FortiManager supports push updates via JSON API for dynamic address groups objects 7.2.1
FortiManager supports push updates via JSON API for dynamic address groups objects which are not reachable directly to address customers isolated VM infrastructure and role separation cases.
To create a JSON API connector:
- Go to Fabric View and click Create New > JSON API connector.
You can also configure this connector at Policy & Objects > Object Configurations > Fabric Connectors > Endpoint/Identity.
Configure the connector details, and add the tags. - Click OK to save the connector.
- The tags that you created in the connector can now be used in a policy as the FSSO group (adgrp).
- Install the policy with the FSSO group to FortiGate.
Once the policy with the FSSO group(s) are installed on a FortiGate, you can use the JSON API to operate the connector to add users, get FSSO groups, get users, or delete users.
For example:- To manage users:
{ "method": "exec", "params": [ { "data": { "command": "add", "path": "root/test", "group": "tag1", "ip-addr": [ "1.1.1.1", "2.2.2.2" ] }, "url": "/connector/user/manage" } ], "session": "3wiI3MoD4JA6Rfj+ue0sqwqcxg8ND/+XM3iAviX7FJtpVJi6e+bATeipvbePTDgK2h/xbJGyY0g==" } { "result": [ { "status": { "code": 0, "message": "OK" }, "url": "/connector/user/manage" } ] }
- To get FSSO groups (adgrp):
{ "method":"exec", "params":[ { "data":{ "adom":"root", "connector":"test", "server_type":"json" }, "url":"\/connector\/get\/adgrp" } ], "session": "3wiI3MoD4JA6Rfj+ue0sqwqcxg8ND/+XM3iAviX7FJtpVJi6e+bATeipvbePTDgK2h/xbJGyY0g==" } { "result": [ { "data": [ { "desc": "", "id": "", "name": "js_test_tag1", "tag": "" }, { "desc": "", "id": "", "name": "js_test_tag2", "tag": "" }, { "desc": "", "id": "", "name": "js_test_tag3", "tag": "" } ], "status": { "code": 0, "message": "OK" }, "url": "/connector/get/adgrp" } ] }
- To get users:
{ "method":"exec", "params":[ { "data":{ "adom":"root", "connector":"test", "server_type":"json", "type":"connector", "group":"tag1" }, "url":"/connector/get/user" } ], "session": "3wiI3MoD4JA6Rfj+ue0sqwqcxg8ND/+XM3iAviX7FJtpVJi6e+bATeipvbePTDgK2h/xbJGyY0g==" } { "result": [ { "data": [ { "grpname": "js_test_tag1", "ip_addr": "1.1.1.1", "ip_addr6": "::-::", "name": "", "state": 1 }, { "grpname": "js_test_tag1", "ip_addr": "2.2.2.2", "ip_addr6": "::-::", "name": "", "state": 1 } ], "status": { "code": 0, "message": "OK" }, "url": "/connector/get/user" } ] }
- To delete users:
{ "method": "exec", "params": [ { "data": { "command": "delete", "path": "root/test", "group": "tag1", "ip-addr": [ "1.1.1.1" ] }, "url": "/connector/user/manage" } ], "session": "3wiI3MoD4JA6Rfj+ue0sqwqcxg8ND/+XM3iAviX7FJtpVJi6e+bATeipvbePTDgK2h/xbJGyY0g==" } { "result": [ { "status": { "code": 0, "message": "OK" }, "url": "/connector/user/manage" } ] }
- To manage users: