I have a error when a tried update some firewall policy or object address:
payload = {'subnet': '10.0.0.1 255.0.0.0'}
device.update_firewall_address('obj11', payload)
ERROR:root:Requested address "obj11" does not exist in Firewall config.
404

The same happens when I chance firewall policy:
ERROR:root:Requested Policy ID 4 does not exist in Firewall Config

Do you know about this problem?

Thanks

@jsimpso Hey - Are you aware that your master and pypi are mismatched? Can you version this to 0.2.0 (since you added filters)

每添加一条object都会进行登入和登出，添加大量object会触发防火墙的安全策略导致锁定。
能不能把seesion 独立出来类似：
class FortiGate:
def init(self, ipaddr, username, password, timeout=10, vdom="root", port="443", verify=False,_session = None):

    self.ipaddr = ipaddr
    self.username = username
    self.password = password
    self.port = port
    self.urlbase = "https://{ipaddr}:{port}/".format(ipaddr=self.ipaddr,port=self.port)
    self.timeout = timeout
    self.vdom = vdom
    self.verify = verify
    self._session = None

def _get_session(self) -> Session:
"""Returns an existing session or create a new one"""
if not self._session:
self.login()
if isinstance(self._session, Session):
return self._session
raise ValueError(f"absent session={self._session}")

At the moment I am working on a project which implements this project to read some data from a running Fortigate 300D appliance.

In my case; The login_check doesn't work, however, I see a confirmation I'm logged in correctly.
This could be the case that my account is limited to only certain scopes. So I suggest making this optional and enabled by default.

Hello dear developer

I have got the error 403 when I wanted to create or delete an object in Fortigate while I have supe admin access for the use.

My FortiOS vestion is 7.2.5

Can you help me about this obstacle ?

James, thanks for you code.

Do you know how I can create a ontime schedule object ?

Thanks

Policy responses can include ISDB references, therefore a GET request is needed to pull the ISDB.

Example from policy:

"internet-service": "enable",
"internet-service-id": [
{
  "q_origin_key": 393217,
  "id": 393217
}
],
"internet-service-custom": [],

The API endpoint is cmdb/firewall/internet-service/, I'm happy to do another PR?

First, your code is excellent for me. thanks :)

I pulling attacker's ip from my SIEM and put them into fortigate.
So, I create 'blacklist' address group and append address object(blacklist ip address) to 'blacklist' address group.
I write simple python code for automation.
If 'blacklist' address group is not exists create it and is exists new address object append to 'blacklist' address group.

if 'blacklist' in group_name_list:
    group_name = group_name_list[group_name_list.index('blacklist')]
    group_member = device.get_address_group(group_name)[0]['member']

    tmp = {}
    tmp.update(q_origin_key=new_member[0]['name'])
    tmp.update(name=new_member[0]['name'])
    group_member.append(tmp)

    payload = {}
    payload.update(member = group_member)
    print payload

    result = device.update_address_group(group_name, repr(payload))
    print result
else:
    payload = "{" + "'name': 'blacklist', 'member': [" + "{" + "'name': '{0}'".format(new_member[0]['name']) + "}]}"
    print payload
    device.create_address_group('blacklist', payload)

[result]
{'member': [{u'q_origin_key': u'blacklist_20181205-185114', u'name': u'blacklist_20181205-185114'}, {u'q_origin_key': u'blacklist_20181205-185005', u'name': u'blacklist_20181205-185005'}, {'q_origin_key': u'blacklist_20181206-153601', 'name': u'blacklist_20181206-153601'}]}
424

Above code return 424 status and I read your doc
https://pyfortiapi.readthedocs.io/en/latest/user/common_issues.html

Payload is like this

{'member': [{u'q_origin_key': u'blacklist_20181205-185114', u'name': u'blacklist_20181205-185114'}, {u'q_origin_key': u'blacklist_20181205-185005', u'name': u'blacklist_20181205-185005'}, {'q_origin_key': u'blacklist_20181205-195310', 'name': u'blacklist_20181205-195310'}]}

blacklist_20181205-185114, blacklist_20181205-185005 is current address group member.
blacklist_20181205-195310 is new added address group member.

This payload is not exactly?

Good afternoon, dear @jsimpso .

I'm caught in the error 401 that throws me the api, the issue is because I'm trying to access a fortigate that has a login disclaimer, as I can accept this to continue the process of access and address creation.

Thank you very much for your collaboration, I remain attentive.

Hi, James!

Could you help me?

I am trying to move my policies up down on fortios version V6.2.1 build0932 (GA) and I got code 200, but nothing happens the police still in the same position.

Do you have any Idea how to change the code and solve that problem?

Below the line that I am executing:

device.move_firewall_policy(policy_id=1,
position="after",
neighbour=4)

Code: 200
The result is below:
],
"vdom":"root",
"path":"firewall",
"name":"policy",
"mkey":"1",
"status":"success",
"http_status":200,
"serial":"FGVMEVDSEWVDWG67",
"version":"v6.2.1",
"build":932
}

payload = {'name': 'test123', 'type': 'ipmask', 'subnet': '1.2.2.2 255.255.255.255'}
device.create_firewall_address('test123', repr(payload))
400

Add a module that adds addresses to the group，now add address to group need get all address then change this group .

Hi,

I'm trying to login to Fortigate 3600D version 5.6.12 with pyfortiapi,

this is my script:
import pyfortiapi

device = pyfortiapi.FortiGate(ipaddr="10.68.10.120",
username="flowcapture",
password="pfjwHp1wfdrse3jdgtykjkjves") # This is the API key i created in the Fortigate

addresses = device.get_firewall_address()
print(addresses)

my error are:
Traceback (most recent call last):
File "ps-aux.py", line 17, in
nodlist = device.get_firewall_address()
File "/usr/local/lib/python3.6/site-packages/pyfortiapi.py", line 158, in get_firewall_address
results = self.get(api_url)
File "/usr/local/lib/python3.6/site-packages/pyfortiapi.py", line 94, in get
session = self.login()
File "/usr/local/lib/python3.6/site-packages/pyfortiapi.py", line 53, in login
login_check.raise_for_status()
File "/usr/lib/python3.6/site-packages/requests/models.py", line 940, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Authorization Required for url: https://10.68.10.120:443/api/v2/cmdb/system/vdom

I checked the credentials and the user and password are ok
curl -ki -H "Content-Type: application/json" -X POST https://10.68.10.120/logincheck?username=xxxx&secretkey=xxxxx
The result is
HTTP/1.1 200 OK
Date: Tue, 12 Jan 2021 14:01:25 GMT
Server: xxxxxxxx-xxxxx
Set-Cookie: APSCOOKIE_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: VDOM_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: CENTRAL_MGMT_OVERRIDE_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: EDIT_HISTORY_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: FILE_DOWNLOADING_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: csrftoken_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: ccsrftoken_17029277275916847658="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict
Set-Cookie: ccsrftoken="0%260"; path=/; expires=Mon, 25-Jan-1971 14:01:25 GMT; secure; SameSite=Strict

Any help will be appreciated

New functionality reuqest: Functoin to get license information of the fortigate device

Thanks for the work on PyFortiAPI, it's been a great base for me to get started with an internal project. Something I need to do, however, is perform queries for things like firewall policies beyond the inbuilt name==<specific>.

I'll probably just fork and add on what I need, but I thought it'd be worth opening a feature request as it could be a useful feature for many. I'm not sure on what would be the cleanest way of doing it, I will likely add a filters parameter which is appended to the GET request.