FortiGate
FortiGate Pack.#
This Integration is part of theFortiGate provides flawless convergence that can scale to any location: remote office, branch, campus, data center, and cloud. FortiGate always delivered on the concept of hybrid mesh firewalls with FortiManager for unified management and consistent security across complex hybrid environments. The Fortinet FortiOS operating system provides deep visibility and security across a variety of form factors. This integration was integrated and tested with version 7.2.5 of FortiGate.
#
Configure FortiGate in CortexParameter | Required |
---|---|
Server URL (e.g. https://192.168.0.1) | True |
Account username | False |
Password | False |
API Key | False |
API Key | False |
Trust any certificate (not secure) | False |
Use system proxy settings | False |
#
CommandsYou can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
fortigate-list-firewall-address-ipv4sRetrieve firewall IPv4 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc.
#
Base Commandfortigate-list-firewall-address-ipv4s
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of a specific address to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/220620/config-firewall-address . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/220620/config-firewall-address . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address.Name | String | Address name. |
Fortigate.Address.Subnet | String | IP address and subnet mask of address. |
Fortigate.Address.StartIP | String | First IP address (inclusive) in the range for the address. |
Fortigate.Address.EndIP | String | Final IP address (inclusive) in the range for the address. |
Fortigate.Address.FQDN | String | Fully Qualified Domain Name address. |
Fortigate.Address.MACAddresses | String | Multiple MAC address ranges <start>[-<end>] separated by a space. |
Fortigate.Address.Type | String | Type of the address. Can be: `ipmask`, `iprange`, `fqdn`, `geography`, `wildcard`, `dynamic`, `interface-subnet` or `mac`. |
Fortigate.Address.FabricObject | String | Security Fabric global object setting. Can be `enable` or `disable`. If `enable`, the object is set as a security fabric-wide global object, otherwise the object is local to this security fabric member. |
Fortigate.Address.AllowRouting | String | Enable/disable use of this address in the static route configuration. |
Fortigate.Address.Tagging | String | List of tags associated to the object. |
Fortigate.Address.IPs | String | List of IP addresses. |
Fortigate.Address.SDNAddressType | String | Type of addresses to collect. Can be: `private`, `public`, or `all`. |
Fortigate.Address.AssociatedInterface | String | Network interface associated with the address. |
Fortigate.Address.Comment | String | The object`s comment. |
Fortigate.Address.Dirty | String | Whether the object is clean. |
Fortigate.Address.TagType | String | Tag type of dynamic address object. |
Fortigate.Address.TagDetectionLevel | String | Tag detection level of dynamic address object. |
Fortigate.Address.ObjectType | String | IP or MAC address. |
Fortigate.Address.Interface | String | Name of the interface whose IP address is to be used. |
Fortigate.Address.FSSOGroup | String | Fortinet Single Sign-On group name. |
Fortigate.Address.SDN | String | Software-defined networking. |
Fortigate.Address.SDNTag | String | Software-defined networking tag. |
Fortigate.Address.CacheTTL | Number | Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. |
Fortigate.Address.Country | String | IP addresses associated to a specific country. |
Fortigate.Address.ClearpassSPT | String | System Posture Token value. Can be: `unknown`, `healthy`, `quarantine`, `checkup`, `transient` or `infected`. |
Fortigate.Address.SubType | String | Sub-type of address. Can be: `sdn`, `clearpass-spt`, `fsso`, `ems-tag`, `fortivoice-tag`, `fortinac-tag`, `fortipolicy-tag` or `swc-tag`. |
Fortigate.Address.UUID | String | Universally Unique Identifier. |
Fortigate.Address.ObjectTag | String | Tag of dynamic address object. |
Fortigate.Address.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-address-ipv4s name=playbook-address-ipv4
#
Context Example#
Human Readable Output#
Firewall Address IPv4s
Name Details Type Routable playbook-address-ipv4 IL geography disable
#
fortigate-create-firewall-address-ipv4Create firewall IPv4 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc. The command parameters can be used only in the following combinations: All-[vdom,name,comment,associated_interface], Subnet-[address,mask,allow_routing], IP Range-[start_ip,end_ip], FQDN-[fqdn,allow_routing], Geography-[country], Device (Mac Address)-[mac_addresses].
#
Base Commandfortigate-create-firewall-address-ipv4
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | The name of the address to create. | Required |
address | The IP address. | Optional |
mask | The subnet mask as an IP address. Default value: 255.255.255.255 . | Optional |
fqdn | Fully Qualified Domain Name address. | Optional |
start_ip | First IP address (inclusive) in the range for the address. | Optional |
end_ip | Final IP address (inclusive) in the range for the address. | Optional |
country | IP addresses associated to a specific country. Input must be according to the two-letter counter codes, for example: IL . | Optional |
mac_addresses | Comma-separated list of MAC addresses. Can be single or range. Range must be separated by - , for examlpe: 00:00:00:00:00:00 or 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF . | Optional |
associated_interface | Network interface associated with address. | Optional |
allow_routing | Enable/disable use of this address in the static route configuration. Possible values are: enable, disable. | Optional |
comment | A comment for the address. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address.Name | String | The name of the updated address. |
Frotigate.Address.IPAddress | String | The IP address. |
Frotigate.Address.Mask | String | The subnet mask of the address. |
Frotigate.Address.FQDN | String | The Fully Qualified Domain Name address. |
Frotigate.Address.StartIP | String | First IP address (inclusive) in the range for the address. |
Frotigate.Address.EndIP | String | Final IP address (inclusive) in the range for the address. |
Frotigate.Address.Country | String | IP addresses associated to a specific country. |
Frotigate.Address.MAC | String | MAC addresses. |
#
Command example!fortigate-create-firewall-address-ipv4 name=playbook-address-ipv4 country=IL
#
Context Example#
Human Readable Output#
The firewall address 'playbook-address-ipv4' was successfully created.
#
fortigate-update-firewall-address-ipv4Update firewall IPv4 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc. The command parameters can be used only in the following combinations: All-[vdom,name,comment,associated_interface,type], Subnet-[address,mask,allow_routing], IP Range-[start_ip,end_ip], FQDN-[fqdn,allow_routing], Geography-[country], Device (Mac Address)-[mac_addresses].
#
Base Commandfortigate-update-firewall-address-ipv4
#
InputArgument Name | Description | Required |
---|---|---|
name | The name of the address to update. Names can be retrieved with the command fortigate-list-firewall-address-ipv4s . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
address | The IP address. | Optional |
mask | The subnet mask of the address. | Optional |
fqdn | Fully Qualified Domain Name address. | Optional |
start_ip | First IP address (inclusive) in the range for the address. | Optional |
end_ip | Final IP address (inclusive) in the range for the address. | Optional |
country | IP addresses associated to a specific country. Input must be according to the two-letter counter codes, for example: IL . | Optional |
mac_addresses | Comma-separated list of MAC addresses. Can be single or range. Range must be separated by - , for example: 00:00:00:00:00:00 or 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF . | Optional |
associated_interface | Network interface associated with address. | Optional |
allow_routing | Enable/disable use of this address in the static route configuration. Possible values are: enable, disable. | Optional |
comment | A comment for the address. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address.Name | String | The name of the created address. |
Frotigate.Address.IPAddress | String | The IP address. |
Frotigate.Address.Mask | String | The subnet mask of the address. |
Frotigate.Address.FQDN | String | The Fully Qualified Domain Name address. |
Frotigate.Address.StartIP | String | First IP address (inclusive) in the range for the address. |
Frotigate.Address.EndIP | String | Final IP address (inclusive) in the range for the address. |
Frotigate.Address.Country | String | IP addresses associated to a specific country. |
Frotigate.Address.MAC | String | MAC addresses. |
#
Command example!fortigate-update-firewall-address-ipv4 name=playbook-address-ipv4 comment=helloworld
#
Context Example#
Human Readable Output#
The firewall address 'playbook-address-ipv4' was successfully updated.
#
fortigate-delete-firewall-address-ipv4Delete firewall IPv4 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc.
#
Base Commandfortigate-delete-firewall-address-ipv4
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address to delete. Names can be retrieved with the command fortigate-list-firewall-address-ipv4s . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address.Name | String | The name of the deleted address. |
Frotigate.Address.Deleted | Boolean | Whether the address was deleted. |
#
Command example!fortigate-delete-firewall-address-ipv4 name=playbook-address-ipv4
#
Context Example#
Human Readable Output#
The firewall address 'playbook-address-ipv4' was successfully deleted.
#
fortigate-list-firewall-address-ipv6sRetrieve firewall IPv6 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc.
#
Base Commandfortigate-list-firewall-address-ipv6s
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of a specific address to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/223620/config-firewall-address6 . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/223620/config-firewall-address6 . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6.FabricObject | String | Security Fabric global object setting. Can be `enable` or `disable`. If `enable`, the object is set as a security fabric-wide global object, otherwise the object is local to this security fabric member. |
Fortigate.Address6.SDNTag | String | Software-defined networking tag. |
Fortigate.Address6.Tenant | String | Specifies the instance or environment in a multi-tenancy setup for configuring address objects. |
Fortigate.Address6.HostType | String | Can be a wildcard or a specific host address. |
Fortigate.Address6.SubnetSegment.Name | String | The subnet segment name. |
Fortigate.Address6.SubnetSegment.Type | String | The subnet segment type. Can be a wildcard or a specific address. |
Fortigate.Address6.SubnetSegment.Value | String | The subnet segment value. |
Fortigate.Address6.Template | String | IPv6 address template. |
Fortigate.Address6.Comment | String | The object`s comment. |
Fortigate.Address6.Tagging | String | List of tags associated to the object. |
Fortigate.Address6.IPs | String | List of IP addresses. |
Fortigate.Address6.Country | String | IP addresses associated to a specific country. |
Fortigate.Address6.FQDN | String | Fully Qualified Domain Name address. |
Fortigate.Address6.StartIP | String | First IP address (inclusive) in the range for the address. |
Fortigate.Address6.EndIP | String | Final IP address (inclusive) in the range for the address. |
Fortigate.Address6.IPv6 | String | IPv6 address prefix. |
Fortigate.Address6.SDN | String | Software-defined networking. |
Fortigate.Address6.MACAddresses | Unknown | Multiple MAC address ranges <start>[-<end>] separated by a space. |
Fortigate.Address6.Type | String | Type of IPv6 address object. Can be: `ipprefix`, `iprange`, `fqdn`, `geography`, `dynamic`, `template`, `mac`. |
Fortigate.Address6.UUID | String | Universally Unique Identifier. |
Fortigate.Address6.Name | String | Address name. |
Fortigate.Address6.Host | String | Host address. |
Fortigate.Address6.CacheTTL | Number | Defines the minimal TTL of individual IP addresses in FQDN cache measured in seconds. |
Fortigate.Address6.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-address-ipv6s name=playbook-address-ipv6 comment=helloworld
#
Context Example#
Human Readable Output#
Firewall Address IPv6s
Name Details Type playbook-address-ipv6 IL geography
#
fortigate-create-firewall-address-ipv6Create firewall IPv6 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc. The command parameters can be used only in the following combinations: All-[vdom,name,comment], Subnet-[address,mask], IP Range-[start_ip,end_ip], FQDN-[fqdn], Geography-[country], Fabric Connector Address-[sdn_connector], Device (Mac Address)-[mac_addresses].
#
Base Commandfortigate-create-firewall-address-ipv6
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address to create. | Required |
address | IPv6 address prefix. Can be in short form (e.g., 2001:db8::) or long form (e.g., 0000:0000:0000:0000:0000:0000:0000:0000). | Optional |
mask | Subnet mask indicating the prefix length (format: xxx, range: 0-128). | Optional |
fqdn | Fully Qualified Domain Name address. | Optional |
start_ip | First IP address (inclusive) in the range for the address. | Optional |
end_ip | Final IP address (inclusive) in the range for the address. | Optional |
country | IP addresses associated to a specific country. Input must be according to the two-letter counter codes, for example: IL . | Optional |
mac_addresses | Comma-separated list of MAC addresses. Can be single or range. Range must be separated by - , for example: 00:00:00:00:00:00 or 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF . | Optional |
sdn_connector | Software-defined networking connector enables to interact with SDN controllers. For more information, go to: https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/753961/public-and-private-sdn-connectors. | Optional |
comment | A comment for the address. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address6.Name | String | The name of the updated address. |
Frotigate.Address6.IPAddress | String | The IP address. |
Frotigate.Address6.Mask | String | The subnet mask of the address. |
Frotigate.Address6.FQDN | String | The Fully Qualified Domain Name address. |
Frotigate.Address6.StartIP | String | First IP address (inclusive) in the range for the address. |
Frotigate.Address6.EndIP | String | Final IP address (inclusive) in the range for the address. |
Frotigate.Address6.Country | String | IP addresses associated to a specific country. |
Frotigate.Address6.MAC | String | MAC addresses. |
Frotigate.Address6.SDN | String | Software-defined networking. |
#
Command example!fortigate-create-firewall-address-ipv6 name=playbook-address-ipv6 country=IL
#
Context Example#
Human Readable Output#
The firewall address 'playbook-address-ipv6' was successfully created.
#
fortigate-update-firewall-address-ipv6Update firewall IPv6 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc. The command parameters can be used only in the following combinations: All-[vdom,name,comment,associated_interface], Subnet-[address,mask], IP Range-[start_ip,end_ip], FQDN-[fqdn], Geography-[country], Fabric Connector Address-[sdn_connector], Device (Mac Address)-[mac_addresses].
#
Base Commandfortigate-update-firewall-address-ipv6
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address to update. Names can be retrieved with the command fortigate-list-firewall-address-ipv6s . | Required |
type | The type of the address to update. Possible values are: Subnet, IP Range, FQDN, Geography, Device (Mac Address), Fabric Connector Address. | Optional |
address | The IP address. | Optional |
mask | The subnet mask of the address. | Optional |
fqdn | Fully Qualified Domain Name address. | Optional |
start_ip | First IP address (inclusive) in the range for the address. | Optional |
end_ip | Final IP address (inclusive) in the range for the address. | Optional |
country | IP addresses associated to a specific country. Input must be according to the two-letter counter codes, for example: IL . | Optional |
mac_addresses | Comma-separated list of MAC addresses. Can be single or range. Range must be separated by - , for example: 00:00:00:00:00:00 or 00:00:00:00:00:00-FF:FF:FF:FF:FF:FF . | Optional |
sdn_connector | Software-defined networking connector enables to interact with SDN controllers. For more information, go to: https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/753961/public-and-private-sdn-connectors. | Optional |
comment | A comment for the address. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address6.Name | String | The name of the updated address. |
Frotigate.Address6.IPAddress | String | The IP address. |
Frotigate.Address6.Mask | String | The subnet mask of the address. |
Frotigate.Address6.FQDN | String | The Fully Qualified Domain Name address. |
Frotigate.Address6.StartIP | String | First IP address (inclusive) in the range for the address. |
Frotigate.Address6.EndIP | String | Final IP address (inclusive) in the range for the address. |
Frotigate.Address6.Country | String | IP addresses associated to a specific country. |
Frotigate.Address6.MAC | String | MAC addresses. |
Frotigate.Address6.SDN | String | Software-defined networking. |
#
Command example!fortigate-update-firewall-address-ipv6 name=playbook-address-ipv6
#
Context Example#
Human Readable Output#
The firewall address 'playbook-address-ipv6' was successfully updated.
#
fortigate-delete-firewall-address-ipv6Delete firewall IPv6 addresses. Addresses define sources and destinations of network traffic and can be used in many functions such as firewall policies, ZTNA, etc.
#
Base Commandfortigate-delete-firewall-address-ipv6
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address to delete. Names can be retrieved with the command fortigate-list-firewall-address-ipv6s . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6.Name | String | The name of the address. |
Fortigate.Address6.Deleted | Boolean | Whether the address was deleted. |
#
Command example!fortigate-delete-firewall-address-ipv6 name=playbook-address-ipv6
#
Context Example#
Human Readable Output#
The firewall address 'playbook-address-ipv6' was successfully deleted.
#
fortigate-list-firewall-address-ipv4-multicastsRetrieve firewall IPv4 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It is suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-list-firewall-address-ipv4-multicasts
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of a specific address to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/221620/config-firewall-multicast-address . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/221620/config-firewall-multicast-address . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.AddressMulticast.Tagging | String | List of tags associated to the object. |
Fortigate.AddressMulticast.AssociatedInterface | String | Network interface associated with address. |
Fortigate.AddressMulticast.Comment | String | The object`s comment. |
Fortigate.AddressMulticast.EndIP | String | Final IP address (inclusive) in the range for the address. |
Fortigate.AddressMulticast.StartIP | String | First IP address (inclusive) in the range for the address. |
Fortigate.AddressMulticast.Subnet | String | Broadcast address and subnet. |
Fortigate.AddressMulticast.Type | String | Type of the address multicast. Can be: `multicastrange` or `broadcastmask`. |
Fortigate.AddressMulticast.Name | String | Address multicast name. |
Fortigate.AddressMulticast.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-address-ipv4-multicasts name=playbook-address-ipv4-multicast
#
Context Example#
Human Readable Output#
Firewall Address IPv4 Multicasts
Name Details Type playbook-address-ipv4-multicast 0.0.0.0-0.0.0.0 broadcastmask
#
fortigate-create-firewall-address-ipv4-multicastCreate firewall IPv4 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It`s suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-create-firewall-address-ipv4-multicast
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address multicast to create. | Required |
comment | A comment for the address. | Optional |
associated_interface | Network interface associated with address. | Optional |
type | Specifies the format of the multicast address. Possible values are: Broadcast Subnet, Multicast IP Range. | Required |
first_ip | For Broadcast Subnet , this is the network address. For Multicast IP Range , (inclusive) this is the beginning of the IP range. | Required |
final_ip | For Broadcast Subnet this should be the network mask as an IP address. For Multicast IP Range , (inclusive) this is the end of the IP range. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.AddressMulticast.Name | String | The name of the updated address multicast. |
Frotigate.AddressMulticast.Type | String | Specifies the format of the multicast address. |
Frotigate.AddressMulticast.FirstIP | String | First input IP address. |
Frotigate.AddressMulticast.FinalIP | String | Final input IP address. |
#
Command example!fortigate-create-firewall-address-ipv4-multicast name=playbook-address-ipv4-multicast type="Broadcast Subnet" first_ip=0.0.0.0 final_ip=0.0.0.0
#
Context Example#
Human Readable Output#
The firewall address multicast IPv4 'playbook-address-ipv4-multicast' was successfully created.
#
fortigate-update-firewall-address-ipv4-multicastUpdate firewall IPv4 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It`s suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-update-firewall-address-ipv4-multicast
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address multicast to update. Names can be retrieved with the command fortigate-list-firewall-address-ipv4-multicasts . | Required |
comment | A comment for the address. | Optional |
associated_interface | Network interface associated with address. | Optional |
type | Specifies the format of the multicast address. Possible values are: Broadcast Subnet, Multicast IP Range. | Optional |
first_ip | For 'Broadcast Subnet', this is the network address. For 'Multicast IP Range', (inclusive) this is the beginning of the IP range. | Optional |
final_ip | For 'Broadcast Subnet' this should be the network mask as an IP address. For Multicast IP Range , (inclusive) this is the end of the IP range. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.AddressMulticast.Name | String | The name of the updated address multicast. |
Frotigate.AddressMulticast.Type | String | Specifies the format of the multicast address. |
Frotigate.AddressMulticast.FirstIP | String | First input IP address. |
Frotigate.AddressMulticast.FinalIP | String | Final input IP address. |
#
Command example!fortigate-update-firewall-address-ipv4-multicast name=playbook-address-ipv4-multicast comment=helloworld
#
Context Example#
Human Readable Output#
The firewall address multicast IPv4 'playbook-address-ipv4-multicast' was successfully updated.
#
fortigate-delete-firewall-address-ipv4-multicastDelete firewall IPv4 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It is suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-delete-firewall-address-ipv4-multicast
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address multicast to delete. Names can be retrieved with the command fortigate-list-firewall-address-ipv4-multicasts . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.AddressMulticast.Name | String | The name of the address multicast. |
Fortigate.AddressMulticast.Deleted | Boolean | Whether the address multicast was deleted. |
#
Command example!fortigate-delete-firewall-address-ipv4-multicast name=playbook-address-ipv4-multicast
#
Context Example#
Human Readable Output#
The firewall address multicast IPv4 'playbook-address-ipv4-multicast' was successfully deleted.
#
fortigate-list-firewall-address-ipv6-multicastsRetrieve firewall IPv6 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It is suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-list-firewall-address-ipv6-multicasts
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of a specific address multicast to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/224620/config-firewall-multicast-address6 . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/224620/config-firewall-multicast-address6 . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6Multicast.Tagging | String | List of tags associated to the object. |
Fortigate.Address6Multicast.Comment | String | The object`s comment. |
Fortigate.Address6Multicast.IPv6 | String | Broadcast address and subnet. |
Fortigate.Address6Multicast.Name | String | Address multicast name. |
Fortigate.Address6Multicast.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-address-ipv6-multicasts name=playbook-address-ipv6-multicast
#
Context Example#
Human Readable Output#
Firewall Address IPv6 Multicasts
Name Details playbook-address-ipv6-multicast ff00::/8
#
fortigate-create-firewall-address-ipv6-multicastCreate firewall IPv6 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It is suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-create-firewall-address-ipv6-multicast
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address multicast to create. | Required |
comment | A comment for the address. | Optional |
address | IPv6 address prefix. Can be in short form (e.g., 2001:db8::) or long form (e.g., 0000:0000:0000:0000:0000:0000:0000:0000). | Required |
mask | Subnet mask indicating the prefix length (format: xxx, range: 0-128). | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address6Multicast.Name | String | The name of the updated address multicast. |
Frotigate.Address6Multicast.IPAddress | String | The IP address. |
Frotigate.Address6Multicast.Mask | String | The subnet mask of the address. |
#
Command example!fortigate-create-firewall-address-ipv6-multicast name=playbook-address-ipv6-multicast address=ff00:: mask=8
#
Context Example#
Human Readable Output#
The firewall address multicast IPv6 'playbook-address-ipv6-multicast' was successfully created.
#
fortigate-update-firewall-address-ipv6-multicastUpdate firewall IPv6 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It is suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-update-firewall-address-ipv6-multicast
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address multicast to update. Names can be retrieved with the command fortigate-list-firewall-address-ipv6-multicasts . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
comment | A comment for the address. | Optional |
address | IPv6 address prefix. Can be in short form (e.g., 2001:db8::) or long form (e.g., 0000:0000:0000:0000:0000:0000:0000:0000). | Optional |
mask | Subnet mask indicating the prefix length (format: xxx, range: 0-128). | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address6Multicast.Name | String | The name of the updated address multicast. |
Frotigate.Address6Multicast.IPAddress | String | The IP address. |
Frotigate.Address6Multicast.Mask | String | The subnet mask of the address. |
#
Command example!fortigate-update-firewall-address-ipv6-multicast name=playbook-address-ipv6-multicast comment=helloworld
#
Context Example#
Human Readable Output#
The firewall address multicast IPv6 'playbook-address-ipv6-multicast' was successfully updated.
#
fortigate-delete-firewall-address-ipv6-multicastDelete firewall IPv6 multicast addresses. Multicasting allows a single source to send data to multiple receivers efficiently, conserving bandwidth and minimizing network traffic. It is suitable for media streaming, news feeds, financial updates, and certain dynamic routing protocols like RIPv2, OSPF, and EIGRP.
#
Base Commandfortigate-delete-firewall-address-ipv6-multicast
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address multicast to delete. Names can be retrieved with the command fortigate-list-firewall-address-ipv6-multicasts . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6Multicast.Name | String | The name of the address multicast. |
Fortigate.Address6Multicast.Deleted | Boolean | Whether the address multicast was deleted. |
#
Command example!fortigate-delete-firewall-address-ipv6-multicast name=playbook-address-ipv6-multicast
#
Context Example#
Human Readable Output#
The firewall address multicast IPv6 'playbook-address-ipv6-multicast' was successfully deleted.
#
fortigate-list-firewall-address-ipv4-groupsRetrieve firewall IPv4 address groups. Address groups are designed for ease of use in the administration of the device.
#
Base Commandfortigate-list-firewall-address-ipv4-groups
#
InputArgument Name | Description | Required |
---|---|---|
groupName | Name of a specific address group to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/225620/config-firewall-addrgrp . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/225620/config-firewall-addrgrp . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.AddressGroup.FabricObject | String | Security Fabric global object setting. Can be `enable` or `disable`. If `enable`, the object is set as a security fabric-wide global object, otherwise the object is local to this security fabric member. |
Frotigate.AddressGroup.AllowRouting | String | Enable/disable use of this address in the static route configuration. |
Frotigate.AddressGroup.Tagging | String | List of tags associated to the object. |
Frotigate.AddressGroup.ExcludeMember | String | Address name exclusion member. |
Frotigate.AddressGroup.Exclude | String | Enable/disable address exclusion. |
Frotigate.AddressGroup.Comment | String | The object`s comment. |
Frotigate.AddressGroup.Member.Name | String | Address objects contained within the group. |
Frotigate.AddressGroup.UUID | String | Universally Unique Identifier. |
Frotigate.AddressGroup.Category | String | Address group category. `default`: Default address group category (cannot be used as ztna-ems-tag/ztna-geo-tag in policy). `ztna-ems-tag`: Members must be ztna-ems-tag group or ems-tag address. Can be used as ztna-ems-tag in policy. `ztna-geo-tag`: Members must be ztna-geo-tag group or geographic address. Can be used as ztna-geo-tag in policy. |
Frotigate.AddressGroup.Type | String | Address group type. Default address group type (address may belong to multiple groups). Address folder group (members may not belong to any other group). |
Frotigate.AddressGroup.Name | String | Address group name. |
Fortigate.AddressGroup.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-address-ipv4-groups groupName=playbook-address-ipv4-group
#
Context Example#
Human Readable Output#
Firewall Address IPv4 Groups
Name Details Type Routable playbook-address-ipv4-group playbook-address-ipv4-1 default disable
#
fortigate-create-firewall-address-ipv4-groupCreate firewall IPv4 address groups. Address groups are designed for ease of use in the administration of the device.
#
Base Commandfortigate-create-firewall-address-ipv4-group
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
groupName | Name of the address group to create. | Required |
type | Address group type. group : Default address group type (address may belong to multiple groups). folder : Address folder group (members may not belong to any other group). Possible values are: group, folder. Default is group. | Optional |
address | Comma-separated list of address names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv4s , fortigate-list-firewall-address-ipv4-multicasts and fortigate-list-firewall-address-ipv4-groups . | Optional |
excluded_addresses | Comma-separated list of address names to exclude. Names can be retrieved with the commands fortigate-list-firewall-address-ipv4s , fortigate-list-firewall-address-ipv4-multicasts and fortigate-list-firewall-address-ipv4-groups . | Optional |
allow_routing | Enable/disable use of this address in the static route configuration. Possible values are: enable, disable. | Optional |
comment | A comment for the address group. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.AddressGroup.Name | String | The address group name. |
Fortigate.AddressGroup.Address | String | The address group members. |
#
Command example!fortigate-create-firewall-address-ipv4-group groupName=playbook-address-ipv4-group address=playbook-address-ipv4-1
#
Context Example#
Human Readable Output#
The firewall address IPv4 group 'playbook-address-ipv4-group' was successfully created.
#
fortigate-update-firewall-address-ipv4-groupUpdate firewall IPv4 address groups. Address groups are designed for ease of use in the administration of the device. New members will override the existing members within the group incase of a conflict.
#
Base Commandfortigate-update-firewall-address-ipv4-group
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
groupName | Name of the address group to update. Names can be retrieved with the command fortigate-list-firewall-address-ipv4-groups . | Required |
address | Comma-separated list of address names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv4s , fortigate-list-firewall-address-ipv4-multicasts and fortigate-list-firewall-address-ipv4-groups . | Optional |
excluded_addresses | Comma-separated list of address names to exclude. Names can be retrieved with the commands fortigate-list-firewall-address-ipv4s , fortigate-list-firewall-address-ipv4-multicasts and fortigate-list-firewall-address-ipv4-groups . | Optional |
allow_routing | Enable/disable use of this address in the static route configuration. Possible values are: enable, disable. | Optional |
comment | A comment for the address group. | Optional |
action | Whether to add or remove members or excluded_members from address group. Possible values are: add, remove. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.AddressGroup.Name | String | The address group name. |
Fortigate.AddressGroup.Address.Name | String | The address group members. |
Frotigate.AddressGroup.UUID | String | Universally Unique Identifier. |
#
Command example!fortigate-update-firewall-address-ipv4-group groupName=playbook-address-ipv4-group address=playbook-address-ipv4-2 action=add
#
Context Example#
Human Readable Output#
The firewall address IPv4 group 'playbook-address-ipv4-group' was successfully updated.
#
fortigate-delete-firewall-address-ipv4-groupDelete firewall IPv4 address groups. Address groups are designed for ease of use in the administration of the device.
#
Base Commandfortigate-delete-firewall-address-ipv4-group
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address group to delete. Names can be retrieved with the command fortigate-list-firewall-address-ipv4-groups . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.AddressGroup.Name | String | The name of the address group. |
Fortigate.AddressGroup.Deleted | Boolean | Whether the address group was deleted. |
#
Command example!fortigate-delete-firewall-address-ipv4-group name=playbook-address-ipv4-group
#
Context Example#
Human Readable Output#
The firewall address IPv4 group 'playbook-address-ipv4-group' was successfully deleted.
#
fortigate-list-firewall-address-ipv6-groupsRetrieve firewall IPv6 address groups. Address groups are designed for ease of use in the administration of the device.
#
Base Commandfortigate-list-firewall-address-ipv6-groups
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of a specific address group to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/226620/config-firewall-addrgrp6 . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/226620/config-firewall-addrgrp6 . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Frotigate.Address6Group.FabricObject | String | Security Fabric global object setting. Can be `enable` or `disable`. If `enable`, the object is set as a security fabric-wide global object, otherwise the object is local to this security fabric member. |
Frotigate.Address6Group.Tagging | String | List of tags associated to the object. |
Frotigate.Address6Group.Member.Name | String | Address objects contained within the group. |
Frotigate.Address6Group.Comment | String | The object`s comment. |
Frotigate.Address6Group.UUID | String | Universally Unique Identifier. |
Frotigate.Address6Group.Name | String | Address group name. |
Fortigate.Address6Group.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-address-ipv6-groups name=playbook-address-ipv6-group
#
Context Example#
Human Readable Output#
Firewall Address IPv6 Groups
Name playbook-address-ipv6-group
#
fortigate-create-firewall-address-ipv6-groupCreate firewall IPv6 address groups. Address groups are designed for ease of use in the administration of the device.
#
Base Commandfortigate-create-firewall-address-ipv6-group
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address group to create. | Required |
members | Comma-separated list of address names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv6s , fortigate-list-firewall-address-ipv6-multicasts and fortigate-list-firewall-address-ipv6-groups . | Optional |
comment | A comment for the address group. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6Group.Name | String | The address group name. |
Fortigate.Address6Group.Address | String | The address group members. |
#
Command example!fortigate-create-firewall-address-ipv6-group name=playbook-address-ipv6-group
#
Context Example#
Human Readable Output#
The firewall address IPv6 group 'playbook-address-ipv6-group' was successfully created.
#
fortigate-update-firewall-address-ipv6-groupUpdate firewall IPv6 address groups. Address groups are designed for ease of use in the administration of the device. New members will override the existing members within the group incase of a conflict.
#
Base Commandfortigate-update-firewall-address-ipv6-group
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the address group to update. Names can be retrieved with the command fortigate-list-firewall-address-ipv6-groups . | Required |
members | Comma-separated list of address names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv6s , fortigate-list-firewall-address-ipv6-multicasts and fortigate-list-firewall-address-ipv6-groups . | Optional |
comment | A comment for the address group. | Optional |
action | Whether to add or remove members from address group. Possible values are: add, remove. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6Group.Name | String | The address group name. |
Fortigate.Address6Group.Address | String | The address group members. |
#
Command example!fortigate-update-firewall-address-ipv6-group name=playbook-address-ipv6-group members=playbook-address-ipv6-1 action=add
#
Context Example#
Human Readable Output#
The firewall address IPv6 group 'playbook-address-ipv6-group' was successfully updated.
#
fortigate-delete-firewall-address-ipv6-groupDelete firewall IPv6 address groups. Address groups are designed for ease of use in the administration of the device.
#
Base Commandfortigate-delete-firewall-address-ipv6-group
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the address group to delete. Names can be retrieved with the command fortigate-list-firewall-address-ipv6-groups . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Address6Group.Name | String | The name of the deleted address group. |
Fortigate.Address6Group.Deleted | Boolean | Whether the address group was deleted. |
#
Command example!fortigate-delete-firewall-address-ipv6-group name=playbook-address-ipv6-group
#
Context Example#
Human Readable Output#
The firewall address IPv6 group 'playbook-address-ipv6-group' was successfully deleted.
#
fortigate-list-firewall-servicesRetrieve firewall services. A service is the combination of network protocols and port numbers that define traffic sources or destinations.
#
Base Commandfortigate-list-firewall-services
#
InputArgument Name | Description | Required |
---|---|---|
serviceName | Name of a specific service to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/231620/config-firewall-service-custom . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/231620/config-firewall-service-custom . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Service.FabricObject | String | Security Fabric global object setting. Can be `enable` or `disable`. If `enable`, the object is set as a security fabric-wide global object, otherwise the object is local to this security fabric member. |
Fortigate.Service.Application | Number | The application ID. |
Fortigate.Service.AppCategory | Number | Application category ID. |
Fortigate.Service.AppServiceType | String | Application service type. Can be: `disable`, `app-id` or `app-category`. |
Fortigate.Service.Comment | String | The object`s comment. |
Fortigate.Service.CheckResetRange | String | The configuration type of ICMP error message verification. |
Fortigate.Service.SessionTTL | String | Session time to live. |
Fortigate.Service.UDPIdleTimer | Number | Number of seconds before an idle UDP connection times out. |
Fortigate.Service.TCPRSTTimer | Number | Set the length of the TCP CLOSE state in seconds. |
Fortigate.Service.TCPTimewaitTimer | Number | Set the length of the TCP TIME-WAIT state in seconds. |
Fortigate.Service.TCPHalfopenTimer | Number | Wait time to close a TCP session waiting for an unanswered open session packet. |
Fortigate.Service.TCPHalfcloseTimer | Number | Wait time to close a TCP session waiting for an unanswered open session packet. |
Fortigate.Service.Ports.SCTP | String | Multiple SCTP port ranges. |
Fortigate.Service.Ports.UDP | String | Multiple UDP port ranges. |
Fortigate.Service.Ports.TCP | String | Multiple TCP port ranges. |
Fortigate.Service.FQDN | String | Fully Qualified Domain Name address. |
Fortigate.Service.IPRange | String | Start and end of the IP range associated with the service. |
Fortigate.Service.Helper | String | Helper protocol name. |
Fortigate.Service.Protocol | String | Protocol type based on IANA numbers. |
Fortigate.Service.Category | String | The service category. |
Fortigate.Service.Proxy | String | Enable/disable web proxy service. |
Fortigate.Service.Name | String | The service name. |
Fortigate.Service.ICMPCode | Number | ICMP code. |
Fortigate.Service.ICMPType | Number | ICMP type. |
Fortigate.Service.ProtocolNumber | Number | IP protocol number. |
Fortigate.Service.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-services serviceName=playbook-service
#
Context Example#
Human Readable Output#
Firewall Services
Name Details IP/FQDN Protocol playbook-service TCP/1-2 UDP/3-4 SCTP/5-6 0.0.0.0 TCP/UDP/SCTP
#
fortigate-create-firewall-serviceCreate firewall services. A service is the combination of network protocols and port numbers that define traffic sources or destinations. The command parameters can be used only in the following combinations: All-[vdom,name,comment,category], TCP/UDP/SCTP-[(start_ip,end_ip or fqdn),tcpRange,udpRange,sctpRange], IP-[ip_protocol], ICMP/ICMP6-[icmp_version,icmp_code,icmp_type].
#
Base Commandfortigate-create-firewall-service
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
serviceName | Name of the service to create. | Required |
comment | A comment for the service. | Optional |
category | Service category. | Optional |
start_ip | Start of the IP range associated with the service. | Optional |
end_ip | End of the IP range associated with the service. | Optional |
fqdn | Fully Qualified Domain Name address. | Optional |
tcpRange | Comma-separated list of TCP ports. Must be in the following template: {single} for example 5, {start}-{end} for example 1-50 or {start_source}-{end_source}:{start_destination}-{end_destinatinon} for example 1-3:6-9. | Optional |
udpRange | Comma-separated list of TCP ports. Must be in the following template: {single} for example 5, {start}-{end} for example 1-50 or {start_source}-{end_source}:{start_destination}-{end_destinatinon} for example 1-3:6-9. | Optional |
sctpRange | Comma-separated list of TCP ports. Must be in the following template: {single} for example 5, {start}-{end} for example 1-50 or {start_source}-{end_source}:{start_destination}-{end_destinatinon} for example 1-3:6-9. | Optional |
icmp_type | Specifies the ICMP message type, defining the purpose or condition of the message. | Optional |
icmp_code | Identifies the variant or additional information for the corresponding ICMP message type. | Optional |
icmp_version | Determines the version of the Internet Control Message Protocol, either ICMP or ICMP6. Possible values are: ICMP, ICMP6. | Optional |
ip_protocol | IP protocol number. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Service.Ports.SCTP | String | Multiple SCTP port ranges. |
Fortigate.Service.Ports.UDP | String | Multiple UDP port ranges. |
Fortigate.Service.Ports.TCP | String | Multiple TCP port ranges. |
Fortigate.Service.FQDN | String | Fully Qualified Domain Name address. |
Fortigate.Service.StartIP | String | Start of the IP range associated with the service. |
Fortigate.Service.EndIP | String | End of the IP range associated with the service. |
Fortigate.Service.ICMPCode | Number | ICMP code. |
Fortigate.Service.ICMPType | Number | ICMP type. |
Fortigate.Service.ProtocolNumber | Number | IP protocol number. |
Fortigate.Service.Name | String | The service name. |
#
Command example!fortigate-create-firewall-service serviceName=playbook-service tcpRange=1-2 udpRange=3-4 sctpRange=5-6
#
Context Example#
Human Readable Output#
The firewall service 'playbook-service' was successfully created.
#
fortigate-update-firewall-serviceUpdate firewall services. A service is the combination of network protocols and port numbers that define traffic sources or destinations. The command parameters can be used only in the following combinations: All-[vdom,name,comment,category], TCP/UDP/SCTP-[(start_ip,end_ip or fqdn),tcpRange,udpRange,sctpRange], IP-[ip_protocol], ICMP/ICMP6-[icmp_version,icmp_code,icmp_type].
#
Base Commandfortigate-update-firewall-service
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the service to update. Names can be retrieved with the command fortigate-list-firewall-services . | Required |
comment | A comment for the service. | Optional |
category | Service category. | Optional |
start_ip | Start of the IP range associated with the service. | Optional |
end_ip | End of the IP range associated with the service. | Optional |
fqdn | Fully Qualified Domain Name address. | Optional |
tcpRange | Comma-separated list of TCP ports. Must be in the following template: {single} for example 5, {start}-{end} for example 1-50 or {start_source}-{end_source}:{start_destination}-{end_destinatinon} for example 1-3:6-9. | Optional |
udpRange | Comma-separated list of TCP ports. Must be in the following template: {single} for example 5, {start}-{end} for example 1-50 or {start_source}-{end_source}:{start_destination}-{end_destinatinon} for example 1-3:6-9. | Optional |
sctpRange | Comma-separated list of TCP ports. Must be in the following template: {single} for example 5, {start}-{end} for example 1-50 or {start_source}-{end_source}:{start_destination}-{end_destinatinon} for example 1-3:6-9. | Optional |
action | Whether to add or remove destination and source ports from TCP/UDP/SCTP. Possible values are: add, remove. | Optional |
icmp_type | Specifies the ICMP message type, defining the purpose or condition of the message. | Optional |
icmp_code | Identifies the variant or additional information for the corresponding ICMP message type. | Optional |
icmp_version | Determines the version of the Internet Control Message Protocol, either ICMPv4 or ICMPv6. Possible values are: icmp4, icmp6. | Optional |
ip_protocol | IP protocol number. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Service.Ports.SCTP | String | Multiple SCTP port ranges. |
Fortigate.Service.Ports.UDP | String | Multiple UDP port ranges. |
Fortigate.Service.Ports.TCP | String | Multiple TCP port ranges. |
Fortigate.Service.FQDN | String | Fully Qualified Domain Name address. |
Fortigate.Service.IPRange | String | Start and end of the IP range associated with the service. |
Fortigate.Service.ICMPCode | Number | ICMP code. |
Fortigate.Service.ICMPType | Number | ICMP type. |
Fortigate.Service.ProtocolNumber | Number | IP protocol number. |
Fortigate.Service.Name | String | The service name. |
#
Command example!fortigate-update-firewall-service name=playbook-service comment=helloworld
#
Context Example#
Human Readable Output#
The firewall service 'playbook-service' was successfully updated.
#
fortigate-delete-firewall-serviceDelete firewall services. A service is the combination of network protocols and port numbers that define traffic sources or destinations.
#
Base Commandfortigate-delete-firewall-service
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of the service to delete. Names can be retrieved with the command fortigate-list-firewall-services . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Service.Name | String | The name of the deleted service. |
Fortigate.Service.Deleted | Boolean | Whether the service was deleted. |
#
Command example!fortigate-delete-firewall-service name=playbook-service
#
Context Example#
Human Readable Output#
The firewall service 'playbook-service' was successfully deleted.
#
fortigate-list-firewall-service-groupsRetrieve firewall service groups. Service groups are collections of predefined services. Service groups can be used as the source and destination of the policy.
#
Base Commandfortigate-list-firewall-service-groups
#
InputArgument Name | Description | Required |
---|---|---|
name | Name of a specific service group to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/232620/config-firewall-service-group . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/232620/config-firewall-service-group . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.ServiceGroup.FabricObject | String | Security Fabric global object setting. Can be `enable` or `disable`. If `enable`, the object is set as a security fabric-wide global object, otherwise the object is local to this security fabric member. |
Fortigate.ServiceGroup.Comment | String | The object`s comment. |
Fortigate.ServiceGroup.Proxy | String | Enable/disable web proxy service. |
Fortigate.ServiceGroup.Name | String | The service group name. |
Frotigate.ServiceGroup.Member.Name | String | Service objects contained within the group. |
Fortigate.ServiceGroup.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-firewall-service-groups name=playbook-service-group
#
Context Example#
Human Readable Output#
Firewall Service Groups
Name Members playbook-service-group playbook-service-1
#
fortigate-create-firewall-service-groupCreate firewall service groups. Service groups are collections of predefined services. Service groups can be used as the source and destination of the policy.
#
Base Commandfortigate-create-firewall-service-group
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
name | Name of the service group to create. | Required |
comment | A comment for the service group. | Optional |
members | Comma-separated list of service and service group names. Names can be retrieved with the commands fortigate-list-firewall-services and fortigate-list-firewall-service-groups . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.ServiceGroup.Name | String | The service group name. |
Fortigate.ServiceGroup.Members | String | Service objects contained within the group. |
#
Command example!fortigate-create-firewall-service-group name=playbook-service-group members=playbook-service-1
#
Context Example#
Human Readable Output#
The firewall service group 'playbook-service-group' was successfully created.
#
fortigate-update-firewall-service-groupUpdate firewall service groups. Service groups are collections of predefined services. Service groups can be used as the source and destination of the policy. New members will override the existing members within the group incase of a conflict.
#
Base Commandfortigate-update-firewall-service-group
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
groupName | Name of the service group to update. Names can be retrieved with the command fortigate-list-firewall-service-groups . | Required |
comment | A comment for the service group. | Optional |
serviceName | Comma-separated list of service and service group names. Names can be retrieved with the commands fortigate-list-firewall-services and fortigate-list-firewall-service-groups . | Optional |
action | Whether to add or remove members from the service group. Possible values are: add, remove. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.ServiceGroup.Name | String | The service group name. |
Fortigate.ServiceGroup.Service.Name | String | Service objects contained within the group. |
#
Command example!fortigate-update-firewall-service-group groupName=playbook-service-group comment=helloworld
#
Context Example#
Human Readable Output#
The firewall service group 'playbook-service-group' was successfully updated.
#
fortigate-delete-firewall-service-groupDelete firewall service groups. Service groups are collections of predefined services. Service groups can be used as the source and destination of the policy.
#
Base Commandfortigate-delete-firewall-service-group
#
InputArgument Name | Description | Required |
---|---|---|
groupName | Name of the service group to delete. Names can be retrieved with the command fortigate-list-firewall-service-groups . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.ServiceGroup.Name | String | The name of the deleted service group. |
Fortigate.ServiceGroup.Deleted | Boolean | Whether the service group was deleted. |
#
Command example!fortigate-delete-firewall-service-group groupName=playbook-service-group
#
Context Example#
Human Readable Output#
The firewall service group 'playbook-service-group' was successfully deleted.
#
fortigate-list-firewall-policiesRetrieve firewall policies. Firewall policies dictate the traffic flow and its processing. They are integral to most of the firewall functions, ensuring that every piece of traffic passing through the unit adheres to a specific policy. These policies determine the direction of the traffic, processing method, and its permission to traverse the firewall.
#
Base Commandfortigate-list-firewall-policies
#
InputArgument Name | Description | Required |
---|---|---|
policyID | ID of a specific policy to return. | Optional |
policyName | Name of a specific policy to return. | Optional |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/287620/config-firewall-policy . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/287620/config-firewall-policy . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Policy.ServiceNegate | String | When enabled specifies what the service must not be. |
Fortigate.Policy.Destination6Negate | String | When enabled, specifies what the destination IPv6 address must not be. |
Fortigate.Policy.DestinationNegate | String | When enabled, specifies what the destination IPv4 address must not be. |
Fortigate.Policy.Source6Negate | String | When enabled, specifies what the source IPv6 address must not be. |
Fortigate.Policy.SourceNegate | String | When enabled, specifies what the source IPv4 address must not be. |
Fortigate.Policy.NAT | String | Whether the source NAT is enabled or disabled. |
Fortigate.Policy.LogStart | String | Whether recording logs when a session starts is enabled or disabled. |
Fortigate.Policy.Log | String | All log sessions or security profile sessions. |
Fortigate.Policy.Service | String | Service and service group names. |
Fortigate.Policy.Source6 | String | Source IPv6 address name and address group names. |
Fortigate.Policy.Destination6 | String | Destination IPv6 address name and address group names. |
Fortigate.Policy.Destination | String | Destination IPv4 address and address group names. |
Fortigate.Policy.Source | String | Source IPv4 address and address group names. |
Fortigate.Policy.Action | String | Policy action (accept/deny/ipsec). |
Fortigate.Policy.DestinationInterface | String | Outgoing (egress) interface. |
Fortigate.Policy.SourceInterface | String | Incoming (ingress) interface. |
Fortigate.Policy.UUID | String | Universally Unique Identifier. |
Fortigate.Policy.Name | String | The policy name. |
Fortigate.Policy.Status | String | Whether this policy is enabled or disabled. |
Fortigate.Policy.ID | Number | The policy ID. |
Fortigate.Policy.Description | String | The policy description. |
Fortigate.Policy.Security | String | Policy attached security profile. |
Fortigate.Policy.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
Fortigate.Policy.Schedule | String | The name of the schedule. |
#
Command example!fortigate-list-firewall-policies policyName=playbook-policy-123456789
#
Context Example#
Human Readable Output#
Firewall Policies
ID Name From To Source Destination Schedule Service Action NAT Security Profiles Log 18 playbook-policy-123456789 port1 port2 playbook-address-ipv4-1 playbook-address-ipv4-1 always playbook-service-1 accept enable no-inspection,
default,
singleutm
#
fortigate-create-firewall-policyCreate firewall policies. Firewall policies dictate the traffic flow and its processing. They are integral to most of the firewall functions, ensuring that every piece of traffic passing through the unit adheres to a specific policy. These policies determine the direction of the traffic, processing method, and its permission to traverse the firewall.
#
Base Commandfortigate-create-firewall-policy
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
policyName | Name of the policy to create. | Required |
description | The policy description. | Optional |
sourceIntf | Comma-separated list of incoming (ingress) interfaces. | Required |
dstIntf | Comma-separated list of outgoing (egress) interfaces. | Required |
source | Comma-separated list of source IPv4 address and address group names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv4s , fortigate-list-firewall-address-ipv4-multicasts and fortigate-list-firewall-address-ipv4-groups . | Optional |
source6 | Comma-separated list of source IPv6 address name and address group names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv6s , fortigate-list-firewall-address-ipv6-multicasts and fortigate-list-firewall-address-ipv6-groups . | Optional |
destination | Comma-separated list of destination IPv4 address and address group names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv4s , fortigate-list-firewall-address-ipv4-multicasts and fortigate-list-firewall-address-ipv4-groups . | Optional |
destination6 | Comma-separated list of destination IPv6 address name and address group names. Names can be retrieved with the commands fortigate-list-firewall-address-ipv6s , fortigate-list-firewall-address-ipv6-multicasts and fortigate-list-firewall-address-ipv6-groups . | Optional |
negate_source_address | When enabled, the source address specifies what the source address must not be. Possible values are: enable, disable. | Optional |
negate_destination_address | When enabled, the destination address specifies what the destination address must not be. Possible values are: enable, disable. | Optional |
service | Comma-separated list of service and service group names. Names can be retrieved with the commands fortigate-list-firewall-services and fortigate-list-firewall-service-groups . | Required |
negate_service | When enabled, the service specifies what the service must not be. Possible values are: enable, disable. | Optional |
action | Whether to accept or deny sessions that match the firewall policy. Possible values are: accept, block. | Required |
status | Enable or disable this policy. Possible values are: enable, disable. Default is enable. | Optional |
log | Enable or disable logging. Log all sessions or security profile sessions. Possible values are: all, utm, disable. Default is enable. | Optional |
schedule | The schedule name. This is a time frame that is applied to the policy. Default is always. | Optional |
nat | Enable/disable source Network Address Translation. Possible values are: enable, disable. Default is enable. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Policy.NAT | String | Whether the source NAT is enabled or disabled. |
Fortigate.Policy.Log | String | All log sessions or security profile sessions. |
Fortigate.Policy.Service | String | Service and service group names. |
Fortigate.Policy.Source.Address6.name | String | Source IPv6 address name and address group names. |
Fortigate.Policy.Destination.Address6.name | String | Destination IPv6 address name and address group names. |
Fortigate.Policy.Destination.Address.name | String | Destination IPv4 address and address group names. |
Fortigate.Policy.Source.Address.name | String | Source IPv4 address and address group names. |
Fortigate.Policy.Action | String | Policy action (accept/deny/ipsec). |
Fortigate.Policy.Destination.Interface | String | Outgoing (egress) interface. |
Fortigate.Policy.Source.Interface | String | Incoming (ingress) interface. |
Fortigate.Policy.Name | String | The policy name. |
Fortigate.Policy.Status | String | Whether this policy is enabled or disabled. |
Fortigate.Policy.Description | String | The policy description. |
#
Command example!fortigate-create-firewall-policy policyName=playbook-policy sourceIntf=port1 dstIntf=port2 action=accept service=playbook-service-1 source=playbook-address-ipv4-1 destination=playbook-address-ipv4-2
#
Context Example#
Human Readable Output#
The firewall policy 'playbook-policy' was successfully created.
#
fortigate-update-firewall-policyUpdate firewall policies. Firewall policies dictate the traffic flow and its processing. They are integral to most of the firewall functions, ensuring that every piece of traffic passing through the unit adheres to a specific policy. These policies determine the direction of the traffic, processing method, and its permission to traverse the firewall.
#
Base Commandfortigate-update-firewall-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyID | ID of the policy to update. IDs can be retrieved with the command fortigate-list-firewall-policies . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
field | Field parameter to update. Possible values are: source_interface, destination_interface, description, status, source, destination, service, schedule, action, log, nat, source6, destination6, negate_source, negate_destination, negate_source6, negate_destination6, negate_service. | Required |
value | Value of the field parameter to update. | Required |
keep_original_data | Whether to keep the original data or not. Only relevant if the updated field is "source" or "destination". If the supplied value is True , the current data will not be replaced. Instead, the supplied addresses will be added / removed from the existing data. Possible values are: true, false. | Optional |
add_or_remove | Whether to add or remove the supplied addresses from the existing data. Only relevant in case the field to update is "source" or "destination", and keep_original_data is specified to True . Possible values are: add, remove. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Policy.ServiceNegate | String | When enabled, specifies what the service must not be. |
Fortigate.Policy.Destination6Negate | String | When enabled, specifies what the destination IPv6 address must not be. |
Fortigate.Policy.DestinationNegate | String | When enabled, specifies what the destination IPv4 address must not be. |
Fortigate.Policy.Source6Negate | String | When enabled, specifies what the source IPv6 address must not be. |
Fortigate.Policy.SourceNegate | String | When enabled, specifies what the source IPv4 address must not be. |
Fortigate.Policy.NAT | String | Whether the source NAT is enabled or disabled. |
Fortigate.Policy.LogStart | String | Whether recording logs when a session starts is enabled or disabled. |
Fortigate.Policy.Log | String | All log sessions or security profile sessions. |
Fortigate.Policy.Service | String | Service and service group names. |
Fortigate.Policy.Source6 | String | Source IPv6 address name and address group names. |
Fortigate.Policy.Destination6 | String | Destination IPv6 address name and address group names. |
Fortigate.Policy.Destination | String | Destination IPv4 address and address group names. |
Fortigate.Policy.Source | String | Source IPv4 address and address group names. |
Fortigate.Policy.Action | String | Policy action (accept/deny/ipsec). |
Fortigate.Policy.DestinationInterface | String | Outgoing (egress) interface. |
Fortigate.Policy.SourceInterface | String | Incoming (ingress) interface. |
Fortigate.Policy.UUID | String | Universally Unique Identifier. |
Fortigate.Policy.Name | String | The policy name. |
Fortigate.Policy.Status | String | Whether this policy is enabled or disabled. |
Fortigate.Policy.ID | Number | The policy ID. |
Fortigate.Policy.Description | String | The policy description. |
Fortigate.Policy.Security | String | Policy attached security profile. |
Fortigate.Policy.Schedule | String | The name of the schedule. |
#
Command example!fortigate-update-firewall-policy policyID=123456789 field=description value=helloworld
#
Context Example#
Human Readable Output#
The firewall policy '123456789' was successfully updated.
#
fortigate-move-firewall-policyMove the position of firewall policies. Firewall policies dictate the traffic flow and its processing. They are integral to most of the firewall functions, ensuring that every piece of traffic passing through the unit adheres to a specific policy. These policies determine the direction of the traffic, processing method, and its permission to traverse the firewall.
#
Base Commandfortigate-move-firewall-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyID | ID of the policy to move. IDs can be retrieved with the command fortigate-list-firewall-policies . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
position | Whether to position the policy before or after its neighbor. Possible values are: before, after. | Required |
neighbor | The ID of the neighbor policy. IDs can be retrieved with the command fortigate-list-firewall-policies . | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Policy.ID | Number | The policy ID. |
Fortigate.Policy.Moved | Boolean | Whether the policy was moved. |
#
Command example!fortigate-move-firewall-policy policyID=123456789 position=after neighbor=1010101
#
Context Example#
Human Readable Output#
The firewall policy '123456789' was successfully moved.
#
fortigate-delete-firewall-policyDelete firewall policies. Firewall policies dictate the traffic flow and its processing. They are integral to most of the firewall functions, ensuring that every piece of traffic passing through the unit adheres to a specific policy. These policies determine the direction of the traffic, processing method, and its permission to traverse the firewall.
#
Base Commandfortigate-delete-firewall-policy
#
InputArgument Name | Description | Required |
---|---|---|
policyID | ID of the policy to delete. IDs can be retrieved with the command fortigate-list-firewall-policies . | Required |
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.Policy.ID | Number | The policy ID. |
Fortigate.Policy.Deleted | Boolean | Whether the policy was deleted. |
#
Command example!fortigate-delete-firewall-policy policyID=123456789
#
Context Example#
Human Readable Output#
The firewall policy '123456789' was successfully deleted.
#
fortigate-list-system-vdomsRetrieve system VDOMs. Virtual Domains (VDOMs) are used to divide a FortiGate into two or more virtual units that function independently. VDOMs can provide separate security policies and, in NAT mode, completely separate configurations for routing and VPN services for each connected network. Multiple VDOMs can be created and managed as independent units in multi VDOM mode.
#
Base Commandfortigate-list-system-vdoms
#
InputArgument Name | Description | Required |
---|---|---|
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/620/config-system-vdom . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . Reference to possible fields: https://docs.fortinet.com/document/fortigate/7.2.5/cli-reference/620/config-system-vdom . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.VDOM.VClusterID | Number | Virtual cluster ID. |
Fortigate.VDOM.ShortName | String | The virtual domain short name. |
Fortigate.VDOM.Name | String | The virtual domain name. |
#
Command example!fortigate-list-system-vdoms
#
Context Example#
Human Readable Output#
Virtual Domains
Name ShortName VClusterID root root 0
#
fortigate-list-banned-ipsRetrieve Banned IPs. Banned IPs are IP addresses that have been quarantined for a variety of reasons, such as administrative decisions or due to security alerts from services like intrusion prevention systems (IPS), antivirus (AV), and denial-of-service (DoS) mitigation.
#
Base Commandfortigate-list-banned-ips
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
filter_field | Specifies the field to be searched, such as name or comment , to narrow down the search criteria within the objects. Fields must be written as they are in the raw_response . | Optional |
filter_value | Indicates the value or partial value, for example Sales , that the API should look for within the specified field to find matching objects. | Optional |
format_fields | Comma-separated fields to format the API call to display certain information. Fields must be written as they are in the raw_response , for example: name or comment . | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Fortigate.BannedIP.IsV6 | Number | Whether the IP is IPv4 (0) or IPv6 (1). |
Fortigate.BannedIP.Source | String | Source of the ban. |
Fortigate.BannedIP.IP | String | The IPv4 address. |
Fortigate.BannedIP.Created | Number | Date/time the IP address was added to the banned list. |
Fortigate.BannedIP.Expires | Number | Date/time the IP address expires from the banned list. |
Fortigate.BannedIP.VDOM | String | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. |
#
Command example!fortigate-list-banned-ips
#
Context Example#
Human Readable Output#
Banned IPs
IP IsV6 Created Expires Source 0.0.0.0 0 2023-12-06 17:44:09 1970-01-01 00:00:00 Administrative 2.2.2.2 0 2023-11-27 05:33:32 1970-01-01 00:00:00 IPS 3.3.3.3 0 2023-11-27 05:33:41 1970-01-01 00:00:00 AV 4.4.4.4 0 2023-11-27 05:33:49 1970-01-01 00:00:00 DOS 5.5.5.5 0 2023-11-27 05:34:00 1970-01-01 00:00:00 Administrative
#
fortigate-ban-ipBan IPs. Banned IPs are IP addresses that have been quarantined for a variety of reasons, such as administrative decisions or due to security alerts from services like intrusion prevention systems (IPS), antivirus (AV), and denial-of-service (DoS) mitigations.
#
Base Commandfortigate-ban-ip
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
ip_address | Comma-separated list of IPs to ban. Both IPv4 and IPv6 addresses are supported. | Required |
expiry | Time until the ban expires in seconds. 0 for indefinite ban. Default is 0. | Optional |
#
Context OutputThere is no context output for this command.
#
Command example!fortigate-ban-ip ip_address=0.0.0.0 expiry=0
#
Human Readable Output#
The IPs '0.0.0.0' were successfully banned.
#
fortigate-unban-ipUnban IPs. Banned IPs are IP addresses that have been quarantined for a variety of reasons, such as administrative decisions or due to security alerts from services like intrusion prevention systems (IPS), antivirus (AV), and denial-of-service (DoS) mitigations.
#
Base Commandfortigate-unban-ip
#
InputArgument Name | Description | Required |
---|---|---|
vdom | Virtual domains (VDOMs) enable you to partition and use your FortiGate unit as if it were multiple units. Use * to retrieve all virtual domains. VDOMs can be retrieved with the command fortigate-list-system-vdoms . Default is root. | Optional |
ip_address | Comma-separated list of IPs to unban. Both IPv4 and IPv6 addresses are supported. IPs can be retrieved with the command fortigate-list-banned-ips . | Required |
#
Context OutputThere is no context output for this command.
#
Command example!fortigate-unban-ip ip_address=0.0.0.0
#
Human Readable Output#
The IPs '0.0.0.0' were successfully unbanned.