This library is automatically generated, if you want support for a newer version, please open an issue.
PHP library used for interacting with Fortinet firewall manager (FortiManager) APIs (CLI, DeviceManager, PolicyManager, SecurityConsole, System and Task). This library can retrieve, create, update and delete configuration on the FortiManager.
You can find all supported methods on Fortinet's developer website, you will need an account to browse information.
- Get Composer.
- Install the library using composer
composer require benclerc/fortinet-fortimanagerapi. - Add the following to your application's main PHP file
require 'vendor/autoload.php';. - Instanciate the Config class with the fortimanager's hostname, username and password
$configConnection = new \Fortinet\FortiManagerAPI\Config('123.123.123.123', 'admin', 'password');. - Use the Config object previously created to instanciate the wanted class
$policyManager = new \Fortinet\FortiManagerAPI\PolicyManager($configConnection);. - Start using the library
$globalAddrObj = $policyManager->getGlobalObjectFirewallAddress();.
You can find a full documentation here.
This Config class is used to prepare the mandatory configuration information to instanciate and use the different classes. In the constructor you must pass :
- The fortimanager's hostname (FQDN) or IP address
- A valid user's username
- The valid user's password
Optional parameters :
- Timeout : 5000ms. Use
setTimeout()to change. - SSL verify peer option : TRUE. Use
setSSLVerifyPeer()to change. - SSL verify host option : 2. Use
setSSLVerifyHost()to change.
// Basic configuration
$configConnection = new \Fortinet\FortiManagerAPI\Config('123.123.123.123', 'admin', 'password');
// Configuration for very slow firewalls/long requests
$configConnection = new \Fortinet\FortiManagerAPI\Config('123.123.123.123', 'admin', 'password');
$configConnection->setTimeout(20000);
// Unsecure configuration
$configConnection = new \Fortinet\FortiManagerAPI\Config('123.123.123.123', 'admin', 'password');
$configConnection->setSSLVerifyPeer(FALSE)->setSSLVerifyHost(FALSE);
// The class logins to the FortiManager when being instanciated hence the try/catch statement.
// Here I use the class PolicyManager for the example but it the same for the other classes.
try {
$policyManager = new \Fortinet\FortiManagerAPI\PolicyManager($configConnection);
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}These classes uses Exception to handle errors, for nominal execution you should instanciate and request methods inside try/catch statements.
// Get an address object named OBJ_IP in global database
try {
$res = $policyManager->getOneGlobalObjectFirewallAddress('OBJ_IP');
echo('Subnet is : '.$res->results[0]->subnet[0].'/'.$res->results[0]->subnet[1]);
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
// Get an address object named OBJ_IP in 'root' ADOM
try {
$res = $policyManager->getOneAdomObjectFirewallAddress('root', 'OBJ_IP');
echo('Subnet is : '.$res->results[0]->subnet[0].'/'.$res->results[0]->subnet[1]);
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
// Add a new address object in the global database
// Define the object
$ip = new stdClass;
$ip->name = 'OBJ_IP';
$ip->type = 'ipmask';
$ip->subnet = '10.1.1.0/24';
// Send the request to the FortiManager
try {
$res = $policyManager->addGlobalObjectFirewallAddress($ip);
echo('Success !');
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
// Add a new address object in 'root' ADOM
// Send the request to the FortiManager
try {
$res = $policyManager->addAdomObjectFirewallAddress('root', $ip);
echo('Success !');
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}This library also supports workspace locking. It allows to lock the workspace, make changes and then commit thoses changes or unlock without committing (rollback).
You have to enable workspace on the FortiManager first.
// Lock workspace ('root' VDOM)
$policyManager->execAdomWorkspaceLock('root');
// Create many IP objects
$error = FALSE;
for ($i=1; $i < 50; $i++) {
// Define the object
$ip = new stdClass;
$ip->name = 'OBJ_IP'.$i;
$ip->type = 'ipmask';
$ip->subnet = '10.1.'.$i.'.0/24';
// Send the request to the FortiManager
try {
$res = $policyManager->addGlobalObjectFirewallAddress($ip);
echo($ip->name.' Success !');
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
}
// Check error
if ($error === FALSE) {
// No errors, commit changes
$policyManager->execAdomWorkspaceCommit('root');
} else {
// Errors, abort and rollback
$policyManager->execAdomWorkspaceUnlock('root');
}
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent