REST API Deauth a particular user

rpelletier · ‎02-22-2019

I can list all of the authenticated users to my vdom using https://10.40.100.1/api/v2/monitor/user/firewall/?vdom=Students, and I can deauth all of them using

https://10.40.100.1/api/v.../deauth/?vdom=Students

However, how do I deauth only one particular user? Is this possible via the API?

neonbit · ‎02-23-2019

Yes you can deauth a single user. I'd recommend signing up to the fndn (https://fndn.fortinet.net) as it has all the proper documentation and the new version gives sample code. {

"user_type": "string",

"id": "string",

"ip": "string",

"ip_version": "string",

"method": "string",

"all": "string",

"users": "string"

} {

user_typestring

User type [proxy|firewall]. Required for both proxy and firewall users.

idstringUser ID. Required for both proxy and firewall users. ipstringUser IP address. Required for both proxy and firewall users. ip_versionstring

IP version [ip4|ip6]. Only required if user_type is firewall.

methodstring

allstringSet to true to deauthenticate all users. Other parameters will be ignored. usersstringArray of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties.

rpelletier · ‎02-23-2019

Thank you. Found the documentation.

rpelletier · ‎03-07-2019

I have been unable to get this to work either using powershell or PHP. I want to be able to automate deauthenticating users for a system I am building. I will start by giving my powershell example:

$password = Read-Host -assecurestring "Please enter your password"
$password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
$fwaddress = "10.10.40.4"
$postParams = @{username='admin';secretkey=$password}
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/logincheck" -SessionVariable fgtSession -Method POST -Body $postParams
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Accept','application/json')
$headers.Add('Content-Type','application/json')
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/select/?vdom=Students" -WebSession $fgtSession -Method GET

$authUsers = $(ConvertFrom-Json -InputObject $request.Content).results
#$authUsers

$username = 'student@student.domain.edu'

$authUser = $authUsers | where { $_.username -eq $username }

$postParams = @{user_type='firewall';id=$authUser.id;ip=$authUser.ipaddr;method=$authUser.method;ip_version=$authUser.src_type} 
$postParams 
$request = Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/monitor/user/firewall/deauth/?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams

an example of the dataset I am using:

{
"type": "auth_logon",
"username": "student@student.domain.edu",
"usergroup": "Captive Portal",
"id": 0,
"duration": "538 seconds",
"duration_secs": 538,
"auth_type": 3,
"ipaddr": "192.168.147.152",
"src_type": "ip4",
"expiry": "5470 seconds",
"expiry_secs": 5470,
"method": "Firewall"
}

This command returns a 403 HTTP status.

Authentication and retrieval of all the authenticated users works great. Deauthing the single user gives me an error. Any thoughts would be greatly appreciated.

hakim · ‎03-19-2019

Hi, I am having the same problem. Any luck to get this function working properly?

rpelletier · ‎03-27-2019

No luck at all, I am actually thinking it might be because this functionality is paid, but I have not received an answer from our fortinet rep.

Jordan_Thompson_FTNT · ‎03-27-2019

rpelletier wrote:
No luck at all, I am actually thinking it might be because this functionality is paid, but I have not received an answer from our fortinet rep.

Please try with the HTTP body in the following format:

{"users": [...]}

Where [...] is a list of users that you'd like to deauthenticate. The "id=0" in your standalone user example is also a problem. This will be ignored.

Can you include httpsd debug output during the request? "diag debug app httpsd -1"

rpelletier · ‎04-12-2019

My apologies, I had not seen that anyone had replied.

I ran the test, but I do not see any output from the debug command. I have also been trying this command which should be more straightforward and I am having the same errors.

$ip = '192.168.144.31'
$name = 'Test1'
$address = $ip + " 255.255.255.255"
$postParams = @{name=$name;type='ipmask';subnet=$address}

 

Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/cmdb/firewall/address?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams

again, there is not output from the debug command

alagoutte · ‎05-06-2019

rpelletier wrote:
My apologies, I had not seen that anyone had replied.
I ran the test, but I do not see any output from the debug command. I have also been trying this command which should be more straightforward and I am having the same errors.
$ip = '192.168.144.31'
$name = 'Test1'
$address = $ip + " 255.255.255.255"
$postParams = @{name=$name;type='ipmask';subnet=$address}

 

Invoke-WebRequest -Headers $headers -Uri "https://$fwaddress/api/v2/cmdb/firewall/address?vdom=Students" -WebSession $fgtSession -Method POST -Body $postParams
again, there is not output from the debug command

Hi,

You can look PowerFGT there is already support of Address

rpelletier · ‎05-07-2019

Thank you, this is an amazing project. We use VDOMs, which the functions do not natuvely supprt yet, but I went ahead and added them mysqlf and was able to add an addresses. I am going to work on seeing if I can build a function to deauth using starting from this great project. Thanks.