15. FortiGuard Management#
15.1. Introduction to FortiGuard Management#
In this section, a lot of API examples have been collected by enabling the following debug command in FortiManager console:
diagnose debug application fdssvrd 255
diagnose debug enable
and playing with FortiGuard using either the FortiManager GUI or the following FortiManager CLI commands:
execute fmupdate <option>
diagnose fwmanager <option>
15.2. How to get the FMG FortiGuard object versions?#
The below example has been collected by using the following FortiManager CLI:
diagnose fmupdate fgd-dvber
with the debug enabled as described in the Introduction to FortiGuard Management secion.
{
"id": 1,
"jsonrpc": "1.0",
"method": "get",
"params": [
{
"data": {
"flags": 0
},
"url": "/um/misc/fgd_db_ver"
}
],
"session": "{{session}}",
"verbose": 1
}
{
"id": 3,
"result": [
{
"data": {
"as1": {
"delta": 1,
"desc": "Antispam(IP)",
"size": 0,
"update_time": 0,
"version": 0
},
"as2": {
"delta": 1,
"desc": "Antispam(URI)",
"size": 0,
"update_time": 0,
"version": 0
},
"as4": {
"delta": 1,
"desc": "Antispam(HASH)",
"size": 0,
"update_time": 0,
"version": 0
},
"av": {
"delta": 1,
"desc": "AntiVirus Query",
"size": 0,
"update_time": 0,
"version": 0
},
"av2": {
"delta": 1,
"desc": "Outbreak Prevention",
"size": 2234602358,
"update_time": 1740748501,
"version": 1030686
},
"catl": {
"delta": 0,
"desc": "Query Category",
"size": 17368,
"update_time": 1710961260,
"version": 655360
},
"fq": {
"delta": 1,
"desc": "File Query",
"size": 4281787620,
"update_time": 1713868799,
"version": 10617241
},
"geoip": {
"delta": 0,
"desc": "GeoIP",
"size": 245852542,
"update_time": 1744736400,
"version": 131349
},
"iotm": {
"delta": 0,
"desc": "IoT(mapping)",
"size": 0,
"update_time": 0,
"version": 0
},
"iotr": {
"delta": 0,
"desc": "IoT(range)",
"size": 0,
"update_time": 0,
"version": 0
},
"iots": {
"delta": 1,
"desc": "IoT(single)",
"size": 0,
"update_time": 0,
"version": 0
},
"wf": {
"delta": 1,
"desc": "Webfilter",
"size": 13765660808,
"update_time": 1739874023,
"version": 15355124
}
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/misc/fgd_db_ver"
}
]
}
Note
If you look at the wf (webfilter) block, the version returned
is 15355124. However, running the FortiManager CLI command
diagnose fmupdate fgd-dvber wf will show the version in a symbolic
major.minor format (00234.19700) as illustrated below:
Category Description Version Date/Time Size
-------- ----------- ------- --------- ----
wf Webfilter 00234.19700 2025-02-18 11:20:23(CET) 12.82G
In this output, the version is represented in major.minor format where:
major =
234minor =
19700
To convert the numeric version from the API to the symbolic format,
use the following formula:
major = version / 65536
minor = version % 65536
For example, using the returned version 15355124 from the
API:
major = 15355124 / 65536 = 234
minor = 15355124 % 65536 = 19700
Thus, the symbolic version is 00234.19700 matching what is shown in
the FortiManager CLI.
15.3. How to get the FMG upstream servers list?#
It’s quite easy to expose the FortiManager JSON RPC API endpoints by debugging the fdssvrd
process while issuing the FortiManager CLI command:
diagnose fmupdate view-serverlist <fgd|fds>
To debug the fdssvrd process:
diagnose debug application fdssvrd 255
diagnose debug enable
diagnose debug timestamp enable
Then we can ask for the upstream FDS servers using the following command:
diagnose fmupdate view-serverlist fds
Following output should be displayed:
2022-03-22 23:06:12 Request:
2022-03-22 23:06:12 { "client": "-newcli:22493", "id": 4, "method": "get", "params": [{ "data": { "flags": 0}, "target start": 1, "url": "misc\/server_list"}], "root": "um"}
2022-03-22 23:06:12 Response:
2022-03-22 23:06:12 { "id": 4, "result": [{ "data": { "loose_mode": 1, "public_network": 1, "server_list": [{ "0": { "addr": "208.184.237.67", "distance": 1, "port": 443, "src": 4, "timezone": 0}, "1": { "addr": "12.34.97.16", "distance": 6, "port": 443, "src": 4, "timezone": -5}, "2": { "addr": "208.184.237.68", "distance": 8, "port": 443, "src": 4, "timezone": 9}, "3": { "addr": "208.184.237.66", "distance": 9, "port": 443, "src": 4, "timezone": -8}, "4": { "addr": "usfds1.fortinet.com", "distance": 0, "port": 443, "src": 2, "timezone": 1}, "count": 5, "curr_svr_index": 3, "service_type": "fds"}, { "0": { "addr": "208.184.237.75", "distance": 9, "port": 443, "src": 4, "timezone": -8}, "1": { "addr": "usforticlient.fortinet.net", "distance": 0, "port": 443, "src": 2, "timezone": 1}, "count": 2, "curr_svr_index": 0, "service_type": "fct"}, { "0": { "addr": "65.210.95.253", "distance": 6, "port": 443, "src": 4, "timezone": -5}, "1": { "addr": "usfqsvr.fortinet.net", "distance": 0, "port": 443, "src": 2, "timezone": 1}, "count": 2, "curr_svr_index": 1, "service_type": "geoip"}]}, "status": { "code": 0, "message": "OK"}, "url": "misc\/server_list"}]}
2022-03-22 23:06:12
Fortiguard Server Comm : Enabled
Server Override Mode : Loose
FDS server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
0 208.184.237.67 443 0 1 FDNI
1 12.34.97.16 443 -5 6 FDNI
2 208.184.237.68 443 9 8 FDNI
*3 208.184.237.66 443 -8 9 FDNI
4 usfds1.fortinet.com 443 1 0 DEFAULT
FCT server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
*0 208.184.237.75 443 -8 9 FDNI
1 usforticlient.fortinet.net 443 1 0 DEFAULT
GEOIP server list :
Index Address Port TimeZone Distance Source
------------------------------------------------------------------------------------------------------
0 65.210.95.253 443 -5 6 FDNI
*1 usfqsvr.fortinet.net 443 1 0 DEFAULT
When formatted and cleaned a bit, we can see the following FortiManager JSON RPC API exchange:
REQUEST:
{
"id": 4,
"method": "get",
"params": [
{
"data": {
"flags": 0
},
"url": "/um/misc/server_list"
}
],
}
RESPONSE:
{
"id": 4,
"result": [
{
"data": {
"loose_mode": 1,
"public_network": 1,
"server_list": [
{
"0": {
"addr": "208.184.237.67",
"distance": 1,
"port": 443,
"src": 4,
"timezone": 0
},
"1": {
"addr": "12.34.97.16",
"distance": 6,
"port": 443,
"src": 4,
"timezone": -5
},
"2": {
"addr": "208.184.237.68",
"distance": 8,
"port": 443,
"src": 4,
"timezone": 9
},
"3": {
"addr": "208.184.237.66",
"distance": 9,
"port": 443,
"src": 4,
"timezone": -8
},
"4": {
"addr": "usfds1.fortinet.com",
"distance": 0,
"port": 443,
"src": 2,
"timezone": 1
},
"count": 5,
"curr_svr_index": 3,
"service_type": "fds"
},
{
"0": {
"addr": "208.184.237.75",
"distance": 9,
"port": 443,
"src": 4,
"timezone": -8
},
"1": {
"addr": "usforticlient.fortinet.net",
"distance": 0,
"port": 443,
"src": 2,
"timezone": 1
},
"count": 2,
"curr_svr_index": 0,
"service_type": "fct"
},
{
"0": {
"addr": "65.210.95.253",
"distance": 6,
"port": 443,
"src": 4,
"timezone": -5
},
"1": {
"addr": "usfqsvr.fortinet.net",
"distance": 0,
"port": 443,
"src": 2,
"timezone": 1
},
"count": 2,
"curr_svr_index": 1,
"service_type": "geoip"
}
]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "misc/server_list"
}
]
}
Using same process, we can easily get the FGD upstream servers:
REQUEST:
RESPONSE:
15.4. Firmware Management#
15.4.1. How to get the list of firmware images for FortiGate device?#
It is to get the same list as the one you get when visiting the FortiGuard > Firmware Images:
Following example shows how to get the list of fimware images for the FortiGate-60F platform:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"flags": 1,
"platform": "FortiGate-60F",
"product": "FGT"
},
"url": "/um/image/version/list"
}
],
"session": "{{session}}",
}
{
"id": 3,
"result": [
{
"data": {
"status": "success",
"version_list": [
{
"fdsid": "FGT60F",
"platform": "FortiGate-60F",
"product": "FGT",
"versions": [
{
"bdate": "2001251225",
"image_type": "NA",
"objid": "06000000FIMG00242-00000.00009-2001251225",
"type": "GA",
"version": "6.0.9-b6665"
},
{
"bdate": "2209090404",
"image_type": "NA",
"objid": "06000000FIMG00242-00000.00015-2209090404",
"type": "GA",
"version": "6.0.15-b6930"
},
{
"SNIP": "SNIP",
}
{
"bdate": "2306101549",
"image_type": "F",
"objid": "07002000FIMG00242-00002.00005-2306101549",
"type": "GA",
"version": "7.2.5-b1517"
},
{
"bdate": "2210052037",
"image_type": "F",
"objid": "07002000FIMG00242-00002.00002-2210052037",
"type": "GA",
"version": "7.2.2-b1255"
}
]
}
]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/image/version/list"
}
]
}
Should you want to get the firmware images for all FortiGate device?
Just omit the platform attribute and keep the product one set with FGT:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"flags": 1,
"product": "FGT"
},
"url": "/um/image/version/list"
}
],
"session": "{{session}}",
}
You can also get the firmware images for the following procuct:
Name |
|
|---|---|
FortiGate |
|
FortiAnalyzer |
|
FortiManager |
|
FortiAP |
|
FortiExtender |
|
FortiSwitch |
|
FortiProxy |
|
If you omit both the platform and the product attributes, then you
will get the firmware images list for all platforms/products!
Note
FortiManager indicates in the output when the firmware image has been already downloaded:
{ "bdate": "2304132147", "image_type": "NA", "objid": "06002000FIMG00259-00002.00014-2304132147", "type": "GA", "version": "6.2.14-b1364" }, { "bdate": "2312230056", "image_path": "/var/fwm/image/FGT40F_7.4.2_b2571_FORTINET.out", "image_size": 81475306, "image_type": "F", "objid": "07004000FIMG00259-00004.00002-2312230056", "type": "GA", "version": "7.4.2-b2571" },
Note
In the above response snipet, you can see that build
6.2.14is still in the public FortiGuard servers while the build7.4.2has already been download in FortiManager.
15.4.2. How to download a firmware image?#
The following example shows hot to download the firmware image for the FortiOS version 7.0.1 build 0489 and the FortiGate-100F platform:
{
"id": 1,
"method": "exec",
"params": [
{
"data": {
"create_task": "enable",
"platform": "FortiGate-100F",
"version": "7.0.11-b0489-GA"
},
"url": "/um/image/download"
}
],
"session": "{{session}}"
}
{
"id": 1,
"result": [
{
"data": {
"status": "success",
"taskid": 1403
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/image/download"
}
]
}
15.5. How to get contracts for managed devices?#
There are multiple ways to obtain more or less the same thing: the list of contracts or entitlements associated with the managed devices.
15.5.1. Using /um/device/list#
The following example shows how to get the contracts for all managed devices:
{
"id": 3,
"method": "exec",
"params": [
{
"url": "/um/device/list"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"count": 19,
"dev_object": [ "... LIST IS TOO LONG ..." ]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/device/list"
}
]
}
Note
As indicated by the
countattribute, 19 entries are returnedIt could be a longer list
This is why we can use some filtering options like
serialoros_type
For instance, the following example shows how to get the contracts for the managed device with the FG421F0000000001 Serial Number:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"serial": "FG421F0000000001"
},
"url": "/um/device/list"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"count": 1,
"dev_object": [
{
"account": "foo@bar.com",
"address": "10.82.10.133",
"announce_ip": "",
"announce_port": 0,
"build": 1639,
"company": "Bar Inc.",
"contract": "Contract=AVDB-1-06-20250316:0:1:1:0*AVEN-1-06-20250316:0:1:1:0*COMP-1-20-20250316:0:1:1:0*ENHN-1-20-20250316:0:1:1:0*FMWR-1-06-20250316:0:1:1:0*FRVS-1-06-20250316:0:1:1:0*FURL-1-06-20250316:0:1:1:0*HDWR-1-05-20250316:0:1:1:0*NIDS-1-06-20250316:0:1:1:0*SPAM-1-06-20250316:0:1:1:0*SPRT-1-20-20250316:0:1:1:0*ZHVO-1-06-20250316:0:1:1:0|AccountID=foo@bar.com|Company=Bar Inc.|UserID=123456",
"firmware": "FG421F-FW-7.02-1639",
"flags": 0,
"industry": "",
"lic_map": {
"AVDB": "AVDB-1-06-20250316:0:1:1:0",
"AVEN": "AVEN-1-06-20250316:0:1:1:0",
"COMP": "COMP-1-20-20250316:0:1:1:0",
"ENHN": "ENHN-1-20-20250316:0:1:1:0",
"FMWR": "FMWR-1-06-20250316:0:1:1:0",
"FRVS": "FRVS-1-06-20250316:0:1:1:0",
"FURL": "FURL-1-06-20250316:0:1:1:0",
"HDWR": "HDWR-1-05-20250316:0:1:1:0",
"NIDS": "NIDS-1-06-20250316:0:1:1:0",
"SPAM": "SPAM-1-06-20250316:0:1:1:0",
"SPRT": "SPRT-1-20-20250316:0:1:1:0",
"ZHVO": "ZHVO-1-06-20250316:0:1:1:0"
},
"obj_map": {
"07002000AFDB00100": 65548,
"07002000APDB00105": 1770243,
"07002000AVDB00201": 6032945,
"07002000AVDB00701": 6032945,
"07002000AVDB01901": 146887,
"07002000AVEN03300": 393513,
"07002000CIDB00000": 65702,
"07002000CRDB00000": 65586,
"07002000DBDB00100": 197353,
"07002000FFDB02008": 462412,
"07002000FLDB00201": 6032945,
"07002000FLEN08000": 459088,
"07002000FMWP00105": 1572884,
"07002000ICDB00101": 65579,
"07002000MADB00200": 65749,
"07002000MCDB00100": 66013,
"07002000MMDB00101": 6032945,
"07002000SFAS00000": 262199,
"07002000UWDB00100": 262347
},
"os_mr": 2,
"os_type": 0,
"os_ver": 7,
"platform": "FortiGate-4201F",
"serial": "FG421F0000000001",
"setup_info": "",
"sync_time": 1713886270,
"uid_active_time": 0,
"umdb_exist": 1,
"userid": "814571",
"vmlic_check_time": 0,
"vmlic_reg_time": 0,
"vmlic_status": "",
"vmlic_uid": ""
}
]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/device/list"
}
]
}
Note
As indicated by the count attribute, only 1 entry is returned
since you asked for a single device’s serial number
Or the following example shows how to get the contracts for all managed
FortiGate units (i.e., the ones with the FortiOS operating system type os_type is 0):
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"os_type": 0,
},
"url": "/um/device/list"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"count": 17,
"dev_object": [ "... LIST IS TOO LONG ..." ]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/device/list"
}
]
}
Tip
Where is the
0value from for theos_type?It’s in the file
/var/dm/syntax/dvmcmd_syntax.jsonExisting values are:
"OS_TYPE_OPTIONS": { "unknown": -1, "fos": 0, "fsw": 1, "foc": 2, "fml": 3, "faz": 4, "fwb": 5, "fch": 6, "fct": 7, "log": 8, "fmg": 9, "fsa": 10, "fdd": 11, "fac": 12, "fpx": 13, "fna": 14 }
You cannot use the symbolic form: for instance you can’t use
fosinstead of0
15.5.2. Using /um/misc/dump_contract#
The following example shows how to get the contracts for all managed devices:
{
"id": 1,
"method": "exec",
"params": [
{
"data": {
"flags": 0,
},
"url": "/um/misc/dump_contract"
}
],
}
{
"id": 3,
"result": [
{
"data": {
"...": "... LIST IS TOO LONG ..."
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/device/list"
}
]
}
The following example shows how to get the contracts for the managed device with the FG421F0000000001 Serial Number:
{
"id": 1,
"method": "exec",
"params": [
{
"data": {
"flags": 0,
"serial": "FG421F0000000001"
},
"url": "/um/misc/dump_contract"
}
],
}
{
"id": 3,
"result": [
{
"data": {
"acli": [
"UserID=123456|SerialNumber=FCLDPS0000000001|Contract=FCEP-6-20250411-1-1\r",
"UserID=123456|SerialNumber=FCTEMS8824000001|Contract=FCEM-6-20240507-50-50\r",
"UserID=123456|SerialNumber=FSACLPTM24000001|Contract=FSAP-6-20250411-1-1\r",
"\r",
""
],
"contract": [
{
"account": "foo@bar.com",
"address": "10.83.10.133",
"company": "FORTINET",
"contract_item": [
"AVDB-1-06-20250316:0:1:1:0",
"AVEN-1-06-20250316:0:1:1:0",
"COMP-1-20-20250316:0:1:1:0",
"ENHN-1-20-20250316:0:1:1:0",
"FMWR-1-06-20250316:0:1:1:0",
"FRVS-1-06-20250316:0:1:1:0",
"FURL-1-06-20250316:0:1:1:0",
"HDWR-1-05-20250316:0:1:1:0",
"NIDS-1-06-20250316:0:1:1:0",
"SPAM-1-06-20250316:0:1:1:0",
"SPRT-1-20-20250316:0:1:1:0",
"ZHVO-1-06-20250316:0:1:1:0"
],
"industry": "",
"rawdata": "Contract=AVDB-1-06-20250316:0:1:1:0*AVEN-1-06-20250316:0:1:1:0*COMP-1-20-20250316:0:1:1:0*ENHN-1-20-20250316:0:1:1:0*FMWR-1-06-20250316:0:1:1:0*FRVS-1-06-20250316:0:1:1:0*FURL-1-06-20250316:0:1:1:0*HDWR-1-05-20250316:0:1:1:0*NIDS-1-06-20250316:0:1:1:0*SPAM-1-06-20250316:0:1:1:0*SPRT-1-20-20250316:0:1:1:0*ZHVO-1-06-20250316:0:1:1:0|AccountID=foo@bar.com|Company=Bar Inc.|UserID=123456",
"serial": "FG421F0000000001"
}
],
"count": 1,
"support_level_desc": "05:Advanced HW*06:Web/Online*10:8x5*20:Premium*99:Trial",
"support_type_desc": "AVDB:Advanced Malware Protection*COMP:*DLDB:DLP*ENHN:*FAIS:FortiGuard AI-based Sandbox Service*FAZC:FortiAnalyzer Cloud Basic*FCSS:FortiConverter Service*FGSA:FortiGuard Attack Surface Security Service*FMGC:FortiManager Cloud*FMWR:Firmware & General Updates*FRVS:Vulnerability Management*FSPA:SPA License*FURL:FortiGuard URL, DNS & Video Filtering Service*HDWR:Hardware*IOTH:IoT Detection*IPMC:IPAM Cloud*ISSS:FortiGuard OT Security Service*NIDS:FortiGuard IPS Service*SBCL:FortiSandbox Cloud*SPAM:AntiSpam*SPRT:*SWNC:SD-WAN Orchestrator*SWNM:FortiGuard SD-WAN Underlay Service*SWNO:SD-WAN Overlay Controller*SWOS:SD-WAN Overlay as a Service*VDOM:VDOM*VMLS:VM license*ZHVO:FortiGuard Virus Outbreak Protection Service"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/misc/dump_contract"
}
]
}
Click here to interpret a different but similar output
If you look carefuly at the end of the response you’re getting this:
"support_level_desc": "05:Advanced HW*06:Web/Online*10:8x5*20:Premium*55:Premium service*99:Trial",
If you decompose the string value for the support_level_desc, it reads
as follows:
05: Advanced HW06: Web Online10: 8x520: Premium55: Premium service99: Trial
So 99 seems to be for Trial, for instance.
Now, if you look at the output for the FTSV04REDACTED5719 device:
{
"account": "foo@bar.com",
"address": "10.150.10.160",
"company": "Fortinet UK Limited",
"contract_item": [
"ATTC-1-06-20241102:0:1:1:0",
"AVDB-1-99-20231027:0:1:1:0",
"AVEN-1-99-20231027:0:1:1:0",
"COMP-1-20-20241102:0:1:1:0",
"ENHN-1-20-20241102:0:1:1:0",
"FMWR-1-06-20241102:0:1:1:0",
"FRVS-1-06-20241102:0:1:1:0",
"FTMS-1-06-20241102:0:1:1:0",
"FTSS-1-55-20241102:0:1:1:0",
"NIDS-1-99-20231027:0:1:1:0",
"SPRT-1-20-20241102:0:1:1:0"
],
"industry": "Technology",
"rawdata": "Contract=ATTC-1-06-20241102:0:1:1:0*AVDB-1-99-20231027:0:1:1:0*AVEN-1-99-20231027:0:1:1:0*COMP-1-20-20241102:0:1:1:0*ENHN-1-20-20241102:0:1:1:0*FMWR-1-06-20241102:0:1:1:0*FRVS-1-06-20241102:0:1:1:0*FTMS-1-06-20241102:0:1:1:0*FTSS-1-55-20241102:0:1:1:0*NIDS-1-99-20231027:0:1:1:0*SPRT-1-20-20241102:0:1:1:0|AccountID=foo@bar.com|Industry=Technology|Company=Fortinet UK Limited|UserID=123456",
"serial": "FTSV04REDACTED19"
}
You could replace it like this:
{
"account": "foo@com.com",
"address": "10.150.10.160",
"company": "Fortinet UK Limited",
"contract_item": [
"ATTC-1-[Web Online]-20241102:0:1:1:0",
"AVDB-1-[Trial]-20231027:0:1:1:0",
"AVEN-1-[Trial]-20231027:0:1:1:0",
"COMP-1-[Premium]-20241102:0:1:1:0",
"ENHN-1-[Premium]-20241102:0:1:1:0",
"FMWR-1-[Web Online]-20241102:0:1:1:0",
"FRVS-1-[Web Online]-20241102:0:1:1:0",
"FTMS-1-[Web Online]-20241102:0:1:1:0",
"FTSS-1-[Premium service]-20241102:0:1:1:0",
"NIDS-1-[Trial]-20231027:0:1:1:0",
"SPRT-1-[Premium]-20241102:0:1:1:0"
],
"industry": "Technology",
"rawdata": "Contract=ATTC-1-06-20241102:0:1:1:0*AVDB-1-99-20231027:0:1:1:0*AVEN-1-99-20231027:0:1:1:0*COMP-1-20-20241102:0:1:1:0*ENHN-1-20-20241102:0:1:1:0*FMWR-1-06-20241102:0:1:1:0*FRVS-1-06-20241102:0:1:1:0*FTMS-1-06-20241102:0:1:1:0*FTSS-1-55-20241102:0:1:1:0*NIDS-1-99-20231027:0:1:1:0*SPRT-1-20-20241102:0:1:1:0|AccountID=foo@bar.com|Industry=Technology|Company=Fortinet UK Limited|UserID=123456",
"serial": "FTSV04REDACTED19"
}
As you can observe from this output, you should have three expired trial for this device:
"AVDB-1-[Trial]-20231027:0:1:1:0""AVEN-1-[Trial]-20231027:0:1:1:0""NIDS-1-[Trial]-20231027:0:1:1:0"
It’s easy to decode the expiry date: October, 27th 2023.
And by the way, you can decode the 4-letter codes (for instance ATTC or
AVDB) using the string values returned by the support_type_desc
attribute.
15.6. How to get the package versions for your managed devices?#
Here package means IPS, AV, Applications, etc. databases that are used by your managed devices.
The following example shows how to get the package versions for all your managed devices:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"flags": 0
},
"url": "/um/device/object"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"count": 19,
"dev_object": [ "... TO LARGE OUTPUT ..." ],
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/device/object"
}
]
}
The following example shows how to get the package versions for the managed device with the FG421F0000000001 Serial Number:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"flags": 0,
"serial": "FG421F0000000001"
},
"url": "/um/device/object"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"count": 1,
"dev_object": [
{
"exclude_reason": "",
"flags": 0,
"object_version": [
{
"current_version": "00001.00166",
"latest_version": "00001.00166",
"license": "valid",
"license_type": "FMWR",
"obj_desc": "Client ID DB",
"obj_fmgi": {
"ext_desc": "Client ID DB",
"objid": "07002000CIDB00000",
"product": "FortiManager",
"service": "Firmware",
"subtype": "",
"version": "7.2.1+"
},
"objid": "07002000CIDB00000",
"prefer_version": "00000.00000",
"status": "up-to-date"
},
{
"current_version": "00001.00043",
"latest_version": "00001.00043",
"license": "valid",
"license_type": "FMWR",
"obj_desc": "ICDB",
"obj_fmgi": {
"ext_desc": "Object for a list of SaaS Applications.",
"objid": "07002000ICDB00101",
"product": "Inline Casb DataBase",
"service": "FMWR",
"subtype": "",
"version": "7.2"
},
"objid": "07002000ICDB00101",
"prefer_version": "00000.00000",
"status": "up-to-date"
},
{
"current_version": "00004.00055",
"latest_version": "00004.00055",
"license": "valid",
"license_type": "FGSA:FMWR",
"obj_desc": "Security",
"obj_fmgi": {
"ext_desc": "Security",
"objid": "07002000SFAS00000",
"product": "FortiManager",
"service": "Security",
"subtype": "",
"version": "7.2.1+"
},
"objid": "07002000SFAS00000",
"prefer_version": "00000.00000",
"status": "up-to-date"
}
],
"serial": "FG421F0000000001",
"status": "up-to-date",
"update_time": 1713888672
}
]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/device/object"
}
]
}
15.7. How to get the license status for managed devices?#
This is more or less what you’re trying to achieve in How to get contracts for managed devices? or in How to get the package versions for your managed devices? by using data collected by the FortiManager.
However, it doesn’t seem to giver you the full list of contracts, packages name and versions.
The following example is getting the license status from the managed devices themselves:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"action": "get",
"resource": "/api/v2/monitor/license/status",
"target": [
"adom/demo/group/All_FortiGate"
]
},
"url": "sys/proxy/json"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": [
{
"response": {
"build": 2571,
"http_method": "GET",
"name": "status",
"path": "license",
"results": {
"ai_malware_detection": {
"entitlement": "AVDB",
"expires": 1731283200,
"last_update": 978303600,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "0.00000"
},
"antispam": {
"entitlement": "SPAM",
"expires": 1731283200,
"status": "licensed",
"type": "live_fortiguard_service"
},
"antivirus": {
"db_status": "db_type_extended",
"engine": {
"last_update": 1698359340,
"version": "7.00021"
},
"entitlement": "AVDB",
"expires": 1731283200,
"last_update": 1523293620,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "1.00000"
},
"appctrl": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1448933400,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "6.00741"
},
"blacklisted_certificates": {
"entitlement": "FURL",
"expires": 1731283200,
"last_update": 1713819991,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "1.00477"
},
"botnet_domain": {
"entitlement": "AVDB",
"expires": 1731283200,
"last_update": 1714157471,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "3.00752"
},
"botnet_ip": {
"last_update": 1714164158,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "7.03667"
},
"data_leak_prevention": {
"entitlement": "DLDB",
"last_update": 978303600,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_manual",
"last_update_result_status": "update_result_not_authorized",
"status": "no_license",
"type": "downloaded_fds_object",
"version": "0.00000"
},
"device_os_id": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1714063871,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "1.00167"
},
"firmware_updates": {
"entitlement": "FMWR",
"expires": 1731283200,
"status": "licensed",
"type": "live_fortiguard_service"
},
"fortianalyzer_cloud": {
"entitlement": "FAZC",
"expires": 1731283200,
"status": "licensed",
"type": "live_cloud_service"
},
"fortianalyzer_cloud_premium": {
"entitlement": "AFAC",
"status": "no_license",
"type": "live_cloud_service"
},
"forticare": {
"account": "foo@bar.com",
"company": "Fortinet",
"industry": "Technology",
"registration_status": "registered",
"registration_supported": true,
"status": "registered",
"support": {
"enhanced": {
"expires": 1731283200,
"status": "licensed",
"support_level": "Premium"
}
},
"type": "cloud_service_status"
},
"forticloud": {
"status": "cloud_logged_out",
"type": "cloud_service_status"
},
"forticloud_logging": {
"log_retention_days": 7,
"max_bytes": 0,
"status": "free_license",
"type": "live_cloud_service",
"used_bytes": 0
},
"forticloud_sandbox": {
"entitlement": "AVDB",
"expires": 1731283200,
"files_uploaded_daily": 0,
"max_files_daily": 100,
"status": "licensed",
"type": "live_cloud_service"
},
"forticonverter": {
"entitlement": "FCSS",
"expires": 1731283200,
"status": "licensed",
"type": "live_cloud_service"
},
"fortiems_cloud": {
"entitlement": "FCEM",
"expires": 1736899200,
"status": "licensed",
"type": "account_level_live_cloud_service"
},
"fortiguard": {
"connected": true,
"connection_issue": false,
"fortigate_wan_ip": "34.140.239.116",
"has_connected": true,
"last_connection_success": 1714168271,
"next_scheduled_update": 1714169160,
"scheduled_updates_enabled": true,
"server_address": "173.243.141.6:443",
"supported": true,
"type": "cloud_service_status",
"update_server_usa": true
},
"fortiguard_ai_based_sandbox": {
"entitlement": "FAIS",
"status": "no_license",
"type": "live_cloud_service"
},
"fortimanager_cloud": {
"entitlement": "FMGC",
"expires": 1731283200,
"status": "licensed",
"type": "live_cloud_service"
},
"fortimanager_cloud_alci": {
"entitlement": "FMGC",
"expires": 1700697600,
"status": "expired",
"type": "account_level_live_cloud_service"
},
"fortisandbox_cloud": {
"entitlement": "FSAC",
"status": "no_license",
"type": "live_cloud_service"
},
"fortisandbox_cloud_alci": {
"entitlement": "FSAP",
"status": "no_license",
"type": "account_level_live_cloud_service"
},
"fortisase_lan_extension": {
"entitlement": "FSFG",
"status": "no_license",
"type": "live_cloud_service"
},
"fortisase_private_access": {
"entitlement": "FSPA",
"status": "no_license",
"type": "live_cloud_service"
},
"icdb": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1713806476,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "1.00043"
},
"industrial_db": {
"entitlement": "ISSS",
"expires": 1731283200,
"last_update": 1448933400,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "6.00741"
},
"inline_casb": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1712184731,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "1.00005"
},
"internet_service_db": {
"last_update": 1714164158,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "7.03667"
},
"iot_detection": {
"definitions": {
"entitlement": "IOTH",
"expires": 1731283200,
"last_update": 1660753860,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "0.00000"
},
"entitlement": "IOTH",
"expires": 1731283200,
"status": "licensed",
"type": "live_fortiguard_service"
},
"ips": {
"db_status": "db_type_extended",
"engine": {
"last_update": 1701106200,
"version": "7.00524"
},
"entitlement": "NIDS",
"expires": 1731283200,
"last_update": 1448933400,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "6.00741"
},
"local_in_virtual_patching": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1713889272,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "24.00040"
},
"malicious_urls": {
"entitlement": "NIDS",
"expires": 1731283200,
"last_update": 1420070460,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "1.00001"
},
"mobile_malware": {
"entitlement": "AVDB",
"expires": 1731283200,
"last_update": 978303600,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "0.00000"
},
"ot_detection": {
"detect_definitions": {
"entitlement": "ISSS",
"expires": 1731283200,
"last_update": 978303600,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "0.00000"
},
"entitlement": "IOTH",
"expires": 1731283200,
"patch_definitions": {
"entitlement": "ISSS",
"expires": 1731283200,
"last_update": 978303600,
"status": "licensed",
"type": "downloaded_fds_object",
"version": "0.00000"
},
"status": "licensed",
"type": "live_fortiguard_service"
},
"outbreak_prevention": {
"entitlement": "ZHVO",
"expires": 1731283200,
"status": "licensed",
"type": "live_fortiguard_service"
},
"outbreak_security_rating": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1710249207,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "5.00032"
},
"psirt_security_rating": {
"entitlement": "FMWR",
"expires": 1731283200,
"last_update": 1710249207,
"last_update_attempt": 1714168271,
"last_update_method_status": "update_method_sched",
"last_update_result_status": "update_result_no_updates",
"status": "licensed",
"type": "downloaded_fds_object",
"version": "5.00032"
},
"sdwan_network_monitor": {
"entitlement": "SWNM",
"expires": 1731283200,
"status": "licensed",
"type": "live_fortiguard_service"
},
"sdwan_overlay_aas": {
"entitlement": "SWOS",
"status": "no_license",
"type": "live_cloud_service"
},
"security_rating": {
"entitlement": "FGSA",
"expires": 1731283200,
"status": "licensed",
"type": "functionality_enabling"
},
"sms": {
"max": 0,
"status": "no_license",
"type": "other",
"used": 0
},
"vdom": {
"can_upgrade": true,
"max": 10,
"type": "platform",
"used": 1
},
"vm": {
"closed_network": false,
"cpu_max": 1,
"cpu_used": 1,
"expires": 1731106800,
"is_payg": false,
"license_from_forticare": true,
"license_model": 6,
"license_platform_name": "FGVM01",
"mem_used": 2089811968,
"status": "vm_valid",
"type": "platform",
"valid": true
},
"web_filtering": {
"category_list_version": 10,
"entitlement": "FURL",
"expires": 1731283200,
"running": false,
"status": "licensed",
"type": "live_fortiguard_service"
}
},
"serial": "FG421F0000000001",
"status": "success",
"vdom": "root",
"version": "v7.4.2"
},
"status": {
"code": 0,
"message": "OK"
},
"target": "dev_001"
}
],
"status": {
"code": 0,
"message": "OK"
},
"url": "sys/proxy/json"
}
]
}
Note
The special
All_FortiGatedevice group is for all managed devices from the specified ADOMAbove output is for one managed device; it means the
demoADOM was having only one managed device at the time this request was made
15.8. How to get the update history for a specific FortiGuard objects?#
The update history gives you how many time and which database versions a FortiGuard object has been downloaded by FortiManager.
Using FortiManager GUI, this is when you’re in the FortiGuard > Packages page and you click the *Update History* cell:
In this case, you get this:
The following shows the corresponding API request:
{
"id": 3,
"method": "get",
"params": [
{
"data": {
"category": {
"fds": {
"objid": [
"05000000FAPV00000"
]
}
}
},
"url": "/um/misc/update_history"
}
],
"session": "{{session}}",
"verbose": 1
}
{
"id": 3,
"result": [
{
"data": {
"fds": {
"05000000FAPV00000": {
"history": [
{
"event": "PollUpdate",
"size": 19432,
"status": "Success",
"update_time": 1742982143,
"version": 131177
}
]
}
}
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/misc/update_history"
}
]
}
15.9. How to get the list of FortiGuard objects downloaded by FortiManager?#
Goal is to produce the same listing as the one available in FortiManager GUI when visiting the FortiGuard > Package Management > Receive Status page.
We need to use the following method and url:
Method |
|
URL |
|
We need to specify the Fortinet product of interest by using the
system attribute with one of the following values:
Attribute |
Product |
|---|---|
|
|
|
|
|
|
|
|
|
|
We also need to specify whether we want to get all objects related to
a product or only the used objects by setting the attribute
used_only to 0 or 1 respectively.
The FortiManager JSON API request/response:
REQUEST:
{
"id": 1,
"jsonrpc": "1.0",
"method": "get",
"params": [
{
"data": {
"system": "FGT",
"used_only": 0
},
"url": "/um/object/list"
}
],
"session": "hdRJAukKyAHEw+I6bZcn0wxxeWWBYDSOU6kq2aYvMgWOQJMBvo+YwdRonWgie93RF/80VgAUcTMNp7nLPIO/FVOCg3J7QFF8",
"verbose": 1
}
RESPONSE:
{
"id": 1,
"result": [
{
"data": {
"object_list": {
"05000000IPGE00000": {
"latest_verdate": "2002080500",
"latest_version": 131120,
"latest_versize": 1080752,
"obj_desc": "IP Geo DB",
"obj_used": 0,
"objid": "05000000IPGE00000",
"prefer_version": 0,
"version_list": {
"00002.00048": {
"date": "2002080500",
"size": 1080752,
"version": 131120
}
}
},
"05004000NIDS02200": {
"latest_verdate": "2003102346",
"latest_version": 983833,
"latest_versize": 369848,
"obj_desc": "IPS Meta-Data",
"obj_used": 0,
"objid": "05004000NIDS02200",
"prefer_version": 0,
"version_list": {
"00015.00793": {
"date": "2003102346",
"size": 369848,
"version": 983833
}
}
},
"05004000NIDS02300": {
"latest_verdate": "2003102346",
"latest_version": 983833,
"latest_versize": 78128,
"obj_desc": "AppCat Meta-Data",
"obj_used": 0,
"objid": "05004000NIDS02300",
"prefer_version": 0,
"version_list": {
"00015.00793": {
"date": "2003102346",
"size": 78128,
"version": 983833
}
}
}
},
"system": "FGT",
"used_only": 0
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/object/list"
}
]
}
15.10. How to export/import FortiGuard objects?#
Caught in #077802 (FortiManager 7.2.2).
These export/import operations were implemented to enable an air-gapped FortiManager to receive FortiGuard updates automatically.
For example, they can be used in a typical data-diode (OT environment) scenario:
INTERNET + FMG1 + DEVOPS ---- [data-diode >>>] ---- FMG2 + managed devices
where:
INTERNETrepresents the public FortiGuard servers.FMG1is the FortiManager instance connected to the Internet to retrieve FortiGuard objects.DEVOPSis an external system capable of triggering FortiManager JSON RPC API operations.The
data-diodeallows traffic to flow only from left to right.FMG2is the air-gapped FortiManager that cannot access public FortiGuard servers and manages FortiGate devices internally.
In this setup, the DEVOPS system can:
Use the FortiManager API to export FortiGuard objects from
FMG1.Use the FortiManager API to import FortiGuard objects into
FMG2.
Traffic from DEVOPS to FMG2 is permitted by the data-diode since it
flows in the allowed left-to-right direction.
15.10.1. How to export a FortiGuard Object?#
To export a FortiGuard object, you need to know its objid.
This is what is showing up in the FortiManager GUI when you navigate to FortiGuard > Package > Receive Status:
Note
You can also obtain a list of available FortGuard objects via the FortiManager JSON RPC API (see section How to get the list of FortiGuard objects downloaded by FortiManager?).
To export 06002000NIDS02400 (Signature Meta Data (IPS Regular))
FortiGuard Object:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"category": {
"fds": {
"objid": [
"06002000NIDS02400"
]
}
},
"flags": "base64"
},
"url": "/um/object/export"
}
],
"session": "{{session}}"
}
Note
The
objidattribute is a list; you could pass muliple FortiGuard objectsThe
base64value for theflagsattribute is required if you want to get the requested FortiGuard objects returned in base64 format in the API response.If the
flagsattribute is omitted, FortiGuard objects will be placed in the FortiManager filesystem (in folder/var/tmp/um/export)
{
"id": 3,
"result": [
{
"data": {
"category": {
"fds": {
"base64": "UFVURjA0MDAwMDAwAwAAAHiZEABAAAAAMj[...]",
}
},
"taskid": 58
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/object/export"
}
]
}
Note
The
base64attribute contains all the requested FortiGuard objects in base64 format
Starting with FortiManager 8.0.0 (#1125122), the export has been improved in
term of flexibility with the addition of the filter attribute. You can now
export specific FortiGuard objects based on different criteria: by system (e.g.
FGT, FCT, etc) or by version.
For instance, if you want to export all FortiGuard objects, you can use following example:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"category": {
"fds": {
"filter": {
"export-all": 1
}
}
},
"flags": "base64"
},
"url": "/um/object/export"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"category": {
"fds": {
"base64": "UFVURjA0MDAwMDAwAwAAAHiZEABAAAAAMj[...]",
}
},
"taskid": 222
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/object/export"
}
]
}
Note
If you get the following response:
{
"id": 3,
"result": [
{
"status": {
"code": -10,
"message": "The data is invalid for selected url"
},
"url": "/um/object/export"
}
]
}
then try again with this debug enabled in your FortiManager console:
diagnose debug application fdssvrd 255
diagnose debug enable
If you observe the following debug output:
__base64_by_file,4416: too large for base64 export. 1473055431 vs 500000000
then it means the base64 output is too large…
You can also export FortiGuard objects based on their system and version. The following example exports all FortiGuard objects for FortiGate systems with version 7.6 and 7.4 and for FortiClient systems regardless of their version:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"category": {
"fds": {
"filter": {
"system": {
"FCT": [],
"FGT": [
"7.6",
"7.4"
]
}
}
}
},
"flags": "base64"
},
"url": "/um/object/export"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"category": {
"fds": {
"base64": "UFVURjA0MDAwMDAwAwAAAHiZEABAAAAAMj[...]",
}
},
"taskid": 225
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/object/export"
}
]
}
Note
The
systemattribute allows to specify one or multiple Fortinet products (e.g.FGT,FCT, etc)The version list for each system allows to specify one or multiple versions; if the version list is empty (as for
FCTin the example above), then all versions are exported for the specified system.
You can also export FortiGuard objects based on their object type and version as shown in the below example:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"category": {
"fds": {
"filter": {
"object": [
{
"objid": "07002000NIDS02600",
"version": [
"34.89",
"34.90"
]
},
{
"objid": "07004000APDB00100",
"version": [
"all"
]
},
{
"objid": "07004000SFAS00000"
}
]
}
}
},
"flags": "base64"
},
"url": "/um/object/export"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"data": {
"category": {
"fds": {
"base64":
"UFVURjA0MDAwMDAwAwAAAHiZEABAAAAAMj[...]",
}
}
},
"taskid": 233
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/object/export"
}
]
}
You can also explore the other flags delta and only that you can see as
available options when using:
fmupdate ftp fds-export ?
and shows their corresponding API form by enabling debug in FortiManager:
diagnose debug application fdssvrd 255
diagnose debug enable
15.10.2. How to import a FortiGuard Object?#
To import a FortiGuard object, you need to pass the base64 output you obtain at the time your exported it (see section How to export a FortiGuard Object?):
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"base64": "UFVURjA0MDAwMDAwAwAAAHiZEABAAAAAMj[...]",
}
},
"url": "/um/object/import"
}
],
"session": "{{session}}"
}
Note
The
base64attribute is set with the base64 output of one or multiple FortiGuard objects
{
"id": 3,
"result": [
{
"data": {
"taskid": 59
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/object/import"
}
]
}
Hint
If you want to control the effectiveness of the import operation for the
FortiGuard Object with objid 06002000NIDS02400, you can perform
the following operation:
Check this FortiGuard object exists using FortiManager CLI
Enter:
diagnose fmupdate list-object fds 06002000/NIDS02400
You should get this output:
06002000/NIDS02400 06002000/NIDS02400/00026.00713-2401110136
Export the FortiGuard object to save it in an external system
Delete the FortiGuard object using FortiManager CLI
Enter:
fmupdate del-object fds 06002000/NIDS02400
You should get this output:
06002000/NIDS02400 06002000/NIDS02400/00026.00713-2401110136 This operation will delete all fds 06002000/NIDS02400 objects. Do you want to continue? (y/n)
Enter
ythen ENTER to confirm the delete operationCheck this FortiGuard object does no longer exist using FortiManager CLI
Enter:
diagnose fmupdate list-object fds 06002000/NIDS02400
You should get this output:
no object was found for service "fds" by type "06002000/NIDS02400". Command fail. Return code -9999
Import the FortiGuard Object as described in this section
Check this FortiGuard object is back using FortiManager CLI
Enter:
diagnose fmupdate list-object fds 06002000/NIDS02400
You should get this output:
06002000/NIDS02400 06002000/NIDS02400/00026.00713-2401110136
15.11. How to export/import Entitlement?#
Caught in #0778029.
TBD.
15.12. Local External Resources#
Starting with FortiManager 7.4.1 and 7.2.5 (#0934664), it is possible to manage External Threat Feeds using Local External Resources files hosted by FortiManager.
Note
The following url is used in this section:
/pm/config/global/_external/resource
This refers to the Global ADOM for convenience. Alternatively, you can use:
/pm/config/adom/<adom>/_external/resource
Both forms yield the same result. External resource files are accessible to all ADOMs.
15.12.1. How to add a local external resource?#
15.12.1.1. Using FortiManager JSON RPC API for adding a local external resource#
The following example shows how to add the local_external_resource_001.txt
local external resource:
{
"method": "set",
"params": [
{
"url": "/pm/config/global/_external/resource/local_external_resource_001.txt",
"data": {
"content": "10.0.0.1\n10.0.0.2\n10.0.0.3\n"
},
"session": "{{session}}"
}
]
}
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource/local_external_resource_001.txt"
}
]
}
15.12.1.2. Using REST API for adding a local external resource#
The following example shows how to add the local_external_resource_002.txt
local external resource file:
curl -sk -u devops:fortinet -X PUT \
https://10.210.35.112/jsonrpc/pm/config/global/_external/resource/local_external_resource_002.txt \
--data-binary @local_external_resource_002.txt | jq
Note
File local_external_resource_002.txt is with following content:
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource/local_external_resource_002.txt"
}
]
}
15.12.2. How to get the list of local external resources?#
Caught in #0953203 (7.2.5/7.4.2).
15.12.2.1. Using FortiManager JSON RPC API for getting the list of local external resources#
The following example shows how to get the list of local external resources:
{
"id": 3,
"method": "get",
"params": [
{
"url": "pm/config/global/_external/resource"
}
],
"session": "{{session}}",
"verbose": 1
}
{
"id": 3,
"result": [
{
"data": [
{
"modified": 1753994876,
"name": "local_external_resource_002.txt",
"size": 45
},
{
"modified": 1753994558,
"name": "local_external_resource_001.txt",
"size": 27
}
],
"status": {
"code": 0,
"message": "OK"
},
"url": "pm/config/global/_external/resource"
}
]
}
15.12.2.2. Using REST API for getting the list of local external resources#
The following example shows how to get the list of local external resources:
curl -sk -u devops:fortinet -X GET \
https://10.210.35.112/jsonrpc/pm/config/global/_external/resource | jq
{
"result": [
{
"data": [
{
"modified": 1753994876,
"name": "local_external_resource_002.txt",
"size": 45
},
{
"modified": 1753994558,
"name": "local_external_resource_001.txt",
"size": 27
}
],
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource"
}
]
}
15.12.3. How to get the content of a local external resource?#
15.12.3.1. Using FortiManager JSON RPC API for getting the content of a local external resource#
The following example shows how to retrieve the content of the
local_external_resource_001.txt local external resource:
{
"id": 3,
"method": "get",
"params": [
{
"url": "pm/config/global/_external/resource/local_external_resource_001.txt"
}
],
"session": "{{session}}",
"verbose": 1
}
{
"id": 3,
"result": [
{
"data": {
"content": "10.0.0.1\n10.0.0.2\n10.0.0.3\n"
"modified": 1753994558,
"name": "local_external_resource_001.txt",
"size": 27
},
"status": {
"code": 0,
"message": "OK"
},
"url": "pm/config/global/_external/resource/local_external_resource_001.txt"
}
]
}
15.12.3.2. Using REST API for getting the content of a local external resource#
The following example shows how to retrieve the content of the
local_external_resource_002.txt local external resource:
curl -sk -u devops:fortinet -X GET \
https://10.210.35.112/jsonrpc/pm/config/global/_external/resource/local_external_resource_002.txt
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
10.0.0.5
Note
This is not a JSON output.
15.12.4. How to replace the entire content of a local external resource?#
15.12.4.1. Using FortiManager JSON RPC API for replacing the content of a local external resource#
The example below shows how to replace the content of the
local_external_resource_001 local external resource:
{
"id": 3,
"method": "set",
"params": [
{
"data": {
"content": "10.1.0.1\n10.1.0.2\n10.1.0.3\n"
},
"url": "pm/config/global/_external/resource/local_external_resource_001.txt"
}
],
"session": "{{session}}"
}
Note
You just need to reapply the API call used when you created that local
external resource (see How to add a local external resource?)
but with a new content block.
{
"id": 3,
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "pm/config/global/_external/resource/local_external_resource_001.txt"
}
]
}
15.12.4.2. Using REST API for replacing the content of a local external resource#
The example below shows how to replace the content of the
local_external_resource_002 local external resource:
curl -sk -u devops:fortinet -X PUT \
https://10.210.34.120/jsonrpc/pm/config/global/_external/resource/local_external_resource_002.txt \
--data-binary @local_external_resource_002.txt | jq
Note
You just need to reapply the API call used when you created that local
external resource (see How to add a local external resource?)
but with a new content block.
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource/local_external_resource_002.txt"
}
]
}
15.12.5. How to delete a local external resource?#
15.12.5.1. Using FortiManager JSON RPC API for deleting a local external resource#
The example below shows how to replace the content of the
local_external_resource_002.txt local external resource:
curl -sk -u devops:fortinet -X DELETE \
https://10.210.35.112/jsonrpc/pm/config/global/_external/resource/local_external_resource_002.txt \
| jq
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource/local_external_resource_002.txt"
}
]
}
The following example shows how to delete the local external resource named
local_external_resource_001.txt:
{
"method": "delete",
"params": [
{
"url": "/pm/config/global/_external/resource/local_external_resource_001.txt",
"session": "{{session}}"
}
]
}
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource/local_external_resource_001.txt"
}
]
}
15.12.5.2. Using REST API for deleting a local external resource#
The following example shows how to delete the local external resource named
local_external_resource_002.txt:
curl -sk -u devops:fortinet -X DELETE \
https://10.210.35.112/jsonrpc/pm/config/global/_external/resource/local_external_resource_002.txt \
| jq
{
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/global/_external/resource/local_external_resource_002.txt"
}
]
}
15.13. Remote External Resources#
Starting in version 7.6.3 (#1039834), FortiManager supports downloading external resources from a web server.
Once downloaded by FortiManager, the file becomes a local external resource.
15.13.1. How to add a remote external resource?#
The following example shows how to add a remote external resource file named remote_external_resource_001:
{
"id": 3,
"method": "add",
"params": [
{
"data": {
"http_auth": 0,
"name": "remote_external_resource_001",
"refresh_rate": 5,
"status": 1,
"url": "http://www.url-001.com/filename_001.txt",
"use_web_proxy": 0
},
"url": "/um/external_resource"
}
],
"session": "{{session}}",
}
Note
http_auth: 0: No authentication is required to access the URL.refresh_rate: 5: FortiManager will check the URL and refresh the file every 5 minutes.use_web_proxy: 0: FortiManager will access the URL directly, without using a proxy.
{
"id": 3,
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/external_resource"
}
]
}
15.13.2. How to get the existing remote external resources?#
The following example shows how to get the list of existing remote external resources:
{
"id": 3,
"method": "get",
"params": [
{
"url": "/um/external_resource"
}
],
"session": "{{session}}",
"verbose": 1
}
{
"id": 3,
"result": [
{
"data": {
"object_list": [
{
"comment": "",
"filename": "filename_001.txt",
"http_auth": 0,
"http_auth_password": "ENC [TRUNCATED]",
"http_auth_username": "",
"name": "remote_external_resource_001",
"refresh_rate": 5,
"status": 1,
"type": 0,
"url": "http://www.url-001.com/filename_001.txt",
"use_web_proxy": 0
},
{
"comment": "",
"filename": "filename_002.txt",
"http_auth": 0,
"http_auth_password": "ENC [TRUNCATED]",
"http_auth_username": "",
"name": "remote_external_resource_002",
"refresh_rate": 5,
"status": 1,
"type": 0,
"url": "https://www.url-002.com/filename_002.txt",
"use_web_proxy": 0
}
]
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/external_resource"
}
]
}
15.13.3. How to delete a remote external resource?#
The following example shows how to delete the
remote_external_resource_001:
{
"id": 3,
"method": "delete",
"params": [
{
"data": {
"name": "foobar"
},
"url": "/um/external_resource"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/external_resource"
}
]
}
15.13.4. How to check for an external resource?#
Caught in #1140702.
The capability of FortiManager to fetch a remote external resource can be validated using the FortiManager API to check the corresponding URL.
The example below describes how to check for an URL prior to set it in a remote external resource:
{
"id": 3,
"method": "exec",
"params": [
{
"data": {
"opt": "check_url",
"url": "http:/www.url-003.com"
},
"url": "/um/external_resource"
}
],
"session": "{{session}}"
}
{
"id": 3,
"result": [
{
"status": {
"code": 0,
"message": "OK"
},
"url": "/um/external_resource"
}
]
}
This output indicates that the http://www.url-003.com is valid.
An invalid URL would produce the following output:
{
"id": 3,
"result": [
{
"status": {
"code": -6,
"message": "Invalid url"
},
"url": "/um/external_resource"
}
]
}