Hot!Rest API error when creating a firewall policy on a Fortigate 5.4.6

Author
jrodriguez
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/11/21 05:33:08
  • Status: offline
2018/11/21 05:46:22 (permalink) 5.4
0

Rest API error when creating a firewall policy on a Fortigate 5.4.6

Hello,
I'm trying to use the Fortigate REST API to add various objets on our 1500D. It works quite fine except for adding new firewall policies. The firewall throws a 405 error when posting (POST) a request on this API URL (/api/v2/cmdb/firewall/policy/?vdom=VDOMNAME)
Here are the details :
 
JSON request :
{
                'action': 'accept',
                'srcintf':[
                        {
                                'name':'IFNAME02',
                        }
                ],
                'dstintf':[
                        {
                                'name':'IFNAME01',
                        }
                ],
                'srcaddr':[
                        {
                                'name':'all',
                        }
                ],
                'dstaddr':[
                        {
                                'name':'all',
                        }
                ],
                'service':[
                        {
                                'name':'ALL',
                        }
                ],
                'status':'enable',
                'schedule':'always',
                'nat':'disable',
                'logtraffic':'utm',
        }

 
And the error :
405 Method Not Allowed

{



"http_method": "POST",



"status": "error",



"http_status": 405,



"vdom": "VDOMNAME",



"path": "firewall",



"name": "policy",



"action": "accept",



"serial": "FG1K",



"version": "v5.4.6",



"build": 1165



}


 
If I remove the parameter "action" in my JSON data, the policy is created but with a default deny value, which is not what I want.
 
Any ideas ?
 
Regards.
#1

3 Replies Related Threads

    jrodriguez
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/21 05:33:08
    • Status: offline
    Re: Rest API error when creating a firewall policy on a Fortigate 5.4.6 2018/11/22 00:29:47 (permalink)
    0
    Hello,
     
    If it can help someone, I've found the error cause in the FortiOS 5.4 REST API Reference Guide. Here are the explaination from the guide :
     
    Limitation
    If the body data has the same name as some reserved URL parameters, such as name, path, or action, the
    request would fail due to the conflict. For example, firewall policy has 'name' and 'action' attribute which conflict
    with the reserved URL parameter 'name' and 'action'. POST/PUT with normal method would fail with 405 error. A
    workaround is to enclosed all object data in a 'json' keyword so the API can correctly identify object data.
     
    This would work :
    {'json':{'name':"test_policy", 'srcintf': [{"name":"port1"}], 'dstintf': [{"name":"port2"}],'srcaddr': [{"name":"all"}], 'dstaddr': [{"name":"all"}],'action':"accept",'status': "enable",'schedule':"always",'service':[{'name':"ALL"}], 'nat':"disable"}}

     
    Regards. 
    #2
    emnoc
    Expert Member
    • Total Posts : 5108
    • Scores: 318
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Rest API error when creating a firewall policy on a Fortigate 5.4.6 2018/11/22 07:37:49 (permalink)
    0
    That goods new  news and glad you found out the issue. I alway like to get exit policy for the structure and craft the right  json attribute keyvalue and add { POST } items . It can be challenging  modifying items also, so  I would  test the right  syntax when you make modifications. Here's a post on what I just wrote up on my blog, and  forum user contacted me about some API issues a few months and I decided to write a small snippet on it.
     
    http://socpuppet.blogspot...api-to-add-delete.html

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #3
    xxddpac
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/11/28 04:38:57
    • Status: offline
    Re: Rest API error when creating a firewall policy on a Fortigate 5.4.6 2019/02/12 19:15:54 (permalink)
    0
    hi, can show me your python code ?
     
    I creat a address objects return 403 error using rest api 
     
    thanks!!
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5