API Calls for certain specific items FortiGate

Question

I am trying to gather data with api calls from fortinet devices. Currently I need to extract data from a FortiGate. I can't seem to find an API call that gather the data I need but I also don't find any other way to gather the data with API call. The data must be gathered with API not snmp of ssh.

The data I need from these firewalls are:

-Nat exhaustion (maybe a way to send exec commands to cli?)

-Hash of admin users

If you have suggestions please feel free to leave them here :)

Answer 1

In the following code you can find examples how to get and update the NAT objects on the Fortigate using the fortigate-api package

from pprint import pprint

from fortigate_api import FortigateAPI

HOST = "host"
USERNAME = "username"
PASSWORD = "password"

fgt = FortigateAPI(host=HOST, username=USERNAME, password=PASSWORD)
fgt.login()

# Gets all ip-pool in vdom "root" from the Fortigate
ip_pools = fgt.ip_pool.get()
pprint(ip_pools)
# [{'arp-intf': '',
#   'arp-reply': 'enable',
#   'associated-interface': '',
#   'block-size': 128,
#   'comments': '',
#   'endip': '10.0.0.1',
#   'name': 'NAT-Source-01',
#   'num-blocks-per-user': 8,
#   'pba-timeout': 30,
#   'permit-any-host': 'disable',
#   'q_origin_key': 'NAT-Source-01',
#   'source-endip': '0.0.0.0',
#   'source-startip': '0.0.0.0',
#   'startip': '10.0.0.1',
#   'type': 'overload'},
# ...


# Gets filtered ip_pools by name (unique identifier)
ip_pools = fgt.ip_pool.get(uid="NAT-Source-01")
pprint(ip_pools)
#  [{'arp-intf': '',
#   'arp-reply': 'enable',
#   'associated-interface': '',
#   'block-size': 128,
#   'comments': '',
#   'endip': '10.0.0.1',
#   'name': 'NAT-Source-01',
#   'num-blocks-per-user': 8,
#   'pba-timeout': 30,
#   'permit-any-host': 'disable',
#   'q_origin_key': 'NAT-Source-01',
#   'source-endip': '0.0.0.0',
#   'source-startip': '0.0.0.0',
#   'startip': '10.0.0.1',
#   'type': 'overload'}]

# Filters ip_pools by operator equals "=="
ip_pools = fgt.ip_pool.get(filter="name==NAT-Source-01")
print(f"ip_pools count={len(ip_pools)}")  # ip_pools count=1

# Filters ip_pools by operator contains "=@"
ip_pools = fgt.ip_pool.get(filter="name=@NAT-")
print(f"ip_pools count={len(ip_pools)}")  # ip_pools count=5

# Filters ip_pools by multiple conditions
ip_pools = fgt.ip_pool.get(filter=["name=@NAT-", "[email protected]."])
print(f"ip_pools count={len(ip_pools)}")  # ip_pools count=2

# Updates ip_pool data in the Fortigate
data = dict(name="NAT-Source-01", comments="description")
response = fgt.ip_pool.update(uid="NAT-Source-01", data=data)
print("ip_pool.update", response)  # ip_pool.update <Response [200]>

fgt.logout()