Use this Python script from the command-line to get started with the FortiOS REST API for some simple object management.
This tool allows you to create, delete, edit or retrieve objects via the REST API and presents the result in the native JSON format as output on the console.
The tool also allows you to copy objects/tables from one VDOM to
another via the copy
option.
- Linux or Windows (with Python)
- FortiOS 5.4+
- Python 2 or 3
- Pip
Download
fgttool.py
Make sure python module requests is installed
$ pip list | grep requests requests 2.23.0
If not installed:
$ pip install requests
This version supports some basic commands as following:
python fgttool.py
usage: fgttool.py [-h] [--ip [IP]] [--port [PORT]] [--login [LOGIN]] [--password [PASSWORD]] [-v] [-d] [--version] {get,delete,create,edit,copy} ...
Python tool to interact with FGT via rest api
optional arguments:
-h, --help show this help message and exit
--ip [IP], -i [IP] FortiGate IP
--port [PORT] FortiGate port
--login [LOGIN], -l [LOGIN]
FortiGate login
--password [PASSWORD], -p [PASSWORD]
FortiGate password
-v, --verbose increase output verbosity
-d, --dryrun dryrun the command without committing any changes
--version show version number and exit
commands:
{get,delete,create,edit,copy}
get get object or table
delete delete object or table
create create object
edit edit object
copy copy object or table from one vdom to another including referenced objects
0.3.3
- Thanks to Matthew James (mattjames@fortinet.com), reworked command line arguments logic for handling the password.
- added
--port
to pass the FortiGate TLS/SSL port. Can be overridden by setting variablefgt_port
in filefgttool.py
.
0.3.2
New command line options:
--ip
,--login
and--password
to enter the FortiGate IP address, the administrator's credentials respectively.. notes:: - You can still open the ``fgttool.py`` file and edit the variables ``fgt_ip``, ``fgt_login``, ``fgt_password``. - If you want to be prompted to enter a password, set variable ``fgt_password`` to ``None``. - In any cases, the values provided at command line will prevail.
To get list of firewall addresses from VDOM
root
$ python fgttool.py get firewall/address --vdom root
By default
fgttool.py
will consider VDOMroot
; so you can omit the--vdom root
arguments.This command will produce same output as previous one:
$ python fgttool.py get firewall/address
To get a specific firewall address
To get the firewall address
all
:$ python fgttool.py get firewall/address/all
To get the list of VDOMs
$ python fgttool.py get system/vdom
To get a specific firewall address group
$ python fgttool.py get firewall/addrgrp/GRP_001
To get members of a firewall address group
To get the members of the firewall address group
GRP_001
:$ python fgttool.py get firewall/addrgrp/GRP_001/member
To add a new member in a firewall address group
To add firewall address
HOST_005
as a new member of firewall address groupGRP_001
:$ python fgttool.py create firewall/addrgrp/GRP_001/member --data '{"name": "HOST_005"}'
.. notes:: - Object ``HOST_001`` has to exist. - Existing members will be preserved, object ``HOST_005`` is just added to the current members list. - The argument of the ``--data`` command line argument must be JSON formatted.
To delete an existing member from a firewall address group
To delete firewall address
HOST_005
from firewall address groupGRP_001
:$ python fgttool.py delete firewall/addrgrp/GRP_001/member/HOST_005
To get list of firewall services
$ python fgttool.py get firewall.service/custom
.. notes:: - Note the usage of the ``.`` when the table we want to reach (here ``custom``) is deeper than two levels.
To update an existing firewall service
To change the port number and the comment of an existing service:
$ python fgttool.py edit firewall.service/custom/tcp_11112 --data '{"tcp-portrange": 8888, "comment": "something"}'
To rename an existing firewall service
$ python fgttool.py edit firewall.service/custom/tcp_11112 --data '{"name": "tcp_8888"}'
To copy an object/table between vdoms
To copy firewall address group
GRP_001
(and recursively all its referenced members, including sub groups) from vdomvdom1
to vdomvdom2
:$ python fgttool.py copy firewall/addrgrp/GRP_001 vdom1 vdom2
To copy all firewall vips from vdom1 to vdom2
$ python fgttool.py copy firewall/vip vdom1 vdom2