to have all the debug information from the library You should add logging.getLogger(‘fortiosapi’) to your log handler

Parameters:status – on to set the log level to DEBUG
Returns:None
delete(path, name, vdom=None, mkey=None, parameters=None, data=None)[source]

Delete a pointed object in the cmdb.

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • data – json containing the param/values of the object to be set
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API

download(path, name, vdom=None, mkey=None, parameters=None)[source]

Use the download call on the monitoring part of the API. Can get the config, logs etc..

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add parameters understood by the API call in json. Must set “destination”: “file” and scope
Returns:

The file is part of the returned json

execute(path, name, data, vdom=None, mkey=None, parameters=None)[source]

Execute is an action done on a running fortigate it is actually doing a post to the monitor part of the API we choose this name for clarity

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • data – json containing the param/values of the object to be set
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API

get(path, name, vdom=None, mkey=None, parameters=None)[source]

Execute a GET on the cmdb (i.e. configuration part) of the Fortios API

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API, values are in return[‘results’]

get_mkey(path, name, data, vdom=None)[source]
Parameters:
  • path
  • name
  • data
  • vdom
Returns:

get_mkeyname(path, name, vdom=None)[source]
Parameters:
  • path
  • name
  • vdom
Returns:

get_version()[source]
Returns:
https(status)[source]

Allow to use http or https (default). HTTP is necessary to use the API on unlicensed/trial Fortigates

Parameters:status – ‘on’ to use https to connect to API, anything else will http
Returns:
license(vdom='root')[source]
license check and update:
  • GET /api/v2/monitor/license/status
  • If pending (exec update-now) with FortiGuard if invalid POST api/v2/monitor/system/fortiguard/update and do the GET again
Convinient when Fortigate starts and license validity takes time.
Parameters:vdom – root by default, can be global to do a global check
Returns:True if license is valid at the end of the process
login(host, username, password, verify=True, cert=None, timeout=12, vdom='global')[source]
Parameters:
  • host
  • username
  • password
  • verify
  • cert
  • timeout
  • vdom
Returns:

logout()[source]
Returns:
monitor(path, name, vdom=None, mkey=None, parameters=None)[source]

Execute a GET on the montioring part of the Fortios API :param path: first part of the Fortios API URL like :param name: https://myfgt:8040/api/v2/cmdb/<path>/<name> :param mkey: when the cmdb object have a subtable mkey represent the subobject.

It is optionnal at creation the code will find the mkey name for you.
Parameters:
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API, values are in return[‘results’]

move(path, name, vdom=None, mkey=None, where=None, reference_key=None, parameters={})[source]

Move an object in a cmdb table (firewall/policies for example). Usefull for reordering too :param path: first part of the Fortios API URL like :param name: https://myfgt:8040/api/v2/cmdb/<path>/<name> :param data: json containing the param/values of the object to be set :param mkey: when the cmdb object have a subtable mkey represent the subobject.

It is optionnal at creation the code will find the mkey name for you.
Parameters:
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
  • where – the destination mkey in the table
  • reference_key – the origin mkey in the table
Returns:

A formatted json with the last response from the API

post(path, name, data, vdom=None, mkey=None, parameters=None)[source]
Execute a REST POST on the API. It will fail if the targeted object already exist. When post to the upper name/path the mkey is in the data. So we can ensure the data set is correctly filled in case mkey is passed.
Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • data – json containing the param/values of the object to be set
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API

put(path, name, vdom=None, mkey=None, parameters=None, data=None)[source]

Execute a REST PUT on the specified object with parameters in the data field as a json formatted field

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • data – json containing the param/values of the object to be set
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API

set(path, name, data, mkey=None, vdom=None, parameters=None)[source]

Fortios API definition is at https://fndn.fortinet.net Function targeting config management. You pass the data of the part of cmdb you want to be set and the function will try POST and PUT to ensure your modification go through.

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • data – json containing the param/values of the object to be set
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
Returns:

A formatted json with the last response from the API

setoverlayconfig(yamltree, vdom=None)[source]

take a yaml tree with name:

path:
mkey:

structure and recursively set the values. create a copy to only keep the leaf as node (table firewall rules etc Split the tree in 2 yaml objects and iterates) Update the higher level, up to tables as those config parameters may influence which param are allowed in the level 3 table :param yamltree: a yaml formatted string of the differents part of CMDB to be changed :param vdom: (optionnal) default is root, can use vdom=global to swtich to global settings. :return:

static ssh(cmds, host, user, password=None, port=22)[source]

DEPRECATED use paramiko directly. Send a multi line string via ssh to the fortigate

Parameters:
  • cmds – multi line string with the Fortigate config cli
  • host – ip/hostname of the fortigate interface
  • user/password – fortigate admin user and password
  • port – port 22 if not set or a port on which fortigate listen for ssh commands.
Returns:

The output of the console commands and raise exception if failed

tokenlogin(host, apitoken, verify=True, cert=None, timeout=12, vdom='global')[source]

if using apitoken method then login/passwd will be disabled

Parameters:
  • host
  • apitoken
  • verify
  • cert
  • timeout
  • vdom
Returns:

upload(path, name, vdom=None, mkey=None, parameters=None, data=None, files=None)[source]

Upload a file (refer to the monitoring part), used for license, config, certificates etc.. uploads.

Parameters:
  • path – first part of the Fortios API URL like
  • namehttps://myfgt:8040/api/v2/cmdb/<path>/<name>
  • data – json containing the param/values of the object to be set
  • mkey – when the cmdb object have a subtable mkey represent the subobject. It is optionnal at creation the code will find the mkey name for you.
  • vdom – the vdom on which you want to apply config or global for global settings
  • parameters – Add on parameters understood by the API call can be “&select=” for example
  • files – the file to be uploaded
Returns:

A formatted json with the last response from the API

Indices and tables