Skip to main content

Fortiweb VM

This Integration is part of the Fortinet Fortiweb VM Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Fortiweb VM integration allows to manage WAF policies and block cookies, URLs, and host names. This integration was integrated and tested with version 1 & 2 of fortiweb_vm

Configure Fortiweb VM on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Fortiweb VM.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URLTrue
    Username.True
    Password.True
    API VersionTrue
    Use system proxy settingsFalse
    Trust any certificate (not secure)False
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

fortiwebvm-protected-hostname-group-create#


Create protected host name group.

Base Command#

fortiwebvm-protected-hostname-group-create

Input#

Argument NameDescriptionRequired
nameProtected host name group name.Required
default_actionWhether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you add to this protected hosts group. Possible values are: Allow, Deny (no log), Deny. Default is Allow.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-protected-hostname-group-create name=example

Human Readable Output#

Hostname group successfully created!#

Name
example

fortiwebvm-protected-hostname-group-update#


Update protected host name group.

Base Command#

fortiwebvm-protected-hostname-group-update

Input#

Argument NameDescriptionRequired
nameProtected host name group name.Required
default_actionWhether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you will add to this protected hosts group. Possible values are: Allow, Deny (no log), Deny.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-protected-hostname-group-update name=example default_action=Deny

Human Readable Output#

Hostname group successfully updated!#

Name
example

fortiwebvm-protected-hostname-group-list#


List the Protected host name group.

Base Command#

fortiwebvm-protected-hostname-group-list

Input#

Argument NameDescriptionRequired
nameProtected host name group name.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.ProtectedHostnameGroup.idStringProtected host name group ID.
FortiwebVM.ProtectedHostnameGroup.default_actionNumberProtected host name group action.
FortiwebVM.ProtectedHostnameGroup.protected_hostname_countNumberThe number of protected host name group members.
FortiwebVM.ProtectedHostnameGroup.can_deleteBooleanWhether the Geo IP group can be deleted. Supports API version 1 only.

Command example#

!fortiwebvm-protected-hostname-group-list name=example

Context Example - API Version 1#

{
"FortiwebVM": {
"ProtectedHostnameGroup": {
"can_delete": true,
"default_action": "Allow",
"id": "example",
"protected_hostname_count": 0
}
}
}

Human Readable Output - API Version 1#

Protected Hostnames Groups:#

Showing 1 rows out of 1. |Id|Default Action|Protected Hostname Count|Can Delete| |---|---|---|---| | example | Allow | 0 | true |

Context Example - API Version 2#

{
"FortiwebVM": {
"ProtectedHostnameGroup": {
"default_action": "Allow",
"id": "example",
"protected_hostname_count": 0
}
}
}

Human Readable Output - API Version 2#

Protected Hostnames Groups:#

Showing 1 rows out of 1. |Id|Default Action|Protected Hostname Count| |---|---|---| | example | Allow | 0 |

fortiwebvm-protected-hostname-member-create#


Create protected host name member.

Base Command#

fortiwebvm-protected-hostname-member-create

Input#

Argument NameDescriptionRequired
group_nameProtected host name group name.Required
actionWhether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you add to this protected hosts group. Possible values are: Allow, Deny (no log), Deny. Default is Allow.Optional
hostEnter the IP address or FQDN of a virtual or real web host, as it appears in the Host field of HTTP headers, such as www.example.com. The maximum length is 256 characters.Required
ignore_portWhether host names with a port number will be protected. Supports API version 2 only. Possible values are: enable, disable. Default is disable.Optional
include_subdomainsWhether sub-domains of the host will be protected. Supports API version 2 only. Possible values are: enable, disable. Default is disable.Optional

Context Output#

PathTypeDescription
FortiwebVM.ProtectedHostnameMember.idStringProtected host name member ID

Human Readable Output#

Hostname member successfully created!#

Id
1

fortiwebvm-protected-hostname-member-update#


Update a protected host name member.

Base Command#

fortiwebvm-protected-hostname-member-update

Input#

Argument NameDescriptionRequired
group_nameProtected host name group name.Required
member_idProtected host name member ID.Required
actionWhether to accept or deny HTTP requests whose Host field does not match any of the host definitions that you add to this protected hosts group. Required in V1. Possible values are: Allow, Deny (no log), Deny.Optional
hostEnter the IP address or FQDN of a virtual or real web host, as it appears in the Host field of HTTP headers, such as www.example.com. The maximum length is 256 characters.Optional
ignore_portWhether host names with a port number will be protected. Supports API version 2 only. Possible values are: enable, disable.Optional
include_subdomainsWhether sub-domains of the host will be protected. Supports API version 2 only. Possible values are: enable, disable.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-protected-hostname-member-update group_name=example member_id=1 action=Allow

Human Readable Output#

Hostname member successfully updated!#

Id
1

fortiwebvm-protected-hostname-member-list#


List all the protected host name members.

Base Command#

fortiwebvm-protected-hostname-member-list

Input#

Argument NameDescriptionRequired
group_nameProtected host name group name.Required
member_idProtected host name member ID.Optional
pageThe page number of the results to retrieve. Default is 25.Optional
page_sizeA number of hostname members per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.ProtectedHostnameMember.group_nameStringProtected host name group name.
FortiwebVM.ProtectedHostnameMember.Members.idStringProtected host name member ID.
FortiwebVM.ProtectedHostnameMember.Members.actionStringProtected hostname member action.
FortiwebVM.ProtectedHostnameMember.Members.hostStringProtected host name member IP address.
FortiwebVM.ProtectedHostnameMember.Members.ignore_portStringProtected host name member ignore port. Supports API version 2 only.
FortiwebVM.ProtectedHostnameMember.Members.include_subdomainsStringProtected host name member include sub-domains. Supports API version 2 only.

Command example#

!fortiwebvm-protected-hostname-member-list group_name=example member_id=1

Context Example - API Version 1#

{
"FortiwebVM": {
"ProtectedHostnameMember": {
"Members": [
{
"action": "Deny",
"host": "1.2.3.4",
"id": "1"
}
],
"group_name": "example"
}
}
}

Human Readable Output - API Version 1#

Protected Hostnames Members:#

Showing 1 rows out of 1. |Id|Action|Host| |---|---|---| | 1 | Deny | 1.2.3.4 |

Context Example - API Version 2#

{
"FortiwebVM": {
"ProtectedHostnameMember": {
"Members": [
{
"action": "Deny",
"host": "1.2.3.4",
"id": "1",
"ignore_port": "disable",
"include_subdomains": "disable"
}
],
"group_name": "example"
}
}
}

Human Readable Output - API Version 2#

Protected Hostnames Members:#

Showing 1 rows out of 1. |Id|Action|Host|Ignore Port|Include Subdomains| |---|---|---|---|---| | 1 | Deny | 1.2.3.4 | disable | disable |

fortiwebvm-protected-hostname-member-delete#


Delete protected host name member.

Base Command#

fortiwebvm-protected-hostname-member-delete

Input#

Argument NameDescriptionRequired
group_nameProtected host name group name.Required
member_idProtected host name member ID.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-protected-hostname-member-delete group_name=example member_id=1

Human Readable Output#

Hostname member successfully deleted!#

Id
1

fortiwebvm-protected-hostname-group-delete#


Delete a protected host name.

Base Command#

fortiwebvm-protected-hostname-group-delete

Input#

Argument NameDescriptionRequired
nameProtected host name group name.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-protected-hostname-group-delete name=example

Human Readable Output#

Hostname group successfully deleted!#

Name
example

There is no context output for this command.

fortiwebvm-ip-list-group-create#


Create IP List.

Base Command#

fortiwebvm-ip-list-group-create

Input#

Argument NameDescriptionRequired
nameIP list group name.Required
actionThe action FortiWeb will take when it detects a violation of the rule. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log). Default is Alert deny.Optional
block_periodEnter the number of seconds to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1โ€“3,600 seconds. Supports API version 2 only. Default is 600.Optional
severityThe severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 2 only. Possible values are: Low, Medium, High, Info. Default is Low.Optional
ignore_x_forwarded_forWhether IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable. Default is disable.Optional
trigger_policyThe trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 2 only.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-ip-list-group-create name=example

Human Readable Output#

IP List group successfully created!#

Name
example

fortiwebvm-ip-list-group-update#


Update an IP list.

Base Command#

fortiwebvm-ip-list-group-update

Input#

Argument NameDescriptionRequired
nameIP list group name.Required
actionThe action FortiWeb will take when it detects a violation of the rule. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log).Optional
block_periodThe number of seconds to block subsequent requests from a client after FortiWeb detects that the client has violated the rule. The valid range is 1โ€“3,600 seconds. Supports API version 2 only.Optional
severityThe severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 2 only. Possible values are: Low, Medium, High, Info.Optional
ignore_x_forwarded_forWhether the IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable.Optional
trigger_policyThe trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 2 only.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-ip-list-group-update name=example block_period=550

Human Readable Output#

IP List group successfully updated!#

Name
example

fortiwebvm-ip-list-group-list#


Supports API versions 1 & 2.

Base Command#

fortiwebvm-ip-list-group-list

Input#

Argument NameDescriptionRequired
nameIP list name.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.IpListGroup.idStringIP list ID.
FortiwebVM.IpListGroup.ip_list_countNumberThe number of IP list members.
FortiwebVM.IpListGroup.can_deleteBooleanWhether the Geo IP group can be deleted. Supports API version 1 only.
FortiwebVM.IpListGroup.q_refNumberThe CMDB reference count. Supports API version 2 only.
FortiwebVM.IpListGroup.q_typeNumberIP list group object type. Supports API version 2 only.
FortiwebVM.IpListGroup.can_cloneNumberWhether the IP list group can be cloned. Supports API version 2 only.
FortiwebVM.IpListGroup.block_periodNumberIP list group block period. Supports API version 2 only.
FortiwebVM.IpListGroup.can_viewNumberWhether you can view the IP list group. Supports API version 2 only.
FortiwebVM.IpListGroup.actionStringIP list group action. Supports API version 2 only.
FortiwebVM.IpListGroup.trigger_policyStringIP list group trigger policy name. Supports API version 2 only.
FortiwebVM.IpListGroup.severityStringIP list group severity. Supports API version 2 only.

Command example - API Version 1#

!fortiwebvm-ip-list-group-list name=example

Context Example#

{
"FortiwebVM": {
"IpListGroup": {
"can_delete": true,
"id": "example",
"ip_list_count": 0
}
}
}

Human Readable Output - API Version 1#

IP Lists Groups:#

Showing 1 rows out of 1. |Id|Ip List Count| |---|---| | example | 0 |

Context Example - API Version 2#

{
"FortiwebVM": {
"IpListGroup": {
"action": "alert_deny",
"block_period": 550,
"can_clone": 1,
"can_view": 0,
"id": "example",
"ip_list_count": 0,
"q_ref": 0,
"q_type": 1,
"severity": "Low",
"trigger_policy": ""
}
}
}

Human Readable Output - API Version 2#

IP Lists Groups:#

Showing 1 rows out of 1. |Id|Ip List Count|Action|Block Period|Severity|Trigger Policy| |---|---|---|---|---|---| | example | 0 | alert_deny | 550 | Low | |

fortiwebvm-ip-list-member-create#


Create an IP list member. Supports API versions 1 & 2.

Base Command#

fortiwebvm-ip-list-member-create

Input#

Argument NameDescriptionRequired
group_nameIP list group name.Required
typeThe type of the source IP address. Possible values are: Trust IP, Black IP, Allow Only Ip.Required
ip_addressIPv4/IPv6/IP range.Required
severityThe severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\". Possible values are: High, Medium, Low, Informative. Default is Medium.Optional
trigger_policyThe trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\".Optional

Context Output#

PathTypeDescription
FortiwebVM.IpListMember.idNumberIP list policy member ID.

Command example#

!fortiwebvm-ip-list-member-create group_name=example ip_address=1.2.3.4 type="Black IP"

Context Example#

{
"FortiwebVM": {
"IpListMember": {
"id": "1"
}
}
}

Human Readable Output#

IP List member successfully created!#

Id
1

fortiwebvm-ip-list-member-update#


Update IP list policy member.

Base Command#

fortiwebvm-ip-list-member-update

Input#

Argument NameDescriptionRequired
group_nameIP list group name.Required
member_idIP list policy member ID.Required
typeThe type of the source IP address. Possible values are: Trust IP, Black IP, Allow Only Ip.Optional
ip_addressIPv4/IPv6/IP range.Optional
severityThe severity level the FortiWeb appliance will use when a blacklisted IP address attempts to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\". Possible values are: High, Medium, Low, Informative.Optional
trigger_policyThe trigger, if any, that the FortiWeb appliance will use when it logs and/or sends an alert email about a blacklisted IP address's attempt to connect to your web servers. Supports API version 1 only. Required when type= \"Black Ip\".Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-ip-list-member-update group_name=example member_id=1 ip_address=1.2.3.6

Human Readable Output#

IP List member successfully updated!#

Id
1

fortiwebvm-ip-list-member-list#


List the IP list policy members.

Base Command#

fortiwebvm-ip-list-member-list

Input#

Argument NameDescriptionRequired
group_nameIP list group name.Required
member_idIP list member ID.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.IpListMember.group_nameStringIP list group name.
FortiwebVM.IpListMember.Members.idStringIP list member ID.
FortiwebVM.IpListMember.Members.typeStringIP list member type.
FortiwebVM.IpListMember.Members.severityStringIP list member severity. Supports API version 1 only.
FortiwebVM.IpListMember.Members.trigger_policyStringIP list member trigger policy. Supports API version 1 only.
FortiwebVM.IpListMember.Members.ipStringIP list member IP address.

Command example#

!fortiwebvm-ip-list-member-list group_name=example

Context Example - API Version 1#

{
"FortiwebVM": {
"IpListMember": {
"Members": [
{
"id": "1",
"ip": "1.2.3.4",
"severity": "Medium",
"trigger_policy": "",
"type": "Black IP"
}
],
"group_name": "example"
}
}
}

Human Readable Output - API Version 1#

IP Lists Members:#

Showing 1 rows out of 1. |Id|Type|Ip|Severity|Trigger Policy| |---|---|---|---|---| | 1 | Black IP | 1.2.3.4 | Medium | |

Context Example - API Version 2#

{
"FortiwebVM": {
"IpListMember": {
"Members": [
{
"id": "1",
"ip": "1.2.3.4",
"type": "Black IP"
}
],
"group_name": "example"
}
}
}

Human Readable Output - API Version 2#

IP Lists Members:#

Showing 1 rows out of 1. |Id|Type|Ip| |---|---|---| | 1 | Black IP | 1.2.3.4 |

fortiwebvm-ip-list-member-delete#


Delete an IP list policy member.

Base Command#

fortiwebvm-ip-list-member-delete

Input#

Argument NameDescriptionRequired
group_nameIP list group name.Required
member_idIP list policy member ID.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-ip-list-member-delete group_name=example member_id=1

Human Readable Output#

IP List member successfully deleted!#

Id
1

fortiwebvm-ip-list-group-delete#


Supports API versions 1 & 2.

Base Command#

fortiwebvm-ip-list-group-delete

Input#

Argument NameDescriptionRequired
nameIP list group name.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-ip-list-group-delete name=example

Human Readable Output#

IP List group successfully deleted!#

Id
example

fortiwebvm-custom-predefined-whitelist-update#


Update the custom predefined global whitelist.

Base Command#

fortiwebvm-custom-predefined-whitelist-update

Input#

Argument NameDescriptionRequired
idPredefined global whitelist ID.Required
statusStatus. Possible values are: enable, disable.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-custom-predefined-whitelist-update id=10002 status=disable

Human Readable Output#

Custom predifined whitelist member successfully updated!#

Id
10002

fortiwebvm-custom-predefined-whitelist-list#


Get custom predefined global whitelist.

Base Command#

fortiwebvm-custom-predefined-whitelist-list

Input#

Argument NameDescriptionRequired
idCustom predefined whitelist ID.Optional
typeType of the custom predefined whitelist. Possible values are: URL, Parameter, Cookie, Header Field.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.CustomPredefinedGlobalWhitelist.idNumberPredefined global whitelist member ID.
FortiwebVM.CustomPredefinedGlobalWhitelist.nameStringPredefined global whitelist member name.
FortiwebVM.CustomPredefinedGlobalWhitelist.pathStringPredefined global whitelist member path.
FortiwebVM.CustomPredefinedGlobalWhitelist.domainStringPredefined global whitelist member domain.
FortiwebVM.CustomPredefinedGlobalWhitelist.statusBooleanPredefined global whitelist member status.

Command example#

!fortiwebvm-custom-predefined-whitelist-list limit=1

Context Example#

{
"FortiwebVM": {
"CustomPredefinedGlobalWhitelist": {
"domain": "",
"id": 100002,
"name": "",
"path": "/browserconfig.xml",
"status": true
}
}
}

Human Readable Output#

Custom whitelist members:#

Showing 1 rows out of 36. |Id|Name|Path|Domain|Status| |---|---|---|---|---| | 100002 | | /browserconfig.xml | | true |

fortiwebvm-custom-whitelist-url-create#


Create a custom global whitelist URL object.

Base Command#

fortiwebvm-custom-whitelist-url-create

Input#

Argument NameDescriptionRequired
request_typeIndicate whether the request-file \"<url_str>\" field contains a literal URL (Simple String), or a regular expression designed to match multiple URLs (Regular Expression). Possible values are: Simple String, Regular Expression. Default is Simple String.Optional
request_urlDepending on your selection in the request-type {plain | regular} field, enter either: - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html.Required

Context Output#

PathTypeDescription
FortiwebVM.CustomGlobalWhitelist.idNumberCustom global whitelist ID

Command example#

!fortiwebvm-custom-whitelist-url-create request_url=/123

Context Example#

{
"FortiwebVM": {
"CustomGlobalWhitelist": {
"id": 1
}
}
}

Human Readable Output#

Custom whitelist URL member succesfuly created!#

Id
1

fortiwebvm-custom-whitelist-parameter-create#


Create a custom global whitelist parameter object.

Base Command#

fortiwebvm-custom-whitelist-parameter-create

Input#

Argument NameDescriptionRequired
request_typeIndicate whether the request-file \"<url_str>\" field contains a literal URL (plain), or a regular expression designed to match multiple URLs (regular). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. Default is Simple String.Optional
request_urlDepending on your selection in the request-type {plain | regular} field, enter either: - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html. Supports API version 2 only. Required when request_url_status= True.Optional
nameEnter the name of the parameter as it appears in the HTTP URL or body, such as rememberme.Required
name_typeIndicate whether the name \"<name_str>\" field will contain a literal parameter name (Simple String), or a regular expression designed to match all parameter names (Regular Expression). Supports API version 2 only. Possible values are: Simple String, Regular Expression. Default is Simple String.Optional
request_url_statusEnable to apply this rule only to HTTP requests for specific URLs. Supports API version 2 only. Possible values are: enable, disable. Default is disable.Optional
domain_statusEnable to apply this rule only to HTTP requests for specific domains. Supports API version 2 only. Possible values are: enable, disable. Default is disable.Optional
domain_typeIndicate whether the domain \"<cookie_str>\" field will contain a literal domain/IP address (Simple String), or a regular expression designed to match multiple domains/IP addresses (Regular Expression). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. Default is Simple String.Optional
domainThe partial or complete domain name or IP address as it appears in the cookie. Supports API version 2 only. Required when request_url_status= True.Optional

Context Output#

PathTypeDescription
FortiwebVM.CustomGlobalWhitelist.idNumberCustom global whitelist ID.

Command example#

!fortiwebvm-custom-whitelist-parameter-create name=example

Context Example#

{
"FortiwebVM": {
"CustomGlobalWhitelist": {
"id": 2
}
}
}

Human Readable Output#

Custom whitelist Parameter member succesfuly created!#

Id
2

fortiwebvm-custom-whitelist-cookie-create#


Create a custom global whitelist cookie object.

Base Command#

fortiwebvm-custom-whitelist-cookie-create

Input#

Argument NameDescriptionRequired
nameThe name of the cookie as it appears in the HTTP request, such as NID.Required
domainThe partial or complete domain name or IP address as it appears in the cookie.Optional
pathThe path as it appears in the cookie.Optional

Context Output#

PathTypeDescription
FortiwebVM.CustomGlobalWhitelist.idNumberCustom global whitelist ID

Command example#

!fortiwebvm-custom-whitelist-cookie-create name=example domain=abc path=/abc

Context Example#

{
"FortiwebVM": {
"CustomGlobalWhitelist": {
"id": 2
}
}
}

Human Readable Output#

Custom whitelist Cookie member succesfuly created!#

Id
2

fortiwebvm-custom-whitelist-header-field-create#


Create a custom global whitelist header field object. Supports API version 2 only.

Base Command#

fortiwebvm-custom-whitelist-header-field-create

Input#

Argument NameDescriptionRequired
nameEnter the name of the cookie as it appears in the HTTP header.Required
header_name_typeIndicate whether the type field will contain a literal name (Simple String), or a regular expression designed to match multiple names (Regular Expression). Possible values are: Simple String, Regular Expression. Default is Simple String.Optional
value_statusEnable to also check the value of the HTTP header. Only the HTTP headers that match both the name and the value will be allowlisted. Possible values are: enable, disable. Default is disable.Optional
header_value_typeIndicate whether the header name will contain a literal name (plain), or a regular expression designed to match multiple names (regular). Possible values are: Simple String, Regular Expression. Default is Simple String.Optional
valueThe value of the HTTP header. Required when value_status is enabled.Optional

Context Output#

PathTypeDescription
FortiwebVM.CustomGlobalWhitelist.idNumberCustom global whitelist ID.

fortiwebvm-custom-whitelist-url-update#


Update a custom global whitelist URL object.

Base Command#

fortiwebvm-custom-whitelist-url-update

Input#

Argument NameDescriptionRequired
idCustom global whitelist object ID.Required
statusEnable to exempt this object from all scans. Possible values are: enable, disable. Default is enable.Optional
request_typeIndicate whether the request-file \"<url_str>\" field contains a literal URL (plain), or a regular expression designed to match multiple URLs (regular). Possible values are: Simple String, Regular Expression.Optional
request_urlDepending on your selection in the request-type {plain | regular} field, enter either - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-custom-whitelist-url-update id=1 status=disable

Human Readable Output#

Custom whitelist URL member succesfuly updated!#

Id
1

fortiwebvm-custom-whitelist-parameter-update#


Update custom global whitelist parameter object.

Base Command#

fortiwebvm-custom-whitelist-parameter-update

Input#

Argument NameDescriptionRequired
idCustom global whitelist object ID.Required
statusEnable to exempt this object from all scans. Possible values are: enable, disable. Default is enable.Optional
request_typeIndicate whether the request-file \"<url_str>\" field contains a literal URL (plain), or a regular expression designed to match multiple URLs (regular). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression. Default is enable.Optional
request_urlDepending on your selection in the request-type {plain | regular} field, enter either: - The literal URL, such as /robots.txt, that the HTTP request must contain in order to match the rule. The URL must begin with a backslash ( / ). - A regular expression, such as ^/*.html, matching all and only the URLs to which the rule should apply. The pattern does not require a slash ( / ); however, it must at least match URLs that begin with a backslash, such as /index.html. Supports API version 2 only. Required when request_url_status= True.Optional
nameName.Optional
name_typeIndicate whether the name \"<name_str>\" field will contain a literal parameter name (Simple String), or a regular expression designed to match all parameter names (Regular Expression). Supports API version 2 only. Possible values are: Simple String, Regular Expression.Optional
request_url_statusEnable to apply this rule only to HTTP requests for specific URLs. Supports. Possible values are: enable, disable.Optional
domain_statusEnable to apply this rule only to HTTP requests for specific domains. Supports. Possible values are: enable, disable.Optional
domain_typeIndicate whether the domain \"<cookie_str>\" field will contain a literal domain/IP address (Simple String), or a regular expression designed to match multiple domains/IP addresses (Regular Expression). Supports API version 2 only. Required when request_url_status= True. Possible values are: Simple String, Regular Expression.Optional
domainEnter the partial or complete domain name or IP address as it appears in the cookie. Supports API version 2 only. Required when request_url_status= True.Optional

Context Output#

There is no context output for this command.

fortiwebvm-custom-whitelist-cookie-update#


Update a custom global whitelist cookie object.

Base Command#

fortiwebvm-custom-whitelist-cookie-update

Input#

Argument NameDescriptionRequired
idCustom global whitelist object ID.Required
statusEnable to exempt this object from all scans. Possible values are: enable, disable. Default is enable.Optional
nameEnter the name of the cookie as it appears in the HTTP request, such as NID.Optional
domainEnter the partial or complete domain name or IP address as it appears in the cookie.Optional
pathEnter the path as it appears in the cookie.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-custom-whitelist-cookie-update id=3 status=disable

Human Readable Output#

Custom whitelist Cookie member succesfuly updated!#

Id
3

fortiwebvm-custom-whitelist-header-field-update#


Update a custom global whitelist header field object. Supports API version 2 only.

Base Command#

fortiwebvm-custom-whitelist-header-field-update

Input#

Argument NameDescriptionRequired
idCustom global whitelist object ID.Required
statusEnable to exempt this object from all scans. Possible values are: enable, disable. Default is enable.Optional
header_name_typeIndicate whether the type field will contain a literal name (Simple String), or a regular expression designed to match multiple names (Regular Expression). Possible values are: Simple String, Regular Expression.Optional
nameThe name of the cookie as it appears in the HTTP header.Optional
header_value_typeIndicate whether the header name will contain a literal name (Simple String), or a regular expression designed to match multiple names (Regular Expression). Possible values are: Simple String, Regular Expression.Optional
value_statusEnable to also check the value of the HTTP header. Only the HTTP headers that match both the name and the value will be allowlisted. Possible values are: enable, disable.Optional
valueThe value of the HTTP header. Required when value_status is enabled.Optional

Context Output#

There is no context output for this command.

fortiwebvm-custom-whitelist-delete#


Delete a custom global whitelist object from the custom global whitelist.

Base Command#

fortiwebvm-custom-whitelist-delete

Input#

Argument NameDescriptionRequired
idObject ID number.Required

Context Output#

There is no context output for this command.

fortiwebvm-custom-whitelist-list#


List the custom global whitelist objects.

Base Command#

fortiwebvm-custom-whitelist-list

Input#

Argument NameDescriptionRequired
idCustom global whitelist object ID.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.CustomGlobalWhitelist.idNumberCustom global whitelist object ID.
FortiwebVM.CustomGlobalWhitelist.nameNumberCustom global whitelist object name.
FortiwebVM.CustomGlobalWhitelist.typeNumberCustom global whitelist object type.
FortiwebVM.CustomGlobalWhitelist.statusBooleanCustom global whitelist object status.
FortiwebVM.CustomGlobalWhitelist.request_typeNumberCustom global whitelist object request type.
FortiwebVM.CustomGlobalWhitelist.request_urlStringCustom global whitelist object request URL.
FortiwebVM.CustomGlobalWhitelist.header_name_typeStringCustom global whitelist object header type. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.domain_typeStringCustom global whitelist object domain type. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.name_typeStringCustom global whitelist object name type. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.request_url_statusStringCustom global whitelist object request file status. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.domain_statusStringCustom global whitelist object domain status. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.domainStringCustom global whitelist object domain. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.pathStringCustom global whitelist object path. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.header_value_typeStringCustom global whitelist object value type. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.valueStringCustom global whitelist object value. Supports API version 2 only.
FortiwebVM.CustomGlobalWhitelist.value_statusStringCustom global whitelist object value status. Supports API version 2 only.

Command example#

!fortiwebvm-custom-whitelist-list limit=1

Context Example - API Version 1#

{
"FortiwebVM": {
"CustomGlobalWhitelist": {
"domain": "",
"id": 1,
"name": "",
"path": "",
"request_type": "Simple String",
"request_url": "/123",
"status": false,
"type": "URL"
}
}
}

Human Readable Output - API Version 1#

Custom whitelist members:#

Showing 1 rows out of 3. |Id|Name|Request Url|Path|Domain|Status| |---|---|---|---|---|---| | 1 | | /123 | | | false |

Context Example - API Version 2#

{
"FortiwebVM": {
"CustomGlobalWhitelist": {
"domain": "",
"domain_status": "disable",
"domain_type": "",
"header_name_type": "",
"header_value_type": "",
"id": "1",
"name": "",
"name_type": "",
"path": "",
"request_type": "",
"request_url": "/123",
"request_url_status": "disable",
"status": "disable",
"type": "URL",
"value": "",
"value_status": "disable"
}
}
}

Human Readable Output - API Version 2#

Custom whitelist members:#

Showing 1 rows out of 3. |Id|Name|Request Url|Path|Domain|Status| |---|---|---|---|---|---| | 1 | | /123 | | | disable |

fortiwebvm-geo-ip-member-add#


Create Geo IP member.

Base Command#

fortiwebvm-geo-ip-member-add

Input#

Argument NameDescriptionRequired
group_nameGeo IP group name.Required
countriesComma-separated list of country names to add to the GEO IP list name. Possible values are: Afghanistan, Aland Islands, Albania, Algeria, American Samoa, Andorra, Angola, Anguilla, Antarctica, Antigua And Barbuda, Argentina, Armenia, Aruba, Australia, Austria, Azerbaijan, Bahamas, Bahrain, Bangladesh, Barbados, Belarus, Belgium, Belize, Benin, Bermuda, Bhutan, Bolivia, Bonaire Saint Eustatius And Saba, Bosnia And Herzegovina, Botswana, Brazil, British Indian Ocean Territory, British Virgin Islands, Brunei Darussalam, Bulgaria, Burkina Faso, Burundi, Cambodia, Cameroon, Canada, Cape Verde, Cayman Islands, Central African Republic, Chad, Chile, China, Colombia, Comoros, Congo, Cook Islands, Costa Rica, Cote D Ivoire, Croatia, Cuba, Curacao, Cyprus, Czech Republic, Democratic People S Republic Of Korea, Democratic Republic Of The Congo, Denmark, Djibouti, Dominica, Dominican Republic, Ecuador, Egypt, El Salvador, Equatorial Guinea, Eritrea, Estonia, Ethiopia, Falkland Islands Malvinas, Faroe Islands, Federated States Of Micronesia, Fiji, Finland, France, French Guiana, French Polynesia, Gabon, Gambia, Georgia, Germany, Ghana, Gibraltar, Greece, Greenland, Grenada, Guadeloupe, Guam, Guatemala, Guernsey, Guinea, Guinea-Bissau, Guyana, Haiti, Honduras, Hong Kong, Hungary, Iceland, India, Indonesia, Iran, Iraq, Ireland, Isle Of Man, Israel, Italy, Jamaica, Japan, Jersey, Jordan, Kazakhstan, Kenya, Kiribati, Kosovo, Kuwait, Kyrgyzstan, Lao People S Democratic Republic, Latvia, Lebanon, Lesotho, Liberia, Libya, Liechtenstein, Lithuania, Luxembourg, Macao, Macedonia, Madagascar, Malawi, Malaysia, Maldives, Mali, Malta, Marshall Islands, Martinique, Mauritania, Mauritius, Mayotte, Mexico, Moldova, Monaco, Mongolia, Montenegro, Montserrat, Morocco, Mozambique, Myanmar, Namibia, Nauru, Nepal, Netherlands, New Caledonia, New Zealand, Nicaragua, Niger, Nigeria, Niue, Norfolk Island, Northern Mariana Islands, Norway, Oman, Pakistan, Palau, Palestine, Panama, Papua New Guinea, Paraguay, Peru, Philippines, Poland, Portugal, Puerto Rico, Qatar, Republic Of Korea, Reunion, Romania, Russian Federation, Rwanda, Saint Bartelemey, Saint Kitts And Nevis, Saint Lucia, Saint Martin, Saint Pierre And Miquelon, Saint Vincent And The Grenadines, Samoa, San Marino, Sao Tome And Principe, Saudi Arabia, Senegal, Serbia, Seychelles, Sierra Leone, Singapore, Sint Maarten, Slovakia, Slovenia, Solomon Islands, Somalia, South Africa, South Georgia And The South Sandwich Islands, South Sudan, Spain, Sri Lanka, Sudan, Suriname, Swaziland, Sweden, Switzerland, Syria, Taiwan, Tajikistan, Tanzania, Thailand, Timor-Leste, Togo, Tokelau, Tonga, Trinidad And Tobago, Tunisia, Turkey, Turkmenistan, Turks And Caicos Islands, Tuvalu, Uganda, Ukraine, United Arab Emirates, United Kingdom, United States, Uruguay, U S Virgin Islands, Uzbekistan, Vanuatu, Vatican, Venezuela, Vietnam, Wallis And Futuna, Yemen, Zambia, Zimbabwe. Default is Low.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-geo-ip-member-add group_name=example countries=Algeria

Context Example#

{
"FortiwebVM": {
"GeoIpMember": {
"country": "Algeria",
"id": "1"
}
}
}

Human Readable Output#

Geo IP member successfully added!#

IdCountry
1Algeria

fortiwebvm-geo-ip-member-delete#


Delete Geo IP member .

Base Command#

fortiwebvm-geo-ip-member-delete

Input#

Argument NameDescriptionRequired
group_nameGeo IP group name.Required
member_idGeo IP member ID number. (The ID of the Geo IP member is the ID of the country in the Geo IP list.).Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-geo-ip-member-delete group_name=example member_id=1

Human Readable Output#

Geo IP member succesfuly deleted!#

Member Id
1

fortiwebvm-geo-ip-member-list#


Get Geo IP member.

Base Command#

fortiwebvm-geo-ip-member-list

Input#

Argument NameDescriptionRequired
group_nameGeo IP Name.Required
member_idGeo IP member ID number. (The ID of the Geo IP Member is the ID of the country in the Geo IP list.).Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.GeoIpMember.group_nameStringGeo IP member group name.
FortiwebVM.GeoIpMember.countries.idStringGeo IP member ID.
FortiwebVM.GeoIpMember.countries.countryNumberGeo IP member country name.

Command example#

!fortiwebvm-geo-ip-member-list group_name=example member_id=1

Context Example#

{
"FortiwebVM": {
"GeoIpMember": {
"countries": [
{
"country": "Algeria",
"id": "1"
}
],
"group_name": "example"
}
}
}

Human Readable Output#

Geo IP member:#

Showing 1 rows out of 1. |Id|Country| |---|---| | 1 | Algeria |

fortiwebvm-geo-ip-group-create#


Create Geo IP.

Base Command#

fortiwebvm-geo-ip-group-create

Input#

Argument NameDescriptionRequired
nameGeo IP group name.Required
trigger_policyEnter the name of the trigger to apply when this rule is violated.Optional
severityThe severity level to use in logs and reports generated when a violation of the rule occurs. Possible values are: High, Medium, Low, Info. Default is Low.Optional
exception_ruleGeo IP exception groups.Optional
actionSelect which action FortiWeb will take when it detects a violation of the rule: alert_deny โ€” Block the request (or reset the connection) and generate an alert and/or log message. deny_no_log โ€” Block the request (or reset the connection). block-period โ€” Block subsequent requests from the client for a number of seconds. Also configure block-period. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log). Default is Block period.Optional
block_periodThe number of seconds to block subsequent requests. The valid range is 1โ€“3,600 seconds. Relevant when action=Block period True. Supports API version 2 only. Default is 600.Optional
ignore_x_forwarded_forWhether to enable so that IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-geo-ip-group-create name=example

Human Readable Output#

Geo IP group successfully created!#

Name
example

fortiwebvm-geo-ip-group-update#


Update Geo IP.

Base Command#

fortiwebvm-geo-ip-group-update

Input#

Argument NameDescriptionRequired
nameGeo IP group name.Required
trigger_policyEnter the name of the trigger to apply when this rule is violated.Optional
severityThe severity level to use in logs and reports generated when a violation of the rule occurs. Possible values are: High, Medium, Low, Info.Optional
exception_ruleGeo IP exception groups.Optional
actionThe action FortiWeb will take when it detects a violation of the rule: alert_deny โ€” Block the request (or reset the connection) and generate an alert and/or log message.deny_no_log โ€” Block the request (or reset the connection). block-period โ€” Block subsequent requests from the client for a number of seconds. Also configure block-period. Supports API version 2 only. Possible values are: Alert deny, Block period, Deny (no log).Optional
block_periodThe number of seconds to block subsequent requests. The valid range is 1โ€“3,600 seconds. Supports API version 2 only.Optional
ignore_x_forwarded_forWhether to enable so that the IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only. Possible values are: enable, disable.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-geo-ip-group-update name=example

Human Readable Output#

Geo IP group successfully updated!#

Name
example

fortiwebvm-geo-ip-group-delete#


Delete Geo IP.

Base Command#

fortiwebvm-geo-ip-group-delete

Input#

Argument NameDescriptionRequired
nameGeo IP group name.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-geo-ip-group-delete name=example

Human Readable Output#

Geo IP group successfully deleted!#

Id
example

fortiwebvm-geo-ip-group-list#


Get Geo IP list.

Base Command#

fortiwebvm-geo-ip-group-list

Input#

Argument NameDescriptionRequired
nameGeo IP group name.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.GeoIpGroup.idNumberGeo IP group ID.
FortiwebVM.GeoIpGroup.countNumberThe number of Geo IP group members.
FortiwebVM.GeoIpGroup.trigger_policyStringGeo IP group trigger policy name.
FortiwebVM.GeoIpGroup.severityStringGeo IP group severity number.
FortiwebVM.GeoIpGroup.exceptStringGeo IP group exception groups.
FortiwebVM.GeoIpGroup.can_deleteBooleanWhether the Geo IP group can be deleted. Supports API version 1 only.
FortiwebVM.GeoIpGroup.actionStringGeo IP group action. Supports API version 2 only.
FortiwebVM.GeoIpGroup.block_periodNumberGeo IP group block period. Supports API version 2 only.
FortiwebVM.GeoIpGroup.ignore_x_forwarded_forStringWhether IP addresses will be scanned at the TCP layer instead of the HTTP layer. Supports API version 2 only.

fortiwebvm-system-operation-status-get#


Get operation status.

Base Command#

fortiwebvm-system-operation-status-get

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-system-operation-status-get

Context Example#

{
"FortiwebVM": {
"SystemOperation": [
{
"alias": "",
"id": "port1",
"ip_netmask": "192.168.30.137/24",
"label": 1,
"link": "Up",
"name": "port1",
"rx": 582306,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 18115
},
{
"alias": "",
"id": "port2",
"ip_netmask": "0.0.0.0/0",
"label": 2,
"link": "Up",
"name": "port2",
"rx": 571254,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port3",
"ip_netmask": "0.0.0.0/0",
"label": 3,
"link": "Up",
"name": "port3",
"rx": 571338,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port4",
"ip_netmask": "0.0.0.0/0",
"label": 4,
"link": "Up",
"name": "port4",
"rx": 571252,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port5",
"ip_netmask": "0.0.0.0/0",
"label": 5,
"link": "Up",
"name": "port5",
"rx": 571246,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port6",
"ip_netmask": "0.0.0.0/0",
"label": 6,
"link": "Up",
"name": "port6",
"rx": 571245,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port7",
"ip_netmask": "0.0.0.0/0",
"label": 7,
"link": "Up",
"name": "port7",
"rx": 571239,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port8",
"ip_netmask": "0.0.0.0/0",
"label": 8,
"link": "Up",
"name": "port8",
"rx": 571283,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port9",
"ip_netmask": "0.0.0.0/0",
"label": 9,
"link": "Up",
"name": "port9",
"rx": 572431,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
},
{
"alias": "",
"id": "port10",
"ip_netmask": "0.0.0.0/0",
"label": 10,
"link": "Up",
"name": "port10",
"rx": 572083,
"speed_duplex": "10000 Mbps/Full Duplex",
"tx": 141
}
]
}
}

Human Readable Output#

Operation networks:#

IdNameLabelAliasIp NetmaskSpeed DuplexTxRxLink
port1port11192.168.30.137/2410000 Mbps/Full Duplex18115582306Up
port2port220.0.0.0/010000 Mbps/Full Duplex141571254Up
port3port330.0.0.0/010000 Mbps/Full Duplex141571338Up
port4port440.0.0.0/010000 Mbps/Full Duplex141571252Up
port5port550.0.0.0/010000 Mbps/Full Duplex141571246Up
port6port660.0.0.0/010000 Mbps/Full Duplex141571245Up
port7port770.0.0.0/010000 Mbps/Full Duplex141571239Up
port8port880.0.0.0/010000 Mbps/Full Duplex141571283Up
port9port990.0.0.0/010000 Mbps/Full Duplex141572431Up
port10port10100.0.0.0/010000 Mbps/Full Duplex141572083Up

fortiwebvm-system-policy-status-get#


Get policy status.

Base Command#

fortiwebvm-system-policy-status-get

Input#

There are no input arguments for this command.

Command example#

!fortiwebvm-system-policy-status-get

Context Example - API Version 1#

{
"FortiwebVM": {
"SystemPolicy": {
"connction_per_second": 0,
"http_port": 80,
"https_port": null,
"id": "example",
"mode": "Single Server/Server Pool",
"name": "example",
"session_count": 0,
"status": "enable",
"vserver": "1.0.0.0/32/"
}
}
}

Human Readable Output - API Version 1#

Policy status:#

IdNameStatusVserverHttp PortHttps PortModeSession CountConnction Per Second
exampleexampleenable1.0.0.0/32/80Single Server/Server Pool00

Context Example - API Version 2#

{
"FortiwebVM": {
"SystemPolicy": {
"app_response_time": 0,
"client_rtt": 0,
"connction_per_second": 0,
"http_port": "80",
"https_port": null,
"id": "example",
"mode": "Single Server/Server Pool",
"name": "example",
"policy": 1099,
"protocol": "HTTP",
"server_rtt": 0,
"session_count": 0,
"status": "enable",
"vserver": ""
}
}
}

Human Readable Output - API Version 2#

Policy status:#

IdNameStatusVserverHttp PortHttps PortModeSession CountConnction Per SecondPolicyClient RttServer RttApp Response Time
exampleexampleenable80Single Server/Server Pool001099000

fortiwebvm-system-status-get#


Get system status.

Base Command#

fortiwebvm-system-status-get

Input#

There are no input arguments for this command.

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-system-status-get

Context Example - API Version 1#

{
"FortiwebVM": {
"SystemStatus": {
"administrativeDomain": "Disabled",
"antivirusService": {
"anti_expired": "Expired (1969-12-31)",
"anti_expired_text": "[Renew]",
"anti_expired_url": "http://support.fortinet.com/",
"anti_update_text": "[Update]",
"anti_update_url": "#navigate/SignatureUpdate",
"antivirusLastUpdateMethod": "Manual",
"antivirusLastUpdateTime": "1969-12-31",
"exVirusDatabaseVersion": "1.00000",
"regularVirusDatabaseVersion": "1.00000"
},
"bufferSizeMax": 102400,
"credentialStuffingDefense": {
"databaseVersion": "0.00000",
"expired": "Expired (1969-12-31)",
"expired_text": "[Renew]",
"expired_url": "http://support.fortinet.com/",
"lastUpdateTime": "1969-12-31"
},
"fileUploadLimitMax": 102400,
"fipcc": "Disabled",
"firmwareVersion": "FortiWeb-VM 6.12,build0421(GA),191218",
"firmware_partition": 2,
"haStatus": "Standalone",
"hostName": "FortiWeb",
"logDisk": "Available",
"operationMode": "Reverse Proxy",
"readonly": false,
"registration": {
"label": "[Unregistered]",
"text": "[Register]",
"url": "https://support.fortinet.com"
},
"reputationService": {
"reputationBuildNumber": "1.00020",
"reputationLastUpdateMethod": "Manual",
"reputationLastUpdateTime": "1969-12-31",
"reputation_expired": "Expired (1969-12-31)",
"reputation_expired_text": "[Renew]",
"reputation_expired_url": "http://support.fortinet.com/",
"reputation_update_text": "[Update]",
"reputation_update_url": "#navigate/SignatureUpdate"
},
"securityService": {
"buildNumber": "0.00240",
"expired": "Expired (1969-12-31)",
"expired_text": "[Renew]",
"expired_url": "http://support.fortinet.com/",
"lastUpdateMethod": "Manual",
"lastUpdateTime": "1969-12-31",
"update_text": "[Update]",
"update_url": "#navigate/SignatureUpdate"
},
"serialNumber": "FVVM00UNLICENSED",
"systemTime": "Sun Dec 25 01:01:32 2022\n",
"systemUptime": "2 day(s) 20 hour(s) 7 min(s)",
"vmLicense": "invalid"
}
}
}

Human Readable Output - API Version 1#

System Status:#

High Ability StatusHost NameSerial NumberOperation ModeSystem TimeFirmware VersionAdministrative DomainSystem UptimeFips And Cc ModeLog Disk
StandaloneFortiWebFVVM00UNLICENSEDReverse ProxySun Dec 25 01:01:32 2022
FortiWeb-VM 6.12,build0421(GA),191218Disabled2 day(s) 20 hour(s) 7 min(s)DisabledAvailable

Context Example - API Version 2#

{
"FortiwebVM": {
"SystemStatus": {
"administrativeDomain": "Disabled",
"bufferSizeMax": 102400,
"fileUploadLimitMax": 102400,
"firmwareVersion": "FortiWeb-AWS_OnDemand 7.03,build0111(GA),220912",
"firmware_partition": 2,
"haStatus": "Standalone",
"hostName": "FortiWeb",
"managerMode": "Standalone",
"operationMode": "Reverse Proxy",
"readonly": false,
"registration": {
"label": "*",
"text": "[Login]",
"url": "https://support.fortinet.com"
},
"serialNumber": "FVBAWS0001be9eec",
"systemTime": "Sun Dec 25 02:06:38 2022\n",
"up_days": "34",
"up_hrs": "20",
"up_mins": "45",
"vmLicense": "valid"
}
}
}

Human Readable Output - API Version 2#

System Status:#

High Ability StatusHost NameSerial NumberOperation ModeSystem TimeFirmware VersionAdministrative DomainManager StatusSysyem Up DaysSysyem Up HrsSysyem Up Mins
StandaloneFortiWebFVBAWS0001be9eecReverse ProxySun Dec 25 02:06:38 2022
FortiWeb-AWS_OnDemand 7.03,build0111(GA),220912DisabledStandalone342045

fortiwebvm-virtual-server-list#


List the virtual servers.

Base Command#

fortiwebvm-virtual-server-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.VirtualServer.idStringVirtual Server name.

Command example#

!fortiwebvm-virtual-server-list limit=1

Context Example#

{
"FortiwebVM": {
"VirtualServer": {
"id": "virtual1"
}
}
}

Human Readable Output#

Virtual Servers:#

Showing 1 rows out of 1. |Id| |---| | virtual1 |

fortiwebvm-geo-exception-list#


List the Geo exception groups.

Base Command#

fortiwebvm-geo-exception-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.GeoExceptionGroup.idStringGeo Exception Group Name.

Command example#

!fortiwebvm-geo-exception-list limit=1

Context Example#

{
"FortiwebVM": {
"GeoExceptionGroup": {
"id": "exception1"
}
}
}

Human Readable Output#

Geo exception:#

Showing 1 rows out of 1. |Id| |---| | exception1 |

fortiwebvm-trigger-policy-list#


List the trigger policy rules.

Base Command#

fortiwebvm-trigger-policy-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.TriggerPolicy.idStringTrigger policy name.

Command example#

!fortiwebvm-trigger-policy-list limit=1

Context Example#

{
"FortiwebVM": {
"TriggerPolicy": {
"id": "trigger1"
}
}
}

Human Readable Output#

Content Routing Policy:#

Showing 1 rows out of 1. |Id| |---| | trigger1 |

fortiwebvm-certificate-intermediate-group-list#


List the certificate intermediate groups.

Base Command#

fortiwebvm-certificate-intermediate-group-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.CertificateIntermediateGroup.idStringCertificate intermediate group name.

Command example#

!fortiwebvm-certificate-intermediate-group-list limit=1

Context Example#

{
"FortiwebVM": {
"CertificateIntermediateGroup": {
"id": "group"
}
}
}

Human Readable Output#

Content Routing Policy:#

Showing 1 rows out of 3. |Id| |---| | group |

fortiwebvm-server-pool-list#


List the server pools.

Base Command#

fortiwebvm-server-pool-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.ServerPool.idStringServer pool name.

Command example#

!fortiwebvm-server-pool-list limit=1

Context Example#

{
"FortiwebVM": {
"ServerPool": {
"id": "Strong Dev"
}
}
}

Human Readable Output#

Server pool:#

Showing 1 rows out of 2. |Id| |---| | Strong Dev |

fortiwebvm-http-service-list#


List the HTTP services.

Base Command#

fortiwebvm-http-service-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.HttpServiceList.idStringHTTP service name.

Command example#

!fortiwebvm-http-service-list limit=1

Context Example#

{
"FortiwebVM": {
"HttpServiceList": {
"id": "HTTP"
}
}
}

Human Readable Output#

HTTP services:#

Showing 1 rows out of 5. |Id| |---| | HTTP |

fortiwebvm-inline-protection-profile-list#


List the inline protection profiles.

Base Command#

fortiwebvm-inline-protection-profile-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.InlineProtectionProfile.idStringInline protection profile name.

Command example#

!fortiwebvm-inline-protection-profile-list limit=1

Context Example#

{
"FortiwebVM": {
"InlineProtectionProfile": {
"id": "Inline High Level Security"
}
}
}

Human Readable Output#

Inline Protection Profile:#

Showing 1 rows out of 10. |Id| |---| | Inline High Level Security |

fortiwebvm-server-policy-create#


Create a server policy.

Base Command#

fortiwebvm-server-policy-create

Input#

Argument NameDescriptionRequired
namePolicy Name.Required
json_template_idAllows the use of the server policy JSON template. All of the arguments listed below will be overridden.Optional
deployment_modeThe distribution method that FortiWeb uses when it forwards connections accepted by this policy. Possible values are: HTTP Content Routing, Single Server/Server Balance.Optional
virtual_serverThe name of a virtual server that provides the IP address and network interface of incoming traffic that FortiWeb routes and to which the policy applies a protection profile. The maximum length is 63 characters.Optional
match_onceEnable to forward subsequent requests from an identified client connection to the same server pool as the initial connection from the client. Required when: deployment_mode = "HTTP Content Routing". Possible values are: enable, disable. Default is disable.Optional
server_poolThe name of the server pool whose members receive the connections. Required when: deployment_mode = "Single Server/Server Balance".Optional
protected_hostnamesThe name of a protected hosts group to allow or reject connections based upon their host.Optional
client_real_ipEnable to configure FortiWeb to use the source IP address of the client that originated the request when it connects to a back-end server on behalf of that client. Possible values are: enable, disable. Default is disable.Optional
ip_rangeAn IP address or address range to directly connect to the back-end server. Required when: client_real_ip = "enable". Supports API version 2 only.Optional
syn_cookieEnable to detect TCP SYN flood attacks. Possible values are: enable, disable. Default is disable.Optional
half_open_threshThe maximum number of TCP SYN packets, including retransmissions, that FortiWeb allows to be sent per second to a destination address. If this threshold is exceeded, the FortiWeb appliance treats the traffic as a DoS attack and ignores additional traffic from that source address. The valid range is 10โ€“10,000. Default is 8192.Optional
http_serviceCustom or predefined service that defines the port number on which the virtual server receives HTTP traffic.Optional
https_serviceCustom or predefined service that defines the port number on which the virtual server receives HTTPS traffic.Optional
multi_certificateEnable to allow FortiWeb to use multiple local certificates.Optional
certificate_groupThe multi-certificate file you created. Required when: multi_certificate is enabled.Optional
proxyCertificate group name.Optional
redirect_to_httpsEnable to automatically redirect all HTTP requests to the HTTPS service with the same URL and parameters. Possible values are: enable, disable. Default is disable.Optional
inline_protection_profileInline web protection profile name.Optional
monitor_modeEnable to override deny and redirect actions defined in the server protection rules for the selected policy. This setting enables FortiWeb to log attacks without performing the deny or redirect action. Disable to allow FortiWeb to perform attack deny/redirect actions as defined by the server protection rules. Possible values are: enable, disable. Default is disable.Optional
url_case_sensitivityEnable to differentiate uniform resource locators (URLs) according to upper case and lower case letters for features that act upon the URLs in the headers of HTTP requests, such as block list rules, and allow list rules. Possible values are: enable, disable. Default is disable.Optional
commentsA description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 999 characters.Optional
certificate_typeCertificate type. Supports API version 2 only. Possible values are: Local, Multi Certificate, Letsencrypt. Default is Local.Optional
lets_certificateSelect the Letsencrypt certificate you created. Supports API version 2 only. Required when: certificate_type is 'Letsencrypt'.Optional
retry_onEnable to configure whether to retry a failed TCP connection or HTTP request in Reverse Proxy mode. Supports API version 2 only. Possible values are: enable, disable. Default is disable.Optional
retry_on_cache_sizeA cache size limit for the HTTP request packet. Supports API version 2 only. Required when: retry_on is enabled. Default is 512.Optional
retry_on_connect_failureEnable to configure the retry times in case of any TCP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable. Default is disable.Optional
retry_times_on_connect_failureThe number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on_connect_failure and retry_on are enabled. Possible values are: 1, 2, 3, 4, 5. Default is 3.Optional
retry_on_http_layerEnable to configure the retry times and failure response code in case of any HTTP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable. Default is disable.Optional
retry_times_on_http_layerThe number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 1, 2, 3, 4, 5. Default is 3.Optional
retry_on_http_response_codesThe failure return code when the pserver can be connected to determine enabling HTTP failure retry. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 404, 408, 500, 501, 502, 503, 504.Optional
scriptingEnable to perform actions that are not currently supported by the built-in feature set. Supports API version 2 only. Possible values are: enable, disable.Optional
scripting_listScripting list to perform actions that are not currently supported by the built-in feature set. Required when: scripting is enabled. Supports API version 2 only.Optional
allow_listThe Policy Based Allow list to use instead of the Global Allow List. Supports API version 2 only.Optional
replace_msgThe replacement message to apply to the policy. Supports API version 2 only.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-server-policy-create name=example virtual_server=virtual1 http_service=HTTP deployment_mode="HTTP Content Routing"

Human Readable Output#

Server Policy succesfuly created!#

Name
example

fortiwebvm-server-policy-update#


Update the server policy.

Base Command#

fortiwebvm-server-policy-update

Input#

Argument NameDescriptionRequired
namePolicy name.Required
deployment_modeDeployment mode. Possible values are: HTTP Content Routing, Single Server/Server Balance.Optional
virtual_serverThe name of a virtual server that provides the IP address and network interface of incoming traffic that FortiWeb routes and to which the policy applies a protection profile. The maximum length is 63 characters.Optional
match_onceEnable to forward subsequent requests from an identified client connection to the same server pool as the initial connection from the client. Required when: deployment_mode = "HTTP Content Routing". Possible values are: enable, disable. Default is disable.Optional
server_poolEnter the name of the server pool whose members receive the connections. Required when: deployment_mode = "Single Server/Server Balance".Optional
protected_hostnamesProtected hostnames group name. Enter the name of a protected hosts group to allow or reject connections based upon their host.Optional
client_real_ipEnable to configure FortiWeb to use the source IP address of the client that originated the request when it connects to a back-end server on behalf of that client.Optional
ip_rangeSpecify an IP address or address range to directly connect to the back-end server. Required when: client_real_ip = "enable". Supports API version 2 only.Optional
syn_cookieEnable to detect TCP SYN flood attacks. Possible values are: enable, disable. Default is disable.Optional
half_open_threshThe maximum number of TCP SYN packets, including retransmissions, that FortiWeb allows to be sent per second to a destination address. If this threshold is exceeded, the FortiWeb appliance treats the traffic as a DoS attack and ignores additional traffic from that source address. The valid range is 10โ€“10,000.Optional
http_serviceCustom or predefined service that defines the port number on which the virtual server receives HTTP traffic.Optional
https_serviceHTTPS service name. Custom or predefined service that defines the port number on which the virtual server receives HTTPS traffic.Optional
http2Enable HTTP/2. Required when: HTTPSService is not null. Possible values are: enable, disable. Default is disable.Optional
multi_certificateEnable to allow FortiWeb to use multiple local certificates.Optional
certificate_groupRequired when: multi-certificate is enabled. Select the multi-certificate file you created.Optional
certificateCertificate group name. Required when: multi-certificate is disabled.Optional
intergroupCertificate intermediate group. Required when: HTTPSService is not null.Optional
proxyEnable this option when proxy servers or load balancers are installed before FortiWeb. Possible values are: enable, disable. Default is disable.Optional
redirect_to_httpsEnable to automatically redirect all HTTP requests to the HTTPS service with the same URL and parameters.Optional
inline_protection_profileInline web protection profile name.Optional
monitor_modeEnable to override deny and redirect actions defined in the server protection rules for the selected policy. This setting enables FortiWeb to log attacks without performing the deny or redirect action. Disable to allow FortiWeb to perform attack deny/redirect actions as defined by the server protection rules. Possible values are: enable, disable. Default is disable.Optional
url_case_sensitivityEnable to differentiate uniform resource locators (URLs) according to upper case and lower case letters for features that act upon the URLs in the headers of HTTP requests, such as block list rules, and allow list rules.Optional
commentsA description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 999 characters.Optional
certificate_typeCertificate type. Supports API version 2 only. Possible values are: Local, Multi Certificate, Letsencrypt. Default is Local.Optional
lets_certificateSelect the Letsencrypt certificate you created. Supports API version 2 only. Required when: certificate-type is enabled.Optional
retry_onEnable to configure whether to retry a failed TCP connection or HTTP request in Reverse Proxy mode. Supports API version 2 only. Possible values are: enable, disable.Optional
retry_on_cache_sizeThe cache size limit for the HTTP request packet. Supports API version 2 only. Required when: retry_on is enabled.Optional
retry_on_connect_failureEnable to configure the retry times in case of any TCP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable.Optional
retry_times_on_connect_failureThe number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on_connect_failure and retry_on are enabled. Possible values are: 1, 2, 3, 4, 5.Optional
retry_on_http_layerEnable to configure the retry times and failure response code in case of any HTTP connection failure. Supports API version 2 only. Required when: retry_on is enabled. Possible values are: enable, disable.Optional
retry_times_on_http_layerThe number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 1, 2, 3, 4, 5.Optional
retry_on_http_response_codesThe failure return code when the pserver can be connected to determine enabling HTTP failure retry. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled. Possible values are: 404, 408, 500, 501, 502, 503, 504.Optional
scriptingEnable to perform actions that are not currently supported by the built-in feature set. Supports API version 2 only.Optional
scripting_listScripting list to perform actions that are not currently supported by the built-in feature set. Required when: scripting is enabled. Supports API version 2 only.Optional
allow_listThe Policy Based Allow list to use instead of the Global Allow List. Supports API version 2 only.Optional
replacemsgThe replacement message to apply to the policy. Supports API version 2 only.Optional
json_template_idAllows the use of the server policy JSON template. All of the arguments listed below will be overridden. For an example, see the integration.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-server-policy-update name=example

Human Readable Output#

Server Policy succesfuly updated!#

Name
example

fortiwebvm-server-policy-delete#


Delete the server policy.

Base Command#

fortiwebvm-server-policy-delete

Input#

Argument NameDescriptionRequired
namePolicy name.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-server-policy-delete name=example

Human Readable Output#

Server Policy succesfuly deleted!#

Id
example

fortiwebvm-server-policy-list#


List the server policies.

Base Command#

fortiwebvm-server-policy-list

Input#

Argument NameDescriptionRequired
nameServer policy name.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.ServerPolicy.nameStringServer policy name.
FortiwebVM.ServerPolicy.deployment_modeStringServer policy deployment mode.
FortiwebVM.ServerPolicy.protocolStringServer policy protocol.
FortiwebVM.ServerPolicy.web_protection_profileStringServer policy inherit web protection profile flag.
FortiwebVM.ServerPolicy.monitor_modeStringThis setting enables FortiWeb to log attacks without performing the deny or redirect action. Disable to allow FortiWeb to perform attack deny/redirect actions as defined by the server protection rules.
FortiwebVM.ServerPolicy.http_serviceStringCustom or predefined service that defines the port number on which the virtual server receives HTTPS traffic.
FortiwebVM.ServerPolicy.https_serviceStringCustom or predefined service that defines the port number on which the virtual server receives HTTPS traffic.
FortiwebVM.ServerPolicy.certificateStringServer policy certificate.
FortiwebVM.ServerPolicy.certificate_intermediate_groupStringServer policy certificate intermediate group.
FortiwebVM.ServerPolicy.server_poolStringServer policy server pool name.
FortiwebVM.ServerPolicy.protected_hostnamesStringServer policy protected hostname name.
FortiwebVM.ServerPolicy.client_real_ipStringEnable to configure FortiWeb to use the source IP address of the client that originated the request when it connects to a back-end server on behalf of that client.
FortiwebVM.ServerPolicy.syn_cookieStringWhether to detect TCP SYN flood attacks.
FortiwebVM.ServerPolicy.redirect_to_httpsStringWhether to automatically redirect all HTTP requests to the HTTPS service with the same URL and parameters.
FortiwebVM.ServerPolicy.http2StringWhether to enable HTTP/2. Required when: HTTPSService is not null.
FortiwebVM.ServerPolicy.url_case_sensitivityStringWhether to differentiate uniform resource locators (URLs) according to upper case and lower case letters for features that act upon the URLs in the headers of HTTP requests, such as block list rules, and allow list rules.
FortiwebVM.ServerPolicy.commentsStringA description or other comment. If the comment is more than one word or contains special characters, surround the comment with double quotes ( " ). The maximum length is 999 characters.
FortiwebVM.ServerPolicy.retry_onStringWhether to configure whether to retry a failed TCP connection or HTTP request in Reverse Proxy mode. Supports API version 2 only.
FortiwebVM.ServerPolicy.retry_on_cache_sizeStringA cache size limit for the HTTP request packet. Supports API version 2 only. Required when: retry_on is enabled.
FortiwebVM.ServerPolicy.retry_times_on_connect_failureStringThe number of retry times in case of any TCP connection failure. Supports API version 2 only. Required when: retry_on is enabled.
FortiwebVM.ServerPolicy.retry_on_http_layerStringThe number of retry times and failure response code in case of any HTTP connection failure. Supports API version 2 only. Required when: retry_on is enabled.
FortiwebVM.ServerPolicy.retry_times_on_http_layerStringThe number of retry times when FortiWeb reconnects the single server or switch to the other pserver. The valid range is 1-5. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled.
FortiwebVM.ServerPolicy.retry_on_http_response_codesStringThe failure return code when the pserver can be connected to determine enabling HTTP failure retry. Supports API version 2 only. Required when: retry_on and retry_on_http_layer are enabled.
FortiwebVM.ServerPolicy.scriptingStringWhether to perform actions that are not currently supported by the built-in feature set. Supports API version 2 only.
FortiwebVM.ServerPolicy.scripting_listStringServer policy scripting list. Required when: scripting is enabled. Supports API version 2 only.
FortiwebVM.ServerPolicy.allow_listStringServer policy allow list. Supports API version 2 only.
FortiwebVM.ServerPolicy.replace_msgStringServer policy replacement message. Supports API version 2 only. API version 2 only.

Command example#

!fortiwebvm-server-policy-list name=example

Context Example - API Version 1#

{
"FortiwebVM": {
"ServerPolicy": {
"certificate": "",
"certificate_intermediate_group": "",
"client_real_ip": false,
"comments": "",
"deployment_mode": "HTTP Content Routing",
"half_open_thresh": 8192,
"http2": false,
"http_service": "HTTP",
"https_service": "",
"monitor_mode": false,
"name": "example",
"protected_hostnames": "",
"protocol": "HTTP",
"redirect_to_https": false,
"server_pool": "",
"syn_cookie": false,
"url_case_sensitivity": false,
"virtual_server": "virtual1",
"web_protection_profile": ""
}
}
}

Human Readable Output - API Version 1#

Server Policies:#

Showing 1 rows out of 1. |Name|Deployment Mode|Virtual Server|Protocol|Web Protection Profile|Monitor Mode| |---|---|---|---|---|---| | example | HTTP Content Routing | virtual1 | HTTP | | false |

Context Example - API Version 2#

{
"FortiwebVM": {
"ServerPolicy": {
"allow_list": "",
"certificate": "",
"certificate_intermediate_group": "",
"client_real_ip": "disable",
"comments": "",
"deployment_mode": "HTTP Content Routing",
"half_open_thresh": 8192,
"http2": "disable",
"http_service": "HTTP",
"https_service": "",
"monitor_mode": "disable",
"name": "example",
"protected_hostnames": "",
"protocol": "HTTP",
"redirect_to_https": "disable",
"replace_msg": "Predefined",
"retry_on": "disable",
"retry_on_cache_size": 512,
"retry_on_connect_failure": "disable",
"retry_on_http_layer": "disable",
"retry_on_http_response_codes": "",
"retry_times_on_connect_failure": 3,
"retry_times_on_http_layer": 3,
"scripting": "disable",
"scripting_list": "",
"server_pool": "",
"syn_cookie": "disable",
"url_case_sensitivity": "disable",
"virtual_server": "virtual1",
"web_protection_profile": ""
}
}
}

Human Readable Output - API Version 2#

Server Policies:#

Showing 1 rows out of 1. |Name|Deployment Mode|Virtual Server|Protocol|Web Protection Profile|Monitor Mode| |---|---|---|---|---|---| | example | HTTP Content Routing | virtual1 | HTTP | | disable |

fortiwebvm-content-routing-policy-list#


List the HTTP content routing policies.

Base Command#

fortiwebvm-content-routing-policy-list

Input#

Argument NameDescriptionRequired
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.HttpContentRoutingPolicy.idStringPolicy name.

Command example#

!fortiwebvm-content-routing-policy-list limit=1

Context Example#

{
"FortiwebVM": {
"HttpContentRoutingPolicy": {
"id": "content1"
}
}
}

Human Readable Output#

Content Routing Policy:#

Showing 1 rows out of 1. |Id| |---| | content1 |

fortiwebvm-http-content-routing-member-add#


Create the server policy HTTP content routing member.

Base Command#

fortiwebvm-http-content-routing-member-add

Input#

Argument NameDescriptionRequired
policy_namePolicy name.Required
is_defaultWhether FortiWeb applies the protection profile to any traffic that does not match conditions specified in the HTTP content routing policies. Possible values are: yes, no. Default is no.Optional
http_content_routing_policyHTTP content routing policy name.Required
inherit_web_protection_profileWhether to enable the inherit web protection profile. Possible values are: enable, disable. Default is disable.Optional
profileWeb protection profile. This is required when inherit web protection profile is disabled.Optional
statusHTTP content routing member status. Supports API version 2 only. Possible values are: enable, disable. Default is enable.Optional

Context Output#

PathTypeDescription
FortiwebVM.HttpContentRoutingMember.idNumberHTTP content routing member ID.

Command example#

!fortiwebvm-http-content-routing-member-add policy_name=example http_content_routing_policy=content1

Context Example#

{
"FortiwebVM": {
"HttpContentRoutingMember": {
"id": "1"
}
}
}

Human Readable Output#

HTTP content routing member succesfuly created!#

Id
1

fortiwebvm-http-content-routing-member-update#


Update the server policy HTTP content routing member.

Base Command#

fortiwebvm-http-content-routing-member-update

Input#

Argument NameDescriptionRequired
policy_namePolicy name.Required
http_content_routing_policyHTTP content routing policy name.Optional
idServer policy HTTP content routing member ID.Required
is_defaultWhether FortiWeb applies the protection profile to any traffic that does not match conditions specified in the HTTP content routing policies. Possible values are: yes, no.Optional
inherit_web_protection_profileWhether to enable inherit web protection profile. Possible values are: enable, disable.Optional
profileWeb protection profile. This is required when inherit web protection profile is disabled. Supports API version 1 only.Optional
statusHTTP content routing member status. Supports API version 2 only. Possible values are: enable, disable.Optional

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-http-content-routing-member-update policy_name=example id=1

Human Readable Output#

HTTP content routing member succesfuly updated!#

Id
1

fortiwebvm-http-content-routing-member-delete#


Delete the server policy HTTP content routing member.

Base Command#

fortiwebvm-http-content-routing-member-delete

Input#

Argument NameDescriptionRequired
policy_namePolicy name.Required
idServer policy HTTP content routing member ID.Required

Context Output#

There is no context output for this command.

Command example#

!fortiwebvm-http-content-routing-member-delete policy_name=example id=1

Human Readable Output#

HTTP content routing member succesfuly deleted!#

Id
1

fortiwebvm-http-content-routing-member-list#


List the Server policy HTTP content routing members.

Base Command#

fortiwebvm-http-content-routing-member-list

Input#

Argument NameDescriptionRequired
policy_namePolicy name.Required
idServer policy HTTP content routing member ID.Optional
pageThe page number of the results to retrieve.Optional
page_sizeThe maximum number of records to retrieve per page.Optional
limitThe maximum number of records to retrieve. Default is 50.Optional

Context Output#

PathTypeDescription
FortiwebVM.HttpContentRoutingMember.policy_nameStringHTTP content routing policy name.
FortiwebVM.HttpContentRoutingMember.Members.idStringHTTP content routing ID.
FortiwebVM.HttpContentRoutingMember.Members.defaultStringWhether the HTTP content routing is the default.
FortiwebVM.HttpContentRoutingMember.Members.http_content_routing_policyStringHTTP content routing policy name.
FortiwebVM.HttpContentRoutingMember.Members.inherit_web_protection_profileBooleanHTTP content routing inherit web protection profile flag.
FortiwebVM.HttpContentRoutingMember.Members.profileStringHTTP content routing profile.
FortiwebVM.HttpContentRoutingMember.Members.statusStringHTTP content routing status. Supports API version 2 only.