FortiManager

FortiManager is a single console central management system that manages Fortinet Devices. This integration was integrated and tested with version 6.2.2 of FortiManager

Required Permissions

Following are the required permissions for the integration commands:

SettingMinimal Requirement
device-managerRead-Only
global-policy-packagesRead-Write
adom-policy-packagesRead-Write
deploy-managementRead-Write

The eligible predefined administrator profiles are: Super User, Standard User, and Package User. For more information about administrator permissions see the FortiManager documentation.

Configure FortiManager on Cortex XSOAR

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for FortiManager.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlServer URLTrue
credentialsUsernameTrue
adomThe instance ADOMTrue
insecureTrust any certificate (not secure)False
proxyUse system proxy settingsFalse
  1. Click Test to validate the URLs, token, and connection.

Commands

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

fortimanager-devices-list


List all devices in the ADOM instance.

Base Command

fortimanager-devices-list

Input

Argument NameDescriptionRequired
adomThe FortiManager Administrative Domain (ADOM) from which to fetch the devices. Leave empty to use the instance ADOM.Optional
deviceThe name of a specific device to get. If not specified, will get all devices.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitUntil which index to get the list. Default is 50.Optional

Context Output

PathTypeDescription
FortiManager.Device.adm_passStringThe ADOM password.
FortiManager.Device.adm_usrStringThe ADOM user.
FortiManager.Device.app_verStringThe app version of the device.
FortiManager.Device.av_verStringThe antivirus version of the device.
FortiManager.Device.betaNumberThe beta version of the device.
FortiManager.Device.branch_ptNumberThe branch point of the device.
FortiManager.Device.buildNumberThe build of the device.
FortiManager.Device.checksumStringThe checksum of the device.
FortiManager.Device.conf_statusStringThe configuration status of the device.
FortiManager.Device.conn_modeStringThe connection mode of the device.
FortiManager.Device.conn_statusStringThe connection status of the device.
FortiManager.Device.db_statusStringThe database status of the device.
FortiManager.Device.descStringThe description of the device.
FortiManager.Device.dev_statusStringThe status of the device.
FortiManager.Device.fap_cntNumberThe FortiManager access point count.
FortiManager.Device.faz.full_actNumberFull act.
FortiManager.Device.faz.permNumberPerm.
FortiManager.Device.faz.quotaNumberQuota.
FortiManager.Device.faz.usedNumberUsed.
FortiManager.Device.fex_cntNumberFex count.
FortiManager.Device.flagsStringFlags.
FortiManager.Device.foslic_cpuNumberFoslic CPU.
FortiManager.Device.foslic_dr_siteStringFoslic dr site.
FortiManager.Device.foslic_inst_timeNumberFoslic inst time.
FortiManager.Device.foslic_last_syncNumberFoslic last sync.
FortiManager.Device.foslic_ramNumberFoslic RAM.
FortiManager.Device.foslic_typeStringFoslic type.
FortiManager.Device.foslic_utmStringFoslic UTM.
FortiManager.Device.fsw_cntNumberFSW count.
FortiManager.Device.ha_group_idNumberHA group ID.
FortiManager.Device.ha_group_nameStringHA group name.
FortiManager.Device.ha_modeStringHA mode.
FortiManager.Device.hdisk_sizeNumberHard disk size.
FortiManager.Device.hostnameStringHostname.
FortiManager.Device.hw_rev_majorNumberHardware major revision number.
FortiManager.Device.hw_rev_minorNumberHardware minor revision number.
FortiManager.Device.ipStringDevice IP.
FortiManager.Device.ips_extNumberExternal IP.
FortiManager.Device.ips_verStringIP version.
FortiManager.Device.last_checkedNumberLast checked.
FortiManager.Device.last_resyncNumberLast resync.
FortiManager.Device.latitudeStringLatitude.
FortiManager.Device.lic_flagsNumberLicense flags.
FortiManager.Device.lic_regionStringLicense region.
FortiManager.Device.location_fromStringLocation from.
FortiManager.Device.logdisk_sizeNumberLog disk size.
FortiManager.Device.longitudeStringLongitude.
FortiManager.Device.maxvdomNumberMaximum VDOM.
FortiManager.Device.meta_fieldsStringMeta fields.
FortiManager.Device.mgmt_idNumberManagement ID.
FortiManager.Device.mgmt_ifStringManagement IF.
FortiManager.Device.mgmt_modeStringManagement mode.
FortiManager.Device.mgt_vdomStringManagement VDOM.
FortiManager.Device.module_snStringModule serial number.
FortiManager.Device.mrNumberMr.
FortiManager.Device.nameStringDevice name.
FortiManager.Device.os_typeStringDevice operating system type.
FortiManager.Device.os_verStringDevice operating system version.
FortiManager.Device.patchNumberPatch.
FortiManager.Device.platform_strStringPlatform string.
FortiManager.Device.prefer_img_verStringPrefer image version.
FortiManager.Device.prioNumberPrio.
FortiManager.Device.pskStringPSK.
FortiManager.Device.roleStringDevice role.
FortiManager.Device.snStringSerial number.
FortiManager.Device.vdom.commentsStringVDOM comments.
FortiManager.Device.vdom.nameStringVDOM name.
FortiManager.Device.vdom.opmodeStringVDOM opmode.
FortiManager.Device.vdom.rtm_prof_idNumberVDOM rtm prof ID.
FortiManager.Device.vdom.statusStringVDOM status.
FortiManager.Device.vdom.vpn_idNumberVDOM VPN ID.
FortiManager.Device.versionNumberDevice version.
FortiManager.Device.vm_cpuNumberVM CPU.
FortiManager.Device.vm_cpu_limitNumberVM CPU limit.
FortiManager.Device.vm_lic_expireNumberVM license expiration.
FortiManager.Device.vm_memNumberVM memory.
FortiManager.Device.vm_mem_limitNumberVM memory limit.
FortiManager.Device.vm_statusNumberVM status.

Command Example

!fortimanager-devices-list offset=1 limit=2

Context Example

{
"FortiManager": {
"Device": [
{
"adm_pass": [
"ENC",
"MMM"
],
"adm_usr": "",
"app_ver": "",
"av_ver": "",
"beta": -1,
"branch_pt": 4271,
"build": 4148,
"checksum": "",
"conf_status": 0,
"conn_mode": 0,
"conn_status": 0,
"db_status": 2,
"desc": "",
"dev_status": 0,
"fap_cnt": 0,
"faz.full_act": 0,
"faz.perm": 15,
"faz.quota": 0,
"faz.used": 0,
"fex_cnt": 0,
"flags": 2,
"foslic_cpu": 0,
"foslic_dr_site": 0,
"foslic_inst_time": 0,
"foslic_last_sync": 0,
"foslic_ram": 0,
"foslic_type": 0,
"foslic_utm": 0,
"fsw_cnt": 0,
"ha_group_id": 0,
"ha_group_name": "",
"ha_mode": 0,
"ha_slave": null,
"hdisk_size": 0,
"hostname": "",
"hw_rev_major": 0,
"hw_rev_minor": 0,
"ip": "1.2.3.4",
"ips_ext": 0,
"ips_ver": "",
"last_checked": 0,
"last_resync": 0,
"latitude": "0.0",
"lic_flags": 0,
"lic_region": "",
"location_from": null,
"logdisk_size": 0,
"longitude": "0.0",
"maxvdom": 500,
"mgmt.__data[0]": 0,
"mgmt.__data[1]": 0,
"mgmt.__data[2]": 0,
"mgmt.__data[3]": 0,
"mgmt.__data[4]": 0,
"mgmt.__data[5]": 0,
"mgmt.__data[6]": 0,
"mgmt.__data[7]": 0,
"mgmt_id": 2104064363,
"mgmt_if": "",
"mgmt_mode": 2,
"mgt_vdom": "",
"module_sn": null,
"mr": 6,
"name": "device_name",
"node_flags": 0,
"oid": 156,
"opts": 0,
"os_type": 0,
"os_ver": 5,
"patch": 6,
"platform_str": "Fortigate-6000F",
"prefer_img_ver": null,
"psk": "",
"sn": "device_name",
"source": 2,
"tab_status": "",
"tunnel_cookie": "",
"tunnel_ip": "",
"vdom": [
{
"comments": null,
"devid": "device_name",
"ext_flags": 1,
"flags": 0,
"name": "root",
"node_flags": 0,
"oid": 3,
"opmode": 1,
"rtm_prof_id": 0,
"status": null,
"tab_status": null,
"vpn_id": 0
},
{
"comments": null,
"devid": "device_name",
"ext_flags": 0,
"flags": 0,
"name": "mgmt-vdom",
"node_flags": 0,
"oid": 101,
"opmode": 1,
"rtm_prof_id": 0,
"status": null,
"tab_status": null,
"vpn_id": 0
}
],
"version": 500,
"vm_cpu": 0,
"vm_cpu_limit": 0,
"vm_lic_expire": 0,
"vm_mem": 0,
"vm_mem_limit": 0,
"vm_status": 0
}
]
}
}

Human Readable Output

ADOM adom/root Devices

NameIpHostnameOs TypeAdm UsrVdomHa Mode
device_name1.2.3.40root, mgmt-vdom0
Another_device2.3.4.5Another_device4adminroot0

fortimanager-device-groups-list


List ADOM device groups.

Base Command

fortimanager-device-groups-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the device groups. Leave empty to use the instance ADOM.Optional
groupThe name of a device group to fetch. If not specified, will get all device groups.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitUntil which index to get the list. Default is 50.Optional

Context Output

PathTypeDescription
FortiManager.DeviceGroup.descStringDescription.
FortiManager.DeviceGroup.meta_fieldsStringDevice group meta fields.
FortiManager.DeviceGroup.nameStringDevice group name.
FortiManager.DeviceGroup.os_typeStringDevice group operating system type.
FortiManager.DeviceGroup.typeStringDevice group type.

Command Example

!fortimanager-device-groups-list offset=1 limit=2

Context Example

{
"FortiManager": {
"DeviceGroup": [
{
"desc": "",
"name": "All_FortiAnalyzer",
"oid": 253,
"os_type": 4,
"type": 1
},
{
"desc": "",
"name": "All_FortiGate",
"oid": 101,
"os_type": 0,
"type": 1
}
]
}
}

Human Readable Output

ADOM adom/root Device Groups

NameTypeOs Type
All_FortiAnalyzer14
All_FortiGate10

fortimanager-address-list


List ADOM firewall IPv4 addresses.

Base Command

fortimanager-address-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the addresses. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional
addressThe name of a specific address to fetch. If not specified, will get all addresses.Optional

Context Output

PathTypeDescription
FortiManager.Address._image-base64StringBase64 of the address image.
FortiManager.Address.allow-routingStringEnable/disable use of this address in the static route configuration.
FortiManager.Address.associated-interfaceStringNetwork interface associated with address.
FortiManager.Address.cache-ttlNumberDefines the minimal TTL of individual IP addresses in FQDN cache measured in seconds.
FortiManager.Address.colorNumberThe color of the icon in the GUI.
FortiManager.Address.commentStringThe comments attached to the address.
FortiManager.Address.countryStringThe IP addresses associated with a specific country.
FortiManager.Address.dynamic_mappingStringThe address dynamic mapping information.
FortiManager.Address.end-ipStringThe final IP address (inclusive) in the range for the address.
FortiManager.Address.epg-nameStringThe endpoint group name.
FortiManager.Address.filterStringThe match criteria filter.
FortiManager.Address.fqdnStringThe fully qualified domain name (fqdn) address.
FortiManager.Address.list.ipStringThe IP list associated with the address.
FortiManager.Address.nameStringThe address name.
FortiManager.Address.obj-idStringThe object ID for NSX.
FortiManager.Address.organizationStringThe organization domain name (Syntax: organization/domain).
FortiManager.Address.policy-groupStringThe policy group name.
FortiManager.Address.sdnStringThe software defined networking (SDN).
FortiManager.Address.sdn-tagStringThe software defined networking (SDN) tag.
FortiManager.Address.start-ipStringThe first IP address (inclusive) in the range for the address.
FortiManager.Address.subnetStringThe IP address and subnet mask of address.
FortiManager.Address.subnet-nameStringThe subnet name.
FortiManager.Address.tagging.categoryStringThe tag category.
FortiManager.Address.tagging.nameStringThe tagging entry name.
FortiManager.Address.tagging.tagsStringThe tags.
FortiManager.Address.tenantStringThe tenant.
FortiManager.Address.typeStringThe type of address.
FortiManager.Address.uuidStringUniversally Unique Identifier (UUID). This is automatically assigned but can be manually reset.
FortiManager.Address.visibilityStringEnable/disable address visibility in the GUI.
FortiManager.Address.wildcardStringThe IP address and wildcard netmask.
FortiManager.Address.wildcard-fqdnStringThe fully qualified domain name (fqdn) with wildcard characters.

Command Example

!fortimanager-address-list offset=1 limit=2

Context Example

{
"FortiManager": {
"Address": [
{
"associated-interface": [
"any"
],
"clearpass-spt": 0,
"color": 0,
"dynamic_mapping": null,
"end-ip": "1.2.3.4",
"end-mac": "00:00:00:00:00:00",
"list": null,
"name": "FAC-SAML",
"sdn-addr-type": 0,
"start-ip": "2.3.4.5",
"start-mac": "00:00:00:00:00:00",
"tagging": null,
"type": 1,
"uuid": "Some-ID",
"visibility": 1
},
{
"allow-routing": 0,
"associated-interface": [
"any"
],
"clearpass-spt": 0,
"color": 0,
"dynamic_mapping": null,
"end-mac": "00:00:00:00:00:00",
"list": null,
"name": "FIREWALL_AUTH_PORTAL_ADDRESS",
"sdn-addr-type": 0,
"start-mac": "00:00:00:00:00:00",
"subnet": [
"0.0.0.0",
"0.0.0.0"
],
"tagging": null,
"type": 0,
"uuid": "Some-ID",
"visibility": 0
}
]
}
}

Human Readable Output

Firewall IPv4 Addresses

NameTypeSubnetStart-ipEnd-ip
FAC-SAML11.2.3.42.3.4.5
FIREWALL_AUTH_PORTAL_ADDRESS00.0.0.0,
0.0.0.0

fortimanager-address-create


Add a new IPv4 address.

Base Command

fortimanager-address-create

Input

Argument NameDescriptionRequired
adomThe ADOM on which to create the address. Leave empty to use the instance ADOM.Optional
nameThe address name.Required
typeThe type of address. Possible values are: "ipmask", "iprange", "fqdn", "wildcard", "geography", "wildcard-fqdn", and "dynamic".Required
policy_groupPolicy group name.Optional
commentA comment to add to the address.Optional
associated_interfaceThe network interface associated with the address.Optional
fqdnThe fully qualified domain name (fqdn) address. Required for fqdn address type.Optional
start_ipFirst IP address (inclusive) in the range for the address. Required for iprange address type.Optional
end_ipFinal IP address (inclusive) in the range for the address. Required for iprange address type.Optional
subnetIP address and subnet mask of address. Required for ipmask address type.Optional
subnet_nameThe subnet nameOptional
sdnThe address SDN. Required for dynamic address type. Possible values are: "aci", "aws", "nsx", "nuage", and "azure".Optional
wildcardIP address and wildcard netmask. Required for wildcard address type.Optional
wildcard_fqdnThe fully qualified domain name (fqdn) with wildcard characters. Required for wildcard-fqdn address type.Optional
countryThe two letter abbreviation representing a country associated with an IP address (for example: "us"). Required for geography address type.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-address-create name=new_address type=iprange start_ip=1.2.3.4 end_ip=2.3.4.5

Human Readable Output

Created new Address new_address

fortimanager-address-update


Add a new IPv4 address.

Base Command

fortimanager-address-update

Input

Argument NameDescriptionRequired
adomThe ADOM on which to update the address. Leave empty to use the instance ADOM.Optional
nameThe address name.Required
typeType of address. Possible values are: "ipmask", "iprange", "fqdn", "wildcard", "geography", "wildcard-fqdn", and "dynamic".Optional
policy_groupPolicy group name.Optional
commentA comment to add to the address.Optional
associated_interfaceNetwork interface associated with address.Optional
fqdnThe fully qualified domain name (fqdn) address. Required for fqdn address type.Optional
start_ipFirst IP address (inclusive) in the range for the address. Required for iprange address type.Optional
end_ipFinal IP address (inclusive) in the range for the address. Required for iprange address type.Optional
subnetIP address and subnet mask of address. Required for ipmask address type.Optional
subnet_nameThe subnet nameOptional
sdnThe address SDN. Required for dynamic address type. Possible values are: "aci", "aws", "nsx", "nuage", and "azure".Optional
wildcardIP address and wildcard netmask. Required for wildcard address type.Optional
wildcard_fqdnThe fully qualified domain name (fqdn) with wildcard characters. Required for wildcard-fqdn address type.Optional
countryThe two letter abbreviation representing a country associated with an IP address (for example: "us"). Required for geography address type.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-address-update name=new_address end_ip=3.3.3.3

Human Readable Output

Updated Address new_address

fortimanager-address-delete


Delete an address.

Base Command

fortimanager-address-delete

Input

Argument NameDescriptionRequired
adomThe ADOM from which to delete the address. Leave empty to use the default integration ADOM.Optional
addressThe address to delete.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-address-delete address=new_address

Human Readable Output

Deleted Address new_address

fortimanager-address-group-list


List ADOM IPv4 address groups.

Base Command

fortimanager-address-group-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the address groups. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional
address_groupName for a specific address group to fetch. If not specified, will get all address groups.Optional

Context Output

PathTypeDescription
FortiManager.AddressGroup._image-base64StringBase64 of the address group image.
FortiManager.AddressGroup.allow-routingStringEnable/disable use of this group in the static route configuration.
FortiManager.AddressGroup.colorNumberThe color of the icon in the GUI.
FortiManager.AddressGroup.commentStringThe comment about the address group.
FortiManager.AddressGroup.dynamic_mapping._image-base64StringThe address group dynamic mapping base64 image.
FortiManager.AddressGroup.dynamic_mapping._scope.nameStringThe address group dynamic mapping scope name.
FortiManager.AddressGroup.dynamic_mapping._scope.vdomStringThe address group dynamic mapping scope VDOM.
FortiManager.AddressGroup.dynamic_mapping.allow-routingStringEnable/disable use of this dynamic mapping in the static route configuration.
FortiManager.AddressGroup.dynamic_mapping.colorNumberThe color of the icon in the GUI.
FortiManager.AddressGroup.dynamic_mapping.commentStringThe comment about the address group dynamic mapping.
FortiManager.AddressGroup.dynamic_mapping.excludeStringWhether to enable or disable the exclusion of the dynamic mapping.
FortiManager.AddressGroup.dynamic_mapping.exclude-memberStringThe exclude member.
FortiManager.AddressGroup.dynamic_mapping.global-objectNumberThe global object.
FortiManager.AddressGroup.dynamic_mapping.memberStringThe address group dynamic mapping member.
FortiManager.AddressGroup.dynamic_mapping.tagsStringThe address group dynamic mapping tags.
FortiManager.AddressGroup.dynamic_mapping.typeStringThe address group dynamic mapping type.
FortiManager.AddressGroup.dynamic_mapping.uuidStringThe address group dynamic mapping UUID.
FortiManager.AddressGroup.dynamic_mapping.visibilityStringThe address group dynamic mapping visibility.
FortiManager.AddressGroup.memberStringThe address objects contained within the group.
FortiManager.AddressGroup.nameStringThe address group name.
FortiManager.AddressGroup.tagging.categoryStringThe tag category.
FortiManager.AddressGroup.tagging.nameStringThe tagging entry name.
FortiManager.AddressGroup.tagging.tagsStringThe tags.
FortiManager.AddressGroup.uuidStringUniversally Unique Identifier (UUID). This is automatically assigned but can be manually reset.
FortiManager.AddressGroup.visibilityStringEnable/disable address visibility in the GUI.

Command Example

!fortimanager-address-group-list offset=1 limit=2

Context Example

{
"FortiManager": {
"AddressGroup": [
{
"allow-routing": 0,
"color": 0,
"dynamic_mapping": null,
"exclude": 0,
"exclude-member": [],
"member": [
"address1",
"address2",
],
"name": "my_address_group",
"tagging": null,
"uuid": "Some-ID",
"visibility": 1
},
{
"allow-routing": 1,
"color": 0,
"comment": "VPN: To-600E (Created by VPN wizard)",
"dynamic_mapping": null,
"exclude": 0,
"exclude-member": [],
"member": [
"some_address"
],
"name": "another_address_group",
"tagging": null,
"uuid": "Some-ID",
"visibility": 1
}
]
}
}

Human Readable Output

Firewall IPv4 Address Groups

NameMemberAllow-routing
my_address_groupaddress1,
address2
0
another_address_groupsome_address1

fortimanager-address-group-create


Create a new address group.

Base Command

fortimanager-address-group-create

Input

Argument NameDescriptionRequired
adomThe ADOM on which to create the address group. Leave empty to use the instance ADOM.Optional
nameAddress group name.Required
memberA comma-separated list of the address or address group objects contained within the group.Required
commentA comment about the address group.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-address-group-create name=new_address_group member=new_address,my_address2

Human Readable Output

Created new Address Group new_address_group

fortimanager-address-group-update


Create a new address group.

Base Command

fortimanager-address-group-update

Input

Argument NameDescriptionRequired
adomThe ADOM on which to update the address group. Leave empty to use the instance ADOM.Optional
nameAddress group name.Required
memberA comma-separated list of the address or address group objects contained within the group.Optional
commentA comment about the address group.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-address-group-update name=new_address_group member=new_address

Human Readable Output

Updated Address Group new_address_group

fortimanager-address-group-delete


Delete an address group.

Base Command

fortimanager-address-group-delete

Input

Argument NameDescriptionRequired
adomThe ADOM from which to delete the address group. Leave empty to use the default integration ADOM.Optional
address_groupThe address group to delete.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-address-group-delete address_group=new_address_group

Human Readable Output

Deleted Address Group new_address_group

fortimanager-service-categories-list


List the ADOM service categories.

Base Command

fortimanager-service-categories-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the service categories. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional
service_categoryName of a specific category to fetch. If not specified, will get all service groups.Optional

Context Output

PathTypeDescription
FortiManager.ServiceCategory.commentStringComment.
FortiManager.ServiceCategory.nameStringService category name.

Command Example

!fortimanager-service-categories-list offset=1 limit=2

Context Example

{
"FortiManager": {
"ServiceCategory": [
{
"comment": "Web access.",
"name": "Web Access",
"obj seq": 2
},
{
"comment": "File access.",
"name": "File Access",
"obj seq": 3
}
]
}
}

Human Readable Output

Service Categories

NameComment
Web AccessWeb access.
File AccessFile access.

fortimanager-service-group-list


List ADOM service groups.

Base Command

fortimanager-service-group-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the service groups. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional
service_groupName of a specific service group to fetch. If not specified, will get all service groups.Optional

Context Output

PathTypeDescription
FortiManager.ServiceGroup.colorNumberThe color of the icon in the GUI.
FortiManager.ServiceGroup.commentStringComment.
FortiManager.ServiceGroup.memberStringThe service objects contained within the group.
FortiManager.ServiceGroup.nameStringThe address group name.
FortiManager.ServiceGroup.proxyStringEnable/disable web proxy service group.

Command Example

!fortimanager-service-group-list offset=1 limit=2

Context Example

{
"FortiManager": {
"ServiceGroup": [
{
"color": 0,
"member": [
"DNS",
"HTTP",
"HTTPS"
],
"name": "Web Access",
"proxy": 0
},
{
"color": 0,
"member": [
"DCE-RPC",
"DNS",
"KERBEROS",
"LDAP",
"LDAP_UDP",
"SAMBA",
"SMB"
],
"name": "Windows AD",
"proxy": 0
}
]
}
}

Human Readable Output

Service Groups

NameMemberProxy
Web AccessDNS,
HTTP,
HTTPS
0
Windows ADDCE-RPC,
DNS,
KERBEROS,
LDAP,
LDAP_UDP,
SAMBA,
SMB
0

fortimanager-service-group-create


Creates a new service group.

Base Command

fortimanager-service-group-create

Input

Argument NameDescriptionRequired
adomThe ADOM on which to create the service group. Leave empty to use the instance ADOM.Optional
commentA comment.Optional
nameThe created service group name.Required
proxyEnable/disable a web proxy service group.Optional
memberA comma-separated list of service objects to be contained within the group.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-service-group-create member=new_service name=new_service_group

Human Readable Output

Created new Service Group new_service_group

fortimanager-service-group-update


Create a new service group.

Base Command

fortimanager-service-group-update

Input

Argument NameDescriptionRequired
adomThe ADOM on which to update the service group. Leave empty to use the instance ADOM.Optional
commentA comment.Optional
nameThe created service group name.Required
proxyEnable/disable a web proxy service group.Optional
memberA comma-sperated list of service objects to be contained within the group.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-service-group-update name=new_service_group proxy=disable

Human Readable Output

Updated Service Group new_service_group

fortimanager-service-group-delete


Delete a service group

Base Command

fortimanager-service-group-delete

Input

Argument NameDescriptionRequired
adomThe ADOM from which to delete the service group. Leave empty to use the default integration ADOM.Optional
service_groupThe service group to delete.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-service-group-delete service_group=new_service_group

Human Readable Output

Deleted Service Group new_service_group

fortimanager-custom-service-list


List the custom services.

Base Command

fortimanager-custom-service-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the custom service. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional
custom_serviceName of a specific custom service to fetch. If not specified, will get all custom services.Optional

Context Output

PathTypeDescription
FortiManager.CustomService.app-categoryNumberApplication category ID.
FortiManager.CustomService.app-service-typeStringApplication service type.
FortiManager.CustomService.applicationNumberApplication ID.
FortiManager.CustomService.categoryStringService category.
FortiManager.CustomService.check-reset-rangeStringConfigure the type of ICMP error message verification.
FortiManager.CustomService.colorNumberColor of icon in the GUI.
FortiManager.CustomService.commentStringComment.
FortiManager.CustomService.fqdnStringFully qualified domain (fqdn) name.
FortiManager.CustomService.helperStringHelper name.
FortiManager.CustomService.icmpcodeNumberICMP code.
FortiManager.CustomService.icmptypeNumberICMP type.
FortiManager.CustomService.iprangeStringStart and end of the IP range associated with service.
FortiManager.CustomService.nameStringCustom service name.
FortiManager.CustomService.protocolStringProtocol type based on IANA numbers.
FortiManager.CustomService.protocol-numberNumberIP protocol number.
FortiManager.CustomService.proxyStringEnable/disable a web proxy service.
FortiManager.CustomService.sctp-portrangeStringMultiple SCTP port ranges.
FortiManager.CustomService.session-ttlNumberSession TTL (300 - 604800. Default is 0.).
FortiManager.CustomService.tcp-halfclose-timerNumberWait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec. Default is 0.).
FortiManager.CustomService.tcp-halfopen-timerNumberWait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec. Default is 0.).
FortiManager.CustomService.tcp-portrangeStringMultiple TCP port ranges.
FortiManager.CustomService.tcp-timewait-timerNumberSet the length of the TCP TIME-WAIT state in seconds (1 - 300 sec. Default is 0.).
FortiManager.CustomService.udp-idle-timerNumberUDP half close timeout (0 - 86400 sec. Default is 0.).
FortiManager.CustomService.udp-portrangeStringMultiple UDP port ranges.
FortiManager.CustomService.visibilityStringEnable/disable the visibility of the service in the GUI.

Command Example

!fortimanager-custom-service-list offset=1 limit=2

Context Example

{
"FortiManager": {
"CustomService": [
{
"app-category": [],
"app-service-type": 0,
"application": [],
"category": [
"General"
],
"check-reset-range": 3,
"color": 0,
"helper": 1,
"iprange": "0.0.0.0",
"name": "ALL_TCP",
"obj seq": 2,
"protocol": 5,
"proxy": 0,
"sctp-portrange": [],
"session-ttl": 0,
"tcp-halfclose-timer": 0,
"tcp-halfopen-timer": 0,
"tcp-portrange": [
"1-65535"
],
"tcp-timewait-timer": 0,
"udp-idle-timer": 0,
"udp-portrange": [],
"visibility": 1
},
{
"app-category": [],
"app-service-type": 0,
"application": [],
"category": [
"General"
],
"check-reset-range": 3,
"color": 0,
"helper": 1,
"iprange": "0.0.0.0",
"name": "ALL_UDP",
"obj seq": 3,
"protocol": 5,
"proxy": 0,
"sctp-portrange": [],
"session-ttl": 0,
"tcp-halfclose-timer": 0,
"tcp-halfopen-timer": 0,
"tcp-portrange": [],
"tcp-timewait-timer": 0,
"udp-idle-timer": 0,
"udp-portrange": [
"1-65535"
],
"visibility": 1
}
]
}
}

Human Readable Output

Custom Services

NameCategoryProtocolIprange
ALL_TCPGeneral50.0.0.0
ALL_UDPGeneral50.0.0.0

fortimanager-custom-service-create


Create a new custom service.

Base Command

fortimanager-custom-service-create

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the custom service. Leave empty to use the instance ADOM.Optional
nameThe name of the new custom service.Required
app_categoryApplication category ID.Optional
app_service_typeApplication service type. Possible values are: "app-id", "disable", and "app-category". Default is "disable".Optional
applicationThe application ID.Optional
categoryThe service category.Optional
check_reset_rangeConfigure the type of ICMP error message verification. Possible values are: "disable", "default", and "strict".Optional
commentA comment.Optional
fqdnFully qualified domain name (fqdn).Optional
helperHelper name.Optional
icmpcodeICMP code.Optional
icmptypeICMP type.Optional
iprangeStart and end of the IP range associated with the service.Optional
protocolProtocol type based on IANA numbers. Possible values are: "ICMP", "IP", "TCP/UDP/SCTP", "ICMP6", "HTTP", "FTP", "CONNECT", "SOCKS", "ALL", "SOCKS-TCP", and "SOCKS-UDP".Optional
proxyEnable/disable a web proxy service.Optional
sctp_portrangeMultiple SCTP port ranges.Optional
session_ttlSession TTL in the range of 300 - 604800. Default is 0.Optional
tcp_halfclose_timerWait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec). Default is 0.Optional
tcp_halfopen_timerWait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec). Default is 0.Optional
tcp_portrangeMultiple TCP port ranges.Optional
tcp_timewait_timerSet the length of the TCP TIME-WAIT state in seconds (1 - 300 sec). Default is 0.Optional
udp_idle_timerUDP half close timeout (0 - 86400 sec). Default is 0.Optional
udp_portrangeMultiple UDP port ranges.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-custom-service-create name=new_service fqdn=demisto.com

Human Readable Output

Created new Custom Service new_service

fortimanager-custom-service-update


Update a custom service.

Base Command

fortimanager-custom-service-update

Input

Argument NameDescriptionRequired
adomThe ADOM in which to update the custom service. Leave empty to use the instance ADOM.Optional
nameThe name of the new custom service.Required
app_categoryApplication category ID.Optional
app_service_typeApplication service type. Possible values are: "app-id", "disable", and "app-category". Default is "disable".Optional
applicationThe application ID.Optional
categoryThe service category.Optional
check_reset_rangeConfigure the type of ICMP error message verification. Possible values are: "disable", "default", and "strict".Optional
commentA comment.Optional
fqdnFully qualified domain name (fqdn).Optional
helperHelper name.Optional
icmpcodeICMP code.Optional
icmptypeICMP type.Optional
iprangeStart and end of the IP range associated with service.Optional
protocolProtocol type based on IANA numbers. Possible values are: "ICMP", "IP", "TCP/UDP/SCTP", "ICMP6", "HTTP", "FTP", "CONNECT", "SOCKS", "ALL", "SOCKS-TCP", and "SOCKS-UDP".Optional
proxyEnable/disable a web proxy service.Optional
sctp_portrangeMultiple SCTP port ranges.Optional
session_ttlSession TTL in the range of 300 - 604800. Default is 0.Optional
tcp_halfclose_timerWait time to close a TCP session waiting for an unanswered FIN packet (1 - 86400 sec). Default is 0.Optional
tcp_halfopen_timerWait time to close a TCP session waiting for an unanswered open session packet (1 - 86400 sec). Default is 0.Optional
tcp_portrangeMultiple TCP port ranges.Optional
tcp_timewait_timerSet the length of the TCP TIME-WAIT state in seconds (1 - 300 sec). Default is 0.Optional
udp_idle_timerUDP half close timeout (0 - 86400 sec). Default is 0.Optional
udp_portrangeMultiple UDP port ranges.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-custom-service-update name=new_service proxy=enable

Human Readable Output

Updated Custom Service new_service

fortimanager-custom-service-delete


Delete a custom service.

Base Command

fortimanager-custom-service-delete

Input

Argument NameDescriptionRequired
adomThe ADOM from which to delete the custom service. Leave empty to use the default integration ADOM.Optional
customThe custome service to delete.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-custom-service-delete custom=new_service

Human Readable Output

Deleted Custom Service new_service

fortimanager-firewall-policy-package-list


List ADOM policy packages.

Base Command

fortimanager-firewall-policy-package-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to fetch the firewall policy packages. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional
policy_packageName of a specific policy package to fetch. If not specified, will get all policy packages.Optional

Context Output

PathTypeDescription
FortiManager.PolicyPackage.nameStringPolicy package name.
FortiManager.PolicyPackage.obj_verNumberPolicy package object version.
FortiManager.PolicyPackage.oidNumberPolicy package OID.
FortiManager.PolicyPackage.package setting.central-natStringWhether to use the central NAT.
FortiManager.PolicyPackage.package setting.consolidated-firewall-modeStringWhether to enable consolidate firewall mode.
FortiManager.PolicyPackage.package setting.fwpolicy-implicit-logStringWhether to enable firewall policy implicit log.
FortiManager.PolicyPackage.package setting.fwpolicy6-implicit-logStringWhether to enable firewall policy 6 implicit log.
FortiManager.PolicyPackage.package setting.inspection-modeStringPackage inspection mode.
FortiManager.PolicyPackage.package setting.ngfw-modeStringPackage NGFW mode.
FortiManager.PolicyPackage.package setting.ssl-ssh-profileStringPackage SSL SSH profile.
FortiManager.PolicyPackage.scope_member.nameStringPolicy package scope member name.
FortiManager.PolicyPackage.scope_member.vdomStringPolicy package scope member VDOM.
FortiManager.PolicyPackage.subobjUnknownPolicy package sub-objects.
FortiManager.PolicyPackage.typeStringPolicy package type.

Command Example

!fortimanager-firewall-policy-package-list offset=1 limit=2

Context Example

{
"FortiManager": {
"PolicyPackage": [
{
"name": "default",
"obj ver": 1,
"oid": 1303,
"package settings": {
"central-nat": 0,
"consolidated-firewall-mode": 0,
"fwpolicy-implicit-log": 0,
"fwpolicy6-implicit-log": 0,
"ngfw-mode": 0
},
"type": "pkg"
},
{
"name": "my_package",
"obj ver": 8,
"oid": 1356,
"package settings": {
"fwpolicy-implicit-log": 0,
"fwpolicy6-implicit-log": 0,
"ngfw-mode": 1,
"ssl-ssh-profile": [
"NGFW-SSL-Inspection"
]
},
"type": "pkg"
}
]
}
}

Human Readable Output

Policy Packages

NameType
FG5H0E3917901297_rootpkg
Corp_Sharedpkg

fortimanager-firewall-policy-package-create


Create a new firewall policy package.

Base Command

fortimanager-firewall-policy-package-create

Input

Argument NameDescriptionRequired
adomThe ADOM on which to create the service group. Leave empty to use the instance ADOM.Optional
nameThe name of the new policy package.Required
typeThe type of package. Possible values are: "pkg" and "folder".Required
central_natWhether to use central NAT. Default is "disable".Optional
consolidated_firewall_modeWhether to enable consolidate firewall mode. Default is "disable".Optional
fwpolicy_implicit_logWhether to enable firewall policy implicit log. Default is "disable".Optional
fwpolicy6_implicit_logWhether to enable firewall policy 6 implicit log. Default is "disable".Optional
inspection_modePackage inspection mode. Possible values are: "proxy" and "flow". Default is "proxy".Optional
ngfw_modePackage NGFW mode. Possible values are: "profile-based" and "policy-based". Default is "profile-based".Optional
ssl_ssh_profilePackage SSL SSH profile.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-package-create name=new_package type=pkg

Human Readable Output

Created new Policy Package new_package

fortimanager-firewall-policy-package-update


Create a new firewall policy package.

Base Command

fortimanager-firewall-policy-package-update

Input

Argument NameDescriptionRequired
adomThe ADOM on which to update the service group. Leave empty to use the instance ADOM.Optional
nameThe name of the Policy Package to update.Required
typeThe type og package. Possible values are: "pkg" and "folder".Optional
central_natWhether to use central NAT.Optional
consolidated_firewall_modeWhether to enable consolidate firewall mode.Optional
fwpolicy_implicit_logWhether to enable firewall policy implicit log.Optional
fwpolicy6_implicit_logWhether to enable firewall policy 6 implicit log.Optional
inspection_modePackage inspection mode. Possible values are: "proxy" and "flow".Optional
ngfw_modePackage NGFW mode. Possible values are: "profile-based" and "policy-based".Optional
ssl_ssh_profilePackage SSL SSH profile.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-package-update name=new_package central_nat=enable

Human Readable Output

Update Policy Package new_package

fortimanager-firewall-policy-package-delete


Delete a firewall policy package.

Base Command

fortimanager-firewall-policy-package-delete

Input

Argument NameDescriptionRequired
adomThe ADOM from which to delete the policy package. Leave empty to use the default integration ADOM.Optional
pkg_pathThe policy package path to delete.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-package-delete pkg_path=new_package

Human Readable Output

Deleted Policy Package new_package

fortimanager-firewall-policy-list


List specific firewall policies from a policy package.

Base Command

fortimanager-firewall-policy-list

Input

Argument NameDescriptionRequired
packageThe package from which to fetch the policies.Required
adomThe ADOM from which to fetch the policies. Leave empty to use the instance ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list.Optional
policy_idAn ID for the specific policy to fetch. If not specified, will get all policies.Optional

Context Output

PathTypeDescription
FortiManager.PolicyPackage.Policy.actionStringPolicy action (allow/deny/ipsec).
FortiManager.PolicyPackage.Policy.app-categoryStringApplication category ID list.
FortiManager.PolicyPackage.Policy.app-groupStringApplication group names.
FortiManager.PolicyPackage.Policy.applicationNumberApplication ID list.
FortiManager.PolicyPackage.Policy.application-listStringName of an existing application list.
FortiManager.PolicyPackage.Policy.auth-certStringHTTPS server certificate for policy authentication.
FortiManager.PolicyPackage.Policy.auth-pathStringEnable/disable authentication-based routing.
FortiManager.PolicyPackage.Policy.auth-redirect-addrStringHTTP-to-HTTPS redirect address for firewall authentication.
FortiManager.PolicyPackage.Policy.auto-asic-offloadStringEnable/disable offloading security profile processing to CP processors.
FortiManager.PolicyPackage.Policy.av-profileStringName of an existing antivirus profile.
FortiManager.PolicyPackage.Policy.block-notificationStringEnable/disable block notification.
FortiManager.PolicyPackage.Policy.captive-portal-exemptStringEnable to exempt some users from the captive portal.
FortiManager.PolicyPackage.Policy.capture-packetStringEnable/disable capture packets.
FortiManager.PolicyPackage.Policy.commentsStringComments.
FortiManager.PolicyPackage.Policy.custom-log-fieldsStringCustom fields to append to log messages for this policy.
FortiManager.PolicyPackage.Policy.delay-tcp-npu-sessionStringEnable TCP NPU session delay to guarantee packet order of 3-way handshake.
FortiManager.PolicyPackage.Policy.devicesStringNames of devices or device groups that can be matched by the policy.
FortiManager.PolicyPackage.Policy.diffserv-forwardStringEnable to change packet DiffServ values to the specified diffservcode-forward value.
FortiManager.PolicyPackage.Policy.diffserv-reverseStringEnable to change packet reverse (reply) DiffServ values to the specified diffservcode-rev value.
FortiManager.PolicyPackage.Policy.diffservcode-forwardStringChange packet DiffServ to this value.
FortiManager.PolicyPackage.Policy.diffservcode-revStringChange packet reverse (reply) DiffServ to this value.
FortiManager.PolicyPackage.Policy.disclaimerStringEnable/disable user authentication disclaimer.
FortiManager.PolicyPackage.Policy.dlp-sensorStringName of an existing DLP sensor.
FortiManager.PolicyPackage.Policy.dnsfilter-profileStringName of an existing DNS filter profile.
FortiManager.PolicyPackage.Policy.dscp-matchStringEnable DSCP check.
FortiManager.PolicyPackage.Policy.dscp-negateStringEnable negated DSCP match.
FortiManager.PolicyPackage.Policy.dscp-valueStringDSCP value.
FortiManager.PolicyPackage.Policy.dsriStringEnable DSRI to ignore HTTP server responses.
FortiManager.PolicyPackage.Policy.dstaddrStringDestination address and address group names.
FortiManager.PolicyPackage.Policy.dstaddr-negateStringWhen enabled, dstaddr specifies what the destination address must NOT be.
FortiManager.PolicyPackage.Policy.dstintfStringOutgoing (egress) interface.
FortiManager.PolicyPackage.Policy.firewall-session-dirtyStringHow to handle sessions if the configuration of this firewall policy changes.
FortiManager.PolicyPackage.Policy.fixedportStringEnable to prevent source NAT from changing a session source port.
FortiManager.PolicyPackage.Policy.fssoStringEnable/disable Fortinet single sign-on.
FortiManager.PolicyPackage.Policy.fsso-agent-for-ntlmStringFSSO agent to use for NTLM authentication.
FortiManager.PolicyPackage.Policy.global-labelStringLabel for the policy that appears when the GUI is in Global View mode.
FortiManager.PolicyPackage.Policy.groupsStringNames of user groups that can authenticate with this policy.
FortiManager.PolicyPackage.Policy.gtp-profileStringGTP profile.
FortiManager.PolicyPackage.Policy.icap-profileStringName of an existing ICAP profile.
FortiManager.PolicyPackage.Policy.identity-based-routeStringName of identity-based routing rule.
FortiManager.PolicyPackage.Policy.inboundStringPolicy-based IPsec VPN. Only traffic from the remote network can initiate a VPN.
FortiManager.PolicyPackage.Policy.internet-serviceStringEnable/disable use of internet services for this policy. If enabled, destination address and service are not used.
FortiManager.PolicyPackage.Policy.internet-service-customStringCustom internet service name.
FortiManager.PolicyPackage.Policy.internet-service-idStringInternet service ID.
FortiManager.PolicyPackage.Policy.internet-service-negateStringWhen enabled, internet service specifies what the service must NOT be.
FortiManager.PolicyPackage.Policy.internet-service-srcStringEnable/disable use of internet services in source for this policy. If enabled, source address is not used.
FortiManager.PolicyPackage.Policy.internet-service-src-customStringCustom internet service source name.
FortiManager.PolicyPackage.Policy.internet-service-src-idStringInternet service source ID.
FortiManager.PolicyPackage.Policy.internet-service-src-negateStringWhen enabled, internet-service-src specifies what the service must NOT be.
FortiManager.PolicyPackage.Policy.ippoolStringEnable to use IP pools for source NAT.
FortiManager.PolicyPackage.Policy.ips-sensorStringName of an existing IPS sensor.
FortiManager.PolicyPackage.Policy.labelStringLabel for the policy that appears when the GUI is in Section View mode.
FortiManager.PolicyPackage.Policy.learning-modeStringEnable to allow everything, but log all of the meaningful data for security information gathering. A learning report will be generated.
FortiManager.PolicyPackage.Policy.logtrafficStringEnable or disable logging. Log all sessions or security profile sessions.
FortiManager.PolicyPackage.Policy.logtraffic-startStringRecord logs when a session starts and ends.
FortiManager.PolicyPackage.Policy.match-vipStringEnable to match packets that have had their destination addresses changed by a VIP.
FortiManager.PolicyPackage.Policy.mms-profileStringName of an existing MMS profile.
FortiManager.PolicyPackage.Policy.nameStringPolicy name.
FortiManager.PolicyPackage.Policy.natStringEnable/disable a source NAT.
FortiManager.PolicyPackage.Policy.natinboundStringPolicy-based IPsec VPN: apply destination NAT to inbound traffic.
FortiManager.PolicyPackage.Policy.natipStringPolicy-based IPsec VPN: source NAT IP address for outgoing traffic.
FortiManager.PolicyPackage.Policy.natoutboundStringPolicy-based IPsec VPN: apply source NAT to outbound traffic.
FortiManager.PolicyPackage.Policy.np-accelerationStringEnable/disable UTM Network Processor acceleration.
FortiManager.PolicyPackage.Policy.ntlmStringEnable/disable NTLM authentication.
FortiManager.PolicyPackage.Policy.ntlm-enabled-browsersStringHTTP-User-Agent value of supported browsers.
FortiManager.PolicyPackage.Policy.ntlm-guestStringEnable/disable NTLM guest user access.
FortiManager.PolicyPackage.Policy.outboundStringPolicy-based IPsec VPN: only traffic from the internal network can initiate a VPN.
FortiManager.PolicyPackage.Policy.per-ip-shaperStringPer-IP traffic shaper.
FortiManager.PolicyPackage.Policy.permit-any-hostStringAccept UDP packets from any host.
FortiManager.PolicyPackage.Policy.permit-stun-hostStringAccept UDP packets from any Session Traversal Utilities for NAT (STUN) host.
FortiManager.PolicyPackage.Policy.policyidNumberPolicy ID.
FortiManager.PolicyPackage.Policy.poolnameStringIP pool names.
FortiManager.PolicyPackage.Policy.profile-groupStringName of profile group.
FortiManager.PolicyPackage.Policy.profile-protocol-optionsStringName of an existing protocol options profile.
FortiManager.PolicyPackage.Policy.profile-typeStringDetermine whether the firewall policy allows security profile groups or single profiles only.
FortiManager.PolicyPackage.Policy.radius-mac-auth-bypassStringEnable MAC authentication bypass. The bypassed MAC address must be received from RADIUS server.
FortiManager.PolicyPackage.Policy.redirect-urlStringThe URL users are directed to after seeing and accepting the disclaimer or authenticating.
FortiManager.PolicyPackage.Policy.replacemsg-override-groupStringOverride the default replacement message group for this policy.
FortiManager.PolicyPackage.Policy.rssoStringEnable/disable RADIUS single sign-on (RSSO).
FortiManager.PolicyPackage.Policy.rtp-addrStringAddress names if this is an RTP NAT policy.
FortiManager.PolicyPackage.Policy.rtp-natStringEnable Real Time Protocol (RTP) NAT.
FortiManager.PolicyPackage.Policy.scan-botnet-connectionsStringBlock or monitor connections to Botnet servers or disable Botnet scanning.
FortiManager.PolicyPackage.Policy.scheduleStringSchedule name.
FortiManager.PolicyPackage.Policy.schedule-timeoutStringEnable to force current sessions to end when the schedule object times out. Disable allows them to end from inactivity.
FortiManager.PolicyPackage.Policy.send-deny-packetStringEnable to send a reply when a session is denied or blocked by a firewall policy.
FortiManager.PolicyPackage.Policy.serviceStringService and service group names.
FortiManager.PolicyPackage.Policy.service-negateStringWhen enabled, service specifies what the service must NOT be.
FortiManager.PolicyPackage.Policy.session-ttlNumberTTL in seconds for sessions accepted by this policy. (0 means use the system default session TTL.)
FortiManager.PolicyPackage.Policy.spamfilter-profileStringName of an existing spam filter profile.
FortiManager.PolicyPackage.Policy.srcaddrStringSource address and address group names.
FortiManager.PolicyPackage.Policy.srcaddr-negateStringWhen enabled, srcaddr specifies what the source address must NOT be.
FortiManager.PolicyPackage.Policy.srcintfStringIncoming (ingress) interface.
FortiManager.PolicyPackage.Policy.ssh-filter-profileStringName of an existing SSH filter profile.
FortiManager.PolicyPackage.Policy.ssl-mirrorStringEnable to copy decrypted SSL traffic to a FortiGate interface (called SSL mirroring).
FortiManager.PolicyPackage.Policy.ssl-mirror-intfStringSSL mirror interface name.
FortiManager.PolicyPackage.Policy.ssl-ssh-profileStringName of an existing SSL SSH profile.
FortiManager.PolicyPackage.Policy.statusStringEnable or disable this policy.
FortiManager.PolicyPackage.Policy.tcp-mss-receiverNumberReceiver TCP maximum segment size (MSS).
FortiManager.PolicyPackage.Policy.tcp-mss-senderNumberSender TCP maximum segment size (MSS).
FortiManager.PolicyPackage.Policy.tcp-session-without-synStringEnable/disable creation of TCP session without SYN flag.
FortiManager.PolicyPackage.Policy.timeout-send-rstStringEnable/disable sending RST packets when TCP sessions expire.
FortiManager.PolicyPackage.Policy.traffic-shaperStringTraffic shaper.
FortiManager.PolicyPackage.Policy.traffic-shaper-reverseStringReverse traffic shaper.
FortiManager.PolicyPackage.Policy.url-categoryStringURL category ID list.
FortiManager.PolicyPackage.Policy.usersStringNames of individual users that can authenticate with this policy.
FortiManager.PolicyPackage.Policy.utm-statusStringEnable to add one or more security profiles (AV, IPS, etc.) to the firewall policy.
FortiManager.PolicyPackage.Policy.uuidStringUniversally Unique Identifier (UUID; automatically assigned but can be manually reset).
FortiManager.PolicyPackage.Policy.vlan-cos-fwdNumberVLAN forward direction user priority: 255 passthrough, 0 lowest, 7 highest.
FortiManager.PolicyPackage.Policy.vlan-cos-revNumberVLAN reverse direction user priority: 255 passthrough, 0 lowest, 7 highest.
FortiManager.PolicyPackage.Policy.vlan-filterStringSet VLAN filters.
FortiManager.PolicyPackage.Policy.voip-profileStringName of an existing VoIP profile.
FortiManager.PolicyPackage.Policy.vpn_dst_node.hostStringVPN destination node host.
FortiManager.PolicyPackage.Policy.vpn_dst_node.seqNumberVPN destination node sequence.
FortiManager.PolicyPackage.Policy.vpn_dst_node.subnetStringVPN destination node subnet.
FortiManager.PolicyPackage.Policy.vpn_src_node.hostStringVPN source node host.
FortiManager.PolicyPackage.Policy.vpn_src_node.seqNumberVPN source node sequence.
FortiManager.PolicyPackage.Policy.vpn_src_node.subnetStringVPN source node subnet.
FortiManager.PolicyPackage.Policy.vpntunnelStringPolicy-based IPsec VPN: name of the IPsec VPN Phase 1.
FortiManager.PolicyPackage.Policy.waf-profileStringName of an existing Web application firewall profile.
FortiManager.PolicyPackage.Policy.wanoptStringEnable/disable WAN optimization.
FortiManager.PolicyPackage.Policy.wanopt-detectionStringWAN optimization auto-detection mode.
FortiManager.PolicyPackage.Policy.wanopt-passive-optStringWAN optimization passive mode options. This option decides what IP address will be used to connect server.
FortiManager.PolicyPackage.Policy.wanopt-peerStringWAN optimization peer.
FortiManager.PolicyPackage.Policy.wanopt-profileStringWAN optimization profile.
FortiManager.PolicyPackage.Policy.wccpStringEnable/disable forwarding traffic matching this policy to a configured WCCP server.
FortiManager.PolicyPackage.Policy.webcacheStringEnable/disable a web cache.
FortiManager.PolicyPackage.Policy.webcache-httpsStringEnable/disable a web cache for HTTPS.
FortiManager.PolicyPackage.Policy.webfilter-profileStringName of an existing Web filter profile.
FortiManager.PolicyPackage.Policy.wssoStringEnable/disable WiFi single sign-on (WSSO).

Command Example

!fortimanager-firewall-policy-list package=new_package

Context Example

{
"FortiManager": {
"PolicyPackage": {
"Policy": {
"_byte": 0,
"_first_hit": 0,
"_first_session": 0,
"_global-vpn": [],
"_global-vpn-tgt": 0,
"_hitcount": 0,
"_last_hit": 0,
"_last_session": 0,
"_pkts": 0,
"_policy_block": 0,
"_sesscount": 0,
"action": 1,
"anti-replay": 1,
"app-group": [],
"auto-asic-offload": 1,
"block-notification": 0,
"captive-portal-exempt": 0,
"capture-packet": 0,
"custom-log-fields": [],
"delay-tcp-npu-session": 0,
"diffserv-forward": 0,
"diffserv-reverse": 0,
"disclaimer": 0,
"dsri": 0,
"dstaddr": [
"all"
],
"dstaddr-negate": 0,
"dstintf": [
"any"
],
"email-collect": 0,
"fsso": 1,
"fsso-agent-for-ntlm": [],
"fsso-groups": [],
"geoip-anycast": 0,
"groups": [],
"inspection-mode": 1,
"internet-service": 0,
"internet-service-src": 0,
"logtraffic": 3,
"logtraffic-start": 0,
"match-vip": 0,
"match-vip-only": 0,
"name": "new_policy",
"nat": 0,
"natip": [
"0.0.0.0",
"0.0.0.0"
],
"np-acceleration": 1,
"obj seq": 1,
"per-ip-shaper": [],
"permit-any-host": 0,
"policyid": 9,
"profile-protocol-options": [
"default"
],
"profile-type": 0,
"radius-mac-auth-bypass": 0,
"replacemsg-override-group": [],
"reputation-direction": 2,
"reputation-minimum": 0,
"rtp-nat": 0,
"schedule": [
"always"
],
"schedule-timeout": 0,
"service": [
"ALL"
],
"service-negate": 0,
"session-ttl": 0,
"srcaddr": [
"all"
],
"srcaddr-negate": 0,
"srcintf": [
"any"
],
"ssl-mirror": 0,
"ssl-mirror-intf": [],
"ssl-ssh-profile": [
"no-inspection"
],
"status": 1,
"tcp-mss-receiver": 0,
"tcp-mss-sender": 0,
"tcp-session-without-syn": 2,
"timeout-send-rst": 0,
"tos": "0x00",
"tos-mask": "0x00",
"tos-negate": 0,
"traffic-shaper": [],
"traffic-shaper-reverse": [],
"users": [],
"utm-status": 0,
"uuid": "some-id",
"vlan-cos-fwd": 255,
"vlan-cos-rev": 255,
"vpn_dst_node": null,
"vpn_src_node": null,
"wccp": 0,
"webcache-https": 0,
"webproxy-forward-server": [],
"webproxy-profile": []
}
}
}
}

Human Readable Output

ADOM root Policy Package new_package Policies

PolicyidNameSrcintfDstintfSrcaddrDstaddrScheduleServiceAction
9new_policyanyanyallallalwaysALL1

fortimanager-firewall-policy-create


Create a firewall policy.

Base Command

fortimanager-firewall-policy-create

Input

Argument NameDescriptionRequired
adomThe ADOM on which to create the service group. Leave empty to use the instance ADOM.Optional
packageThe package from which to create the policy.Required
actionThe policy action. Possible values are: "deny", "accept", "ipsec", and "ssl-vpn".Required
commentsA comment.Optional
dstaddrDestination address name. Note: dstaddr6 or dstaddr must be set.Optional
dstaddr6IPv6 destination address (web proxy only). Note: dstaddr6 or dstaddr must be set.Optional
dstaddr_negateEnable/disable a negated destination address match.Optional
dstintfDestination interface name.Optional
srcaddrSource address name. Note: srcaddr or srcaddr6 must be set.Optional
srcaddr6IPv6 source address (web proxy only). Note: srcaddr or srcaddr6 must be set.Optional
srcaddr_negateEnable/disable a negated source address match.Optional
srcintfSource interface name.Optional
additional_paramsA comma-separated list of additional params and their values. For example: Field1=Value1,Field2=Value2.Optional
nameThe name of the policy to create.Required
logtrafficEnable or disable logging. Log all sessions or security profile sessions. Possible values are: "enable", "disable", "all", and "utm".Required
scheduleSchedule name. Default is "always".Required
serviceService and service group names. Default is "ALL".Required
statusEnable or disable this policy.Required
policyidThe ID of the policy to create. Leave empty to use system default.Optional

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-create action=accept logtraffic=utm name=new_policy package=new_package dstaddr=all srcaddr=all policyid=9

Human Readable Output

Created policy with ID 9

fortimanager-firewall-policy-update


Update a firewall policy.

Base Command

fortimanager-firewall-policy-update

Input

Argument NameDescriptionRequired
adomThe ADOM on which to update the service group. Leave empty to use the instance ADOM.Optional
packageThe package from which to update the policy.Required
actionThe policy action. Possible values are: "deny", "accept", "ipsec", and "ssl-vpn".Optional
commentsA comment.Optional
dstaddrDestination address name. Note: dstaddr6 or dstaddr must be set.Optional
dstaddr6IPv6 destination address (web proxy only). Note: dstaddr6 or dstaddr must be set.Optional
dstaddr_negateEnable/disable a negated destination address match.Optional
dstintfDestination interface name.Optional
srcaddrSource address name. Note: srcaddr or srcaddr6 must be set.Optional
srcaddr6IPv6 source address (web proxy only). Note: srcaddr or srcaddr6 must be set.Optional
srcaddr_negateEnable/disable a negated source address match.Optional
srcintfSource interface name.Optional
additional_paramsA comma-separated list of additional params and their values. exmaple: Field1=Value1,Field2=Value2.Optional
nameThe name of the policy to update.Optional
logtrafficEnable or disable logging. Log all sessions or security profile sessions. Possible values are: "enable", "disable", "all", and "utm".Optional
scheduleSchedule name.Optional
serviceService and service group names.Optional
statusEnable or disable this policy.Optional
policyidThe ID of the policy to update.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-update package=new_package policyid=9 status=disable

Human Readable Output

Updated policy with ID 9

fortimanager-firewall-policy-delete


Delete a firewall policy.

Base Command

fortimanager-firewall-policy-delete

Input

Argument NameDescriptionRequired
adomThe ADOM from which to delete the policy. Leave empty to use the default integration ADOM.Optional
packageThe policy package from which we want to delete the policy.Required
policyThe policy we want to delete.Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-delete package=new_package policy=9

Human Readable Output

Deleted Policy 9

fortimanager-firewall-policy-move


Move a policy in the package.

Base Command

fortimanager-firewall-policy-move

Input

Argument NameDescriptionRequired
adomThe ADOM from which to move the policy. Leave empty to use the default integration ADOM.Optional
packageThe policy package from which we want to move the policy.Required
policyThe ID of the policy we want to move.Required
targetThe ID of the target policy by which we want to move the policy.Required
optionWhether to move the policy before or after the target policy. Possible values are: "before" and "after". Default is "before".Required

Context Output

There is no context output for this command.

Command Example

!fortimanager-firewall-policy-move option=after package=some_package policy=1 target=2

Human Readable Output

Moved policy with ID 1 after 2 in Policy Package: some_package

fortimanager-dynamic-interface-list


List dynamic interfaces

Base Command

fortimanager-dynamic-interface-list

Input

Argument NameDescriptionRequired
adomThe ADOM from which to list dynamic interfaces. Leave empty to use the default integration ADOM.Optional
offsetFrom which index to start the list. Default is 0.Optional
limitTo which index to get the list. Default is 50.Optional

Context Output

PathTypeDescription
FortiManager.DynamicInterface.colorNumberColor of the icon in the GUI.
FortiManager.DynamicInterface.default-mappingStringDefault mapping of the Interface.
FortiManager.DynamicInterface.defmap-intfStringDefault mapping interface.
FortiManager.DynamicInterface.defmap-intrazone-denyStringDefault mapping intrazone deny.
FortiManager.DynamicInterface.defmap-zonememberStringDefault mapping zone members
FortiManager.DynamicInterface.descriptionStringDynamic interface description.
FortiManager.DynamicInterface.dynamic_mapping._scope.nameStringDynamic mapping scope name.
FortiManager.DynamicInterface.dynamic_mapping._scope.vdomStringDynamic mapping scope VDOM.
FortiManager.DynamicInterface.dynamic_mapping.egress-shaping-profileStringDynamic mapping egress shaping profile.
FortiManager.DynamicInterface.dynamic_mapping.intrazone-denyStringDynamic mapping intrazone deny.
FortiManager.DynamicInterface.dynamic_mapping.local-intfStringDynamic mapping local interface.
FortiManager.DynamicInterface.egress-shaping-profileStringEgress shaping profile.
FortiManager.DynamicInterface.nameStringDynamic interface name.
FortiManager.DynamicInterface.platform_mapping.egress-shaping-profileStringPlatform mapping egress shaping profile.
FortiManager.DynamicInterface.platform_mapping.intf-zoneStringPlatform mapping interface zone.
FortiManager.DynamicInterface.platform_mapping.intrazone-denyStringPlatform mapping intrazone deny.
FortiManager.DynamicInterface.platform_mapping.nameStringPlatform mapping name.
FortiManager.DynamicInterface.single-intfStringDynamic interface single interface.

Command Example

!fortimanager-dynamic-interface-list offset=1 limit=2

Context Example

{
"FortiManager": {
"DynamicInterface": [
{
"color": 0,
"default-mapping": 0,
"defmap-intrazone-deny": 0,
"defmap-zonemember": [],
"dynamic_mapping": [
{
"_scope": [
{
"name": "device_name",
"vdom": "root"
}
],
"egress-shaping-profile": [],
"ingress-shaping-profile": [],
"intrazone-deny": 0,
"local-intf": [
"bgp loopback"
]
}
],
"egress-shaping-profile": [],
"ingress-shaping-profile": [],
"name": "bgp loopback",
"single-intf": 1
},
{
"color": 0,
"default-mapping": 0,
"defmap-intrazone-deny": 0,
"defmap-zonemember": [],
"dynamic_mapping": [
{
"_scope": [
{
"name": "device_name",
"vdom": "root"
}
],
"egress-shaping-profile": [],
"ingress-shaping-profile": [],
"intrazone-deny": 0,
"local-intf": [
"branch"
]
}
],
"egress-shaping-profile": [],
"ingress-shaping-profile": [],
"name": "branch",
"single-intf": 1
}
]
}
}

Human Readable Output

ADOM root Dynamic Interfaces

Name
bgp loopback
branch

fortimanager-firewall-policy-package-install


Schedule a policy package installation.

Base Command

fortimanager-firewall-policy-package-install

Input

Argument NameDescriptionRequired
adom_rev_commentThe comment for the new ADOM revision.Optional
adom_rev_nameThe name for the new ADOM revision.Optional
adomThe ADOM in which to install the policy package. Leave empty to use the default integration ADOM.Optional
dev_rev_commentThe comment for the device configuration revision that will be generated during install.Optional
packageThe policy package to install.Required
nameThe device or device group name on which to install the package.Required
vdomvdom on which to install the package.Optional

Context Output

PathTypeDescription
FortiManager.Installation.idNumberThe installation task ID.

Command Example

!fortimanager-policy-package-install package=package_to_install name=device_name vdom=root adom_rev_name=testing_installation

Human Readable Output

Installed a policy package my_package in ADOM: root On Device my_device and VDOM vdom_name. Task ID: 175

Context Example

{
"FortiManager": {
"Installation": {
"id": 175
}
}
}

fortimanager-firewall-policy-package-install-status


Get installation status.

Base Command

fortimanager-firewall-policy-package-install-status

Input

Argument NameDescriptionRequired
task_idThe installation task ID.Required

Context Output

PathTypeDescription
FortiManager.Installation.adomNumberThe ADOM on which the installation occurred.
FortiManager.Installation.end_tmNumberThe installation task end time.
FortiManager.Installation.flagsNumberThe installation_task_flags.
FortiManager.Installation.idNumberThe installation task ID.
FortiManager.Installation.line.detailStringThe installation status details.
FortiManager.Installation.line.end_tmNumberThe installation task end time.
FortiManager.Installation.line.errNumberThe installation error.
FortiManager.Installation.line.historyStringInstallation task historical details.
FortiManager.Installation.line.ipStringThe installation IP.
FortiManager.Installation.line.nameStringThe installation name.
FortiManager.Installation.line.oidNumberThe installation task oid.
FortiManager.Installation.line.percentNumberThe installation task completion percent.
FortiManager.Installation.line.start_tmNumberThe installation task start time.
FortiManager.Installation.line.stateStringThe installation task state.
FortiManager.Installation.line.vdomStringThe VDOM on which the installation occurred.
FortiManager.Installation.num_doneNumberThe number of done tasks.
FortiManager.Installation.num_errNumberThe number of errors found.
FortiManager.Installation.num_linesNumberThe number of installation data lines.
FortiManager.Installation.num_warnNumberThe number of warnings found.
FortiManager.Installation.percentNumberThe installation task completion percent.
FortiManager.Installation.pidNumberThe installation task PID.
FortiManager.Installation.srcStringThe installation task source
FortiManager.Installation.start_tmNumberThe installation task start time.
FortiManager.Installation.stateStringThe installation task state.
FortiManager.Installation.titleStringThe installation task title.
FortiManager.Installation.tot_percentNumberThe installation task completion percent.
FortiManager.Installation.userStringThe installation task user.

Command Example

!fortimanager-policy-package-install-status task_id=175