Skip to main content

Cyware Orchestrate

Fortinet FortiGate Firewall

App Vendor: Fortinet

App Category: Network Security

Connector Version: 2.3.1

API Version: v2

About App     

Fortinet FortiGate Firewall is a next-generation firewall that supports packet filtering, IPSec, SSL VPNs, network monitoring, IP mapping, and content inspection. The Fortinet FortiGate Firewall app allows security teams to integrate with the Fortinet FortiGate Firewall enterprise application to utilize the deep inspection capabilities to identify threats and block them. It provides the ability to remove blind spots with SSL inspection, automate threat protection, share threat intelligence across the entire digital attack, and offers robust protection from known and unknown attacks.

The Fortinet FortiGate Firewall app in the Orchestrate application performs the following actions:

Action

Description

Create Address Group 

This action creates an address group which includes the address objects.

Create Address Object 

This action creates a new address object.

Get Address Group by Name 

This action fetches information about an address group based on the address group name.

Get All Address Objects 

This action fetches all the address objects in the environment.

Get Address Object by Name 

This action fetches information about an address object based on the address object name.

Update Address Group 

This action adds or removes an address object to the address group based on the address group name.

Update Address Object 

This action updates an existing address object with the provided data such as IP address or IP range.

Delete Address Object 

This action deletes a network address object.

Create Firewall Policy 

This actions creates a firewall policy.

Update Firewall Policy 

This action updates a firewall policy.

Move Firewall Policy 

This action moves the position of firewall policies.

Delete Firewall Policy 

This action deletes a firewall policy.

List Firewall Policies 

This action lists firewall policies.

List Banned IPs 

This action lists all the banned IPv4 and IPv6 addresses.

Ban IP 

This action blocks access for a specified IP address.

Unban IP 

This action restores access for a specified IP address.

List Firewall Services 

This action lists all the firewall services.

Create Firewall Service 

This action creates a firewall service.

Update Firewall Service 

This action updates a firewall service.

Delete Firewall Service 

This action deletes a firewall service.

List Firewall Service Groups 

This action lists all firewall service groups.

Create Firewall Service Group 

This action creates a firewall service group.

Update Firewall Service Group 

This action updates a firewall service group.

Delete Firewall Service Group 

This action deletes a firewall service group.

List System VDOMs 

This action lists all the virtual domains.

List Firewall Address IPv6 Groups 

This action lists all the IPv6 address groups.

Create Firewall Address IPv6 Group 

This action creates an IPv6 address group.

Update Firewall Address IPv6 Group 

This action updates an IPv6 address group.

Delete Firewall Address IPv6 Group 

This action deletes an IPv6 address group.

List Firewall Address IPv6 Multicasts 

This action lists all the IPv6 multicast addresses.

Create Firewall Address IPv6 Multicast 

This action creates an IPv6 multicast address.

Update Firewall Address IPv6 Multicast 

This action updates an IPv6 multicast address.

Delete Firewall Address IPv6 Multicast 

This action deletes an IPv6 multicast address.

Configuration Parameters

The following configuration parameters are required for the Fortinet Fortigate app to communicate with the Fortinet Fortigate enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required/Optional

Comments

API Key 

Enter the API key created using the Fortigate CLI.

Password

Required

Vdom 

Enter the name of the virtual domain to connect.

Example:

root

Text

Optional

Default value:

root

Verify 

Select whether to perform the SSL certificate verification.

Text

Required

Default value:

false

Allowed values:

  • true

  • false

Timeout 

Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Fortinet FortiGate Firewall.

Integer

Optional

Allowed Range:

15-120

Default value:

15

Endpoint URL 

Enter the URL of the Fortigate host.

Example:

http[s]://<fortigate-host>/

Text

Required

Action: Ban IP

This action blocks access for a specified IP address.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

IP Address

Enter a comma-separated list of IP addresses (IPv4 or IPv6) to block.

List

Required

Allowed type:

IPv4, IPv6

Expiry

Enter the duration (in seconds) to block the IP address. Enter 0 to block it indefinitely. 

Integer

Optional

Default value is 0.

Example Request

[
  {
    "ip_addresses": [
      "1.1.1.1"
    ]
  }
]
Action: Create Address Group

This action creates an address group which includes the address objects with the given name.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Address Group Name 

Enter the name of the address group to create.

Text

Required

Address Object Name 

Enter the name of the address object to add to the newly created address group.

Text

Required

Example Request 

[
    {
        "address_name": "new-object-06-21-205118-0",
        "address_group_name": "new-object-06-21-205118-3"
    }
]
Action: Create Address Object

This action creates a new address object.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Address Object Name 

Enter the name of the address object to create.

Text

Required

You can also pass additional parameters to create an address object such as Object Type, IP address, Subnet, Start of IP Range, End of IP Range, and Fully Qualified Domain Name.

  • For an "ipmask" object type, it is mandatory to enter the IP address.

  • For an "iprange" object type, it is mandatory to enter the start and end of IP range.

  • For an "fqdn" object type, it is mandatory to enter the fully qualified domain name.

Object Type

Specify the type of address object to create.

Text

Optional

Allowed values:

ipmask, iprange, fqdn

Default value:

ipmask

IP Address

Specify the IP address.

Text

Optional

This is mandatory for ipmask object type.

Subnet

Specify the subnet.

Text

Optional

Default:

255.255.255.255

Start of IP Range

Specify the start of IP range.

Text

Optional

This is mandatory for iprange object type.

End of IP Range

Specify the end of IP range.

Text

Optional

This is mandatory for iprange object type.

Fully Qualified Domain Name

Specify the fully qualified domain name.

Text

Optional

This is mandatory for fqdn object type.

Example Request 

[
  {
    "subnet": "255.255.255.255",
    "ip_address": "1.1.1.1",
    "object_type": "ipmask",
    "address_name": "tes1t193112"
  }
]
Action: Create Firewall Address IPv6 Group

This action creates an IPv6 address group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the address group to create.

Text

Required

Members

Enter the comma-separated list of service objects (service or service group names).

Any

Required

You can retrieve service names using the action List Firewall Services.

You can retrieve service group names using the action List Firewall Service Groups.

Extra Fields

Enter the extra fields to create the group.  

Key value

Optional

Allowed keys:

uuid, color, comment, exclude, exclude-member, tagging, fabric-object

Note

Ensure to include at least one extra field to make the request.

Example Request

[
  {
    "name": "Test",
    "extra_fields": {
      "color": "10",
      "member": [
        {
          "name": "Testnew"
        }
      ]
    }
  }
]
Action: Create Firewall Address IPv6 Multicast

This action creates an IPv6 multicast address.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the address to create.

Text

Required

IPv6 Subnet

Enter the IPv6 address prefix in  format.

Text

Required

Allowed format:

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx/xxx

Extra Data

Enter the extra data to be added.

Key value

Optional

Allowed keys:

comment, color, tagging

Example Request

[
  {
    "name": "test",
    "subnet": "ff08::2",
    "extra_data": {}
  }
]
Action: Create Firewall Policy

This action creates a firewall policy that define the direction of traffic, the processing method, and the permissions required for traversing the firewall.

Action Input Parameters 

Parameter 

Description 

Field Type 

Required/Optional 

Comments 

Name 

Enter the policy name. 

Text

Required

Source Interfaces 

Enter the comma-separated list of incoming (ingress) interfaces.

List

Required

Destination Interfaces 

Enter the comma-separated list of incoming (egress) interfaces.

List 

Required

Action 

Specify the action to accept or deny sessions that match the firewall policy.

Text

Required

Allowed values:

accept and block

Services 

Enter the comma-separated list of service and service group names. 

List

Required

You can retrieve this using the action List Firewall Services or List Firewall Service Groups.

Extra Fields 

Enter the extra parameters to create the firewall policy.

Key value

Optional

Allowed keys:

vdom, description, source, source6, destination, destination6, negate_source_address, negate_destination_address, negate_service, status, log, schedule, nat

Example Request

[
  {
    "name": "9.0.7.6",
    "action": "accept",
    "services": [
      {
        "name": "ALL"
      }
    ],
    "extra_fields": {},
    "source_interfaces": [
      {
        "name": "port1"
      }
    ],
    "destination_interfaces": [
      {
        "name": "port1"
      }
    ]
  }
]
Action: Create Firewall Service

This action creates a firewall service.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service to create.

Text

Required

Extra Fields

Enter the extra fields to create the service. 

Key value

Optional

Allowed keys:

uuid, proxy, protocol, category, helper, iprange, fqdn, protocol-number, icmptype, icmpcode, tcp-portrange, udp-portrange, sctp-portrange, tcp-halfclose-timer, tcp-halfopen-timer, tcp-timewait-timer, tcp-rst-timer, udp-idle-timer, session-ttl, check-reset-range, comment, color, app-service-type, app-category, application, fabric-object

Example Request

[
  {
    "name": "FirewallService2",
    "extra_fields": {}
  }
]
Action: Create Firewall Service Group

This action creates a firewall service group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service group to create.

Text

Required

Members

Enter the comma-separated list of service objects (service or service group names).

Any

Required

You can retrieve service names using the action List Firewall Services.

You can retrieve service group names using the action List Firewall Service Groups.

Extra Fields

Enter the extra fields to create the firewall service group. 

Key value

Optional

Allowed keys:

proxy, comment, color, uuid, fabric-object

Note

Ensure to include at least one extra field to make the request.

Example Request

[
  {
    "name": "Test23451212",
    "members": [
      {
        "name": "ALL"
      }
    ],
    "extra_fields": {
      "color": "10"
    }
  }
]
Action: Delete Address Object

This action deletes a network address object.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Address Object Name

Enter the name of a network address object that you need to delete.

Example:

new-object-06-21-205118-3

Text

Required

Example Request

[
    {
        "object_name": "new-object-06-21-205118-0"
    }
]
Action: Delete Firewall Address IPv6 Group

This action deletes an IPv6 address group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the address group to delete.

Text

Required

You can retrieve this using the action List Firewall Address IPv6 Groups.

Example Request

[
  {
    "name": "Test"
  }
]
Action: Delete Firewall Address IPv6 Multicast

This action deletes an IPv6 multicast address.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the address to delete.

Text

Required

You can retrieve this using the action List Firewall Address IPv6 Multicasts.

Example Request

[
  {
    "name": "test"
  }
]
Action: Delete Firewall Policy

This action deletes a firewall policy.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Policy ID

Enter the ID of the policy to delete.

Text

Required

You can retrieve this using the action List Firewall Policies.

Example Request

[
  {
    "policy_id": "12"
  }
]
Action: Delete Firewall Service

This action deletes a firewall service.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service to delete.

Text

Required

You can retrieve this using the action List Firewall Services.

Example Request

[
  {
    "name": "FirewallService1"
  }
]
Action: Delete Firewall Service Group

This action deletes a firewall service group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service group to delete.

Text

Required

You can retrieve this using the action List Firewall Service Groups.

Example Request

[
  {
    "name": "Test23451212"
  }
]
Action: Get Address Group By Name

This action fetches information about an address group based on the address group name.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Address Group Name 

Enter the name of the address group using which you can retrieve the address group details.

Text

Required

Example Request 

[
    {
        "address_group_name": "new-object-06-21-205118-3"
    }
]
Action: Get All Address Objects

This action fetches all the address objects in the environment.

Action Input Parameters 

This action does not require any input parameters.

Action: Get Address Object By Name

This action fetches information about an address object based on the address object name.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Address Object Name 

Enter the name of the address object to retrieve using which you can retrieve the address object details.

Text

Required

Example Request 

[
    {
        "address_name": "new-object-06-21-205118-0
    }
]
Action: List Banned IPs

This action lists all the banned IPv4 and IPv6 addresses.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Filters

Enter the filters to narrow down the response. 

Key value

Optional

Example Request

[
  {
    "filters": {}
  }
]
Action: List Firewall Address IPv6 Groups

This action lists all the IPv6 address groups.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the specific address group to retrieve. 

Text

Optional

Default value is None.

Filters

Enter the filters to narrow down the response. 

Key value

Optional

Allowed keys:

attr, count, acs, skip_to, search, scope, datasource, with_meta, skip, format, action, vdom

Example Request

[
  {
    "filters": {}
  }
]
Action: List Firewall Address IPv6 Multicasts

This action lists all the IPv6 multicast addresses.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the specific multicast address to retrieve. 

Text

Optional

Default value is None.

Filters

Enter the filters to narrow down the response. 

Key value

Optional

Allowed keys:

attr, count, acs, skip_to, search, scope, datasource, with_meta, skip, format, action, vdom

Example Request

[
  {
    "filters": {}
  }
]
Action: List Firewall Policies

This action lists firewall policies.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Policy ID

Enter the ID of the policy to get a particular policy response.

Text

Optional

Filters

Enter the filters to narrow down the response.

Key value

Optional

Allowed keys:

attr, count, skip_to, acs, search, scope, datasource, with_meta, skip, format, action, vdom

Example Request

[
  {
    "filters": {},
    "policy_id": "6"
  }
]
Action: List Firewall Service Groups

This action lists all firewall service groups.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the service group name to retrieve the specific service group.

Text

Optional

Default value is None.

Filters

Enter the filters to narrow down the response. 

Key value

Optional

Allowed keys:

attr, count, skip_to, acs, search, scope, datasource, with_meta, skip, format, action, vdom

Example Request

[
  {
    "filters": {}
  }
]
Action: List Firewall Services

This action lists all the firewall services.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service to retrieve the specific service. 

Text

Optional

Default value is None.

Filters

Enter the filters to narrow down the response. 

Key value

Optional

Allowed keys:

acs, attr, count, skip_to, search, scope, datasource, with_meta, skip, format, action, vdom

Example Request

[
  {
    "filters": {}
  }
]
Action: List System VDOMs

This action lists all the virtual domains.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the virtual domain name to retrieve a particular virtual domain.

Text

Optional

Filters

Enter the filters to narrow down the response. 

Key value

Optional

Allowed keys:

attr, count, acs, skip_to, search, scope, datasource, with_meta, skip, format, action, vdom

Example Request

[
  {
    "filters": {}
  }
]
Action: Move Firewall Policy

This action moves the position of firewall policies.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Policy ID

Enter the ID of the policy to move.

Text

Required

You can retrieve this using the action List Firewall Policies.

Position

Specify the position to place the policy relative to its neighbor, indicating whether to position it before or after.

Text

Required

Allowed values:

before, after

Neighbor

Enter the ID of the neighboring policy.

Text

Required

You can retrieve this using the action List Firewall Policies.

Example Request

[
  {
    "neighbor": "10",
    "position": "after",
    "policy_id": "8"
  }
]
Action: Unban IP

This action restores access for a specified IP address.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

IP Address

Enter the comma-separated list of IP addresses (IPv4 or IPv6) to restore access.

List

Required

You can retrieve this using the action List Banned IPs.

Example Request

[
  {
    "ip_addresses": [
      "1.1.1.1"
    ]
  }
]
Action: Update Address Group

This action adds or removes an address object to the address group based on the address group name.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Address Group 

Enter the name of the address group to update.

Text

Required

Want to Remove 

Choose true to remove the address data.

Boolean

Required

Allowed values:

  • true

  • false

Address Name 

Enter the name of address object to add to or remove from address group.

Text

Optional

Example Request 

[
    {
        "address_group_name": "new-object-06-21-205118-0",
        "remove": true,
        "address_name": "new-object-06-21-205118-3"
    }
]
Action: Update Address Object

This action updates an existing address object with the provided data such as IP address or IP range.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Address Object Name 

Enter the name of the address object to update.

Example:

new-object-06-21-205118-3

Text

Required

You can also pass additional parameters to the action such as Object Type, IP address, Subnet, Start of IP Range, End of IP Range, and Fully Qualified Domain Name.

Example Request 

[
    {
        "ip_address": "44.33.22.11",
        "address_name": "new-object-06-21-205118-0"
    }
]
Action: Update Firewall Address IPv6 Group

This action updates an IPv6 address group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the address group to update.

Text

Required

You can retrieve this using the action List Firewall Address IPv6 Groups.

Extra Fields

Enter the extra fields to update the group. 

Key value

Optional

Allowed keys:

uuid, color, comment, exclude, exclude-member, tagging, fabric-object

Example Request

[
  {
    "name": "Test",
    "extra_fields": {
      "color": "11"
    }
  }
]
Action: Update Firewall Address IPv6 Multicast

This action updates an IPv6 multicast address.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the address to update.

Text

Required

You can retrieve this using the action List Firewall Address IPv6 Multicasts.

Extra Data

Enter any extra fields to update. 

Key value

Optional

Allowed keys:

comment, color, tagging

Example Request

[
  {
    "name": "test",
    "extra_data": {
      "color": "10"
    }
  }
]
Action: Update Firewall Policy

This action updates a firewall policy.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Policy ID

Enter the policy ID to update.

Text

Required

You can retrieve this using the action List Firewall Policies.

Extra Fields

Enter the extra parameters to update the firewall policy.

Key value

Optional

Allowed keys:

source_interface, destination_interface, description, status, source, destination, service, schedule, action, log, nat, source6, destination6, negate_source, negate_destination, negate_source6, negate_destination6, negate_service, keep_original_data, add_or_remove, vdom

Example Request

[
  {
    "policy_id": "6",
    "extra_fields": {
      "action": "accept"
    }
  }
]
Action: Update Firewall Service

This action updates a firewall service.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service to update.

Text

Required

You can retrieve this using the action List Firewall Services.

Extra Fields

Enter the extra fields to update the service. 

Key value

Optional

Allowed keys:

uuid, proxy, protocol, category, helper, iprange, fqdn, protocol-number, icmptype, icmpcode, tcp-portrange, udp-portrange, sctp-portrange, tcp-halfclose-timer, tcp-halfopen-timer, tcp-timewait-timer, tcp-rst-timer, udp-idle-timer, session-ttl, check-reset-range, comment, color, app-service-type, app-category, application, fabric-object

Example Request

[
  {
    "name": "FirewallService2",
    "extra_fields": {
      "color": "10"
    }
  }
]
Action: Update Firewall Service Group

This action updates a firewall service group.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Name

Enter the name of the service group to update.

Text

Required

You can retrieve this using the action List Firewall Service Groups.

Members

Enter the comma-separated list of service objects (service or service group names).

Any

Required

You can retrieve service names using the action List Firewall Services.

You can retrieve service group name using the action List Firewall Service Groups.

Extra Fields

Enter the extra fields to update the firewall service group.

Key value

Optional

Allowed keys:

uuid, proxy, comment, color, fabric-object

Note

Ensure to include at least one extra field to make the request.

Example Request

[
  {
    "name": "Test234512",
    "members": [
      {
        "name": "DNS"
      }
    ],
    "extra_fields": {}
  }
]