It is possible to operate the FortiManager CMDB configuration using |fmg_api|.
CMDB means all of the config something a FortiManager administrator could
perform via the FortiManager CLI.
The |fmg_api| url for this is:
/cli/global/{something}
where {something} is:
- FortiManager CLI without the
configkeyword - Spaces are replaced with slashes
For instance, when the FortiManager administrator wants to manage the list of existing FortiManager administrators using the CLI, he will do something like:
config system admin user
Hence the corresponding |fmg_api| url will be:
/cli/global/system/admin/user
Caught in #0380729.
This is to get the tablesize (or maximum values) for multiple components of FortiManager.
Following request will dump the tablesize for all components ADOM database:
.. tab-set::
.. tab-item:: REQUEST
.. code-block:: json
{
"id": 3,
"method": "get",
"params": [
{
"url": "/pm/config/adom/root/_data/tablesize"
}
],
"session": "{{session}}",
"verbose": 1
}
.. tab-item:: RESPONSE
.. code-block:: json
{
"id": 3,
"result": [
{
"data": [
{
"items": ["<truncated>"],
"name": "FortiGate",
"tag": "FOS"
},
{
"items": ["<truncated>"],
"name": "Sql-report",
"tag": "LOG"
},
{
"items": ["<truncated>"],
"name": "FortiManager",
"tag": "FMG"
}
],
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/adom/root/_data/tablesize"
}
]
}
It seems possible to get more specific tablesize using URL similar to the following:
/pm/config/adom/root/_data/tablesize/fos
/pm/config/adom/root/_data/tablesize/fos/firewall/policy
/pm/config/adom/root/_data/tablesize/log/sql-report/output
/pm/config/adom/root/_data/tablesize/fmg/system/aggregation-client
/pm/config/adom/root/_data/tablesize/faz
For instance to get the tablesize for the firewall address in ADOM database:
.. tab-set::
.. tab-item:: REQUEST
.. code-block:: json
{
"id": 3,
"method": "get",
"params": [
{
"url": "/pm/config/adom/root/_data/tablesize/fos/firewall/address"
}
],
"session": "{{session}}",
"verbose": 1
}
.. tab-item:: RESPONSE
.. code-block:: json
{
"id": 3,
"result": [
{
"data": [
{
"items": [
{
"name": "firewall address",
"sz": {
"adom": 400000
}
}
],
"name": "FortiGate",
"tag": "FOS"
}
],
"status": {
"code": 0,
"message": "OK"
},
"url": "/pm/config/adom/root/_data/tablesize/fos/firewall/address"
}
]
}
The maximum value for the firewall address table in ADOM database is 400K entries!
REQUEST:
{
"id": 3,
"method": "get",
"params": [
{
"url": "/cli/global/system/admin/user"
}
],
"session": "NH5ns7lDKQlJGvshlHWDv3QaKaraR+43+qwdaPlLq4E/iVlsCNevILyr1kpA78b3/WTj8zHk+lsO31OyXlrVNg==",
"verbose": 1
}RESPONSE:
{
"id": 3,
"result": [
{
"data": [
{
"adom": [
{
"adom-name": "knock_29735"
},
{
"adom-name": "knock_06999"
}
],
"adom-access": "specify",
"app-filter": null,
"avatar": "",
"ca": "",
"change-password": "enable",
"dashboard": [
{
"column": 1,
"diskio-content-type": "util",
"diskio-period": "1hour",
"log-rate-period": "2min",
"log-rate-topn": "5",
"log-rate-type": "device",
"moduleid": 1,
"name": "System Information",
"num-entries": 10,
"refresh-interval": 0,
"res-cpu-display": "average",
"res-period": "10min",
"res-view-type": "history",
"status": "open",
"tabid": 1,
"time-period": "1hour",
"widget-type": "sysinfo"
},
{
"column": 1,
"diskio-content-type": "util",
"diskio-period": "1hour",
"log-rate-period": "2min",
"log-rate-topn": "5",
"log-rate-type": "device",
"moduleid": 2,
"name": "System Resources",
"num-entries": 10,
"refresh-interval": 0,
"res-cpu-display": "average",
"res-period": "10min",
"res-view-type": "real-time",
"status": "open",
"tabid": 1,
"time-period": "1hour",
"widget-type": "sysres"
},
{
"column": 2,
"diskio-content-type": "util",
"diskio-period": "1hour",
"log-rate-period": "2min",
"log-rate-topn": "5",
"log-rate-type": "device",
"moduleid": 4,
"name": "Unit Operation",
"num-entries": 10,
"refresh-interval": 0,
"res-cpu-display": "average",
"res-period": "10min",
"res-view-type": "history",
"status": "open",
"tabid": 1,
"time-period": "1hour",
"widget-type": "sysop"
},
{
"column": 2,
"diskio-content-type": "util",
"diskio-period": "1hour",
"log-rate-period": "2min",
"log-rate-topn": "5",
"log-rate-type": "device",
"moduleid": 5,
"name": "Alert Message Console",
"num-entries": 0,
"refresh-interval": 0,
"res-cpu-display": "average",
"res-period": "10min",
"res-view-type": "history",
"status": "open",
"tabid": 1,
"time-period": "1hour",
"widget-type": "alert"
},
{
"column": 2,
"diskio-content-type": "util",
"diskio-period": "1hour",
"log-rate-period": "2min",
"log-rate-topn": "5",
"log-rate-type": "device",
"moduleid": 6,
"name": "License Information",
"num-entries": 10,
"refresh-interval": 0,
"res-cpu-display": "average",
"res-period": "10min",
"res-view-type": "history",
"status": "open",
"tabid": 1,
"time-period": "1hour",
"widget-type": "licinfo"
},
{
"column": 1,
"diskio-content-type": "util",
"diskio-period": "1hour",
"log-rate-period": "2min",
"log-rate-topn": "5",
"log-rate-type": "device",
"moduleid": 9,
"name": "CLI Console",
"num-entries": 10,
"refresh-interval": 0,
"res-cpu-display": "average",
"res-period": "10min",
"res-view-type": "history",
"status": "open",
"tabid": 1,
"time-period": "1hour",
"widget-type": "jsconsole"
}
],
"dashboard-tabs": null,
"description": "",
"dev-group": "",
"email-address": "",
"ext-auth-accprofile-override": "disable",
"ext-auth-adom-override": "disable",
"ext-auth-group-match": "",
"first-name": "",
"force-password-change": "disable",
"group": "",
"hidden": 0,
"ips-filter": null,
"ipv6_trusthost1": "::/0",
"ipv6_trusthost10": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost2": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost3": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost4": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost5": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost6": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost7": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost8": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"ipv6_trusthost9": "ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff/128",
"last-name": "",
"ldap-server": "",
"login-max": 32,
"meta-data": [
{
"fieldlength": 50,
"fieldname": "Contact Email",
"fieldvalue": "",
"importance": "optional",
"status": "enabled"
},
{
"fieldlength": 50,
"fieldname": "Contact Phone",
"fieldvalue": "",
"importance": "optional",
"status": "enabled"
}
],
"mobile-number": "",
"pager-number": "",
"password": "ENC ",
"password-expire": [
"0000/00/00",
"00:00:00"
],
"phone-number": "",
"policy-package": [
{
"policy-package-name": "all_policy_packages"
}
],
"profileid": "Restricted_User",
"radius_server": "",
"rpc-permit": "none",
"ssh-public-key1": [
""
],
"ssh-public-key2": [
""
],
"ssh-public-key3": [
""
],
"subject": "",
"tacacs-plus-server": "",
"trusthost1": [
"0.0.0.0",
"0.0.0.0"
],
"trusthost10": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost2": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost3": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost4": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost5": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost6": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost7": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost8": [
"255.255.255.255",
"255.255.255.255"
],
"trusthost9": [
"255.255.255.255",
"255.255.255.255"
],
"two-factor-auth": "disable",
"use-global-theme": "enable",
"user-theme": "blue",
"user_type": "local",
"userid": "admin1",
"web-filter": null,
"wildcard": "disable"
},
[...]
],
"status": {
"code": 0,
"message": "OK"
},
"url": "/cli/global/system/admin/user"
}
]
}
To import a certificate with a password protected private key:
REQUEST:
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"certificate": "-----BEGIN CERTIFICATE-----\nMIID[...]KNs=\n-----END CERTIFICATE-----\n",
"comment": "Created via FMG JSON RPC API",
"name": "cert_001",
"password": "fortinet",
"private-key": "-----BEGIN ENCRYPTED PRIVATE KEY-----\nMII[...]Amo+g==\n-----END ENCRYPTED PRIVATE KEY-----\n"
},
"url": "/cli/global/system/certificate/local"
}
],
"session": "{{session}}"
}RESPONSE:
{
"id": 1,
"result": [
{
"data": {
"name": "cert_001"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/cli/global/system/certificate/local"
}
]
}To import a certificate with a non-protected private key:
REQUEST:
{
"id": 1,
"method": "add",
"params": [
{
"data": {
"certificate": "-----BEGIN CERTIFICATE-----\nMIID[...]70A==\n-----END CERTIFICATE-----\n",
"comment": "Created via FMG JSON RPC API",
"name": "cert_002",
"private-key": "-----BEGIN RSA PRIVATE KEY-----\nMII[...]Adg==\n-----END RSA PRIVATE KEY-----\n"
},
"url": "/cli/global/system/certificate/local"
}
],
"session": "{{session}}"
}RESPONSE:
{
"id": 1,
"result": [
{
"data": {
"name": "cert_002"
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/cli/global/system/certificate/local"
}
]
}Using the FortiManager GUI, you can create a new SNMP community and set its name. However, it is not possible to modify the community name from the GUI, even though this is still supported via the CLI and API.
The following example shows how to update the SNMP community name for the first defined SNMP community:
.. tab-set::
.. tab-item:: REQUEST
.. code-block:: json
{
"id": 3,
"method": "set",
"params": [
{
"data": {
"name": "new_name"
},
"url": "/cli/global/system/snmp/community/1"
}
],
"session": "{{session}}"
}
.. tab-item:: RESPONSE
.. code-block:: json
{
"id": 3,
"result": [
{
"data": {
"id": 1
},
"status": {
"code": 0,
"message": "OK"
},
"url": "/cli/global/system/snmp/community/1"
}
]
}