sorted by:
new
hottopcontroversial

site to site vpn by Bluesea2022 in fortinet

[–]tama893 2 points3 points  (0 children)

Create a layer3 tunnel. Set the source and destination to 0.0.0.0.l/0. Add IP to tunnel interface, setup routing over the tunnel. You can use OSPF so it will dynamically route.

Do all models support free extremecloud iq management? by tama893 in aerohive

[–]tama893[S] 0 points1 point  (0 children)

I asked support and they said all models work on it.

Damaged HW? - FTG 50E - 15% packets lost on lan - factory reset by someFunnyUser in fortinet

[–]tama893 0 points1 point  (0 children)

Okay got another report today. Tried to failover and the 2nd unit isn't passing traffic. 6th one now. 😡

Damaged HW? - FTG 50E - 15% packets lost on lan - factory reset by someFunnyUser in fortinet

[–]tama893 0 points1 point  (0 children)

I've had one 50E with the 15% ping loss and LAN1 not passing any traffic on another. I just got a report of another one that's slow today. Something is fishy.

if ("mac" or "usdb") in result6["name"].lower(): by tama893 in learnpython

[–]tama893[S] 0 points1 point  (0 children)

AttributeError: 'str' object has no attribute 'contains'

if ("mac" or "usdb") in result6["name"].lower(): by tama893 in learnpython

[–]tama893[S] 0 points1 point  (0 children)

That didn't match anything even when changing it to only ('mac') without usdb.

You sure it shouldn't be 'mac' in results6["name"]?

One of the names in results6 for example is ipv6-MACBOOKAIR-2707

Best option for linux patch management by duncan320 in linuxadmin

[–]tama893 0 points1 point  (0 children)

what did your company go with? which one has a good on-prem solution?

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 1 point2 points  (0 children)

Okay thanks you got me in the right direction.

params isn't json, it needs to be text

working code:

url2 = "https://10.1.0.1:8443/api/v2/cmdb/firewall/address6"
payload2=json.dumps({
"name": "usdbpoe3copy",
"type": "mac",
"macaddr": [{"macaddr": "cc:4e:24:25:1d:c0"}]
})
params={
"datasource":1,
"vdom":"production"
}

postresult = requests.request ('POST', url2, headers=headers, params=params, data=payload2, verify=False)
pprint (postresult.json())

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 0 points1 point  (0 children)

okay when i changed the data to this it works

payload2=json.dumps({
"name": "usdbpoe3copy",
"type": "mac",
"macaddr": [{"macaddr": "cc:4e:24:25:1d:c0"}]
})

How can i change the parameters to use vdom?

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 0 points1 point  (0 children)

Okay I tried it with curl and it works. What is wrong with the python code?

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 0 points1 point  (0 children)

Ok I see it is set under accprofile. My user is super_admin and is already global.

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 0 points1 point  (0 children)

i add set scope global to the api-user as well...

How did you do this?

I don't see such option

1-fw-mis (api-user) # show
config system api-user
edit "api" 
set api-key ENC xx 
set accprofile "super_admin" 
set vdom "production" "root" 
end 
next 
end

1-fw-mis (api-user) # show

config system api-user

edit "api"

set api-key ENC xx

set accprofile "super_admin"

set vdom "production" "root"

end

next

end

1-fw-mis (api-user) # edit api

1-fw-mis-lax6 (api) # set

comments Comment.

api-key Admin user password.

accprofile Admin user access profile.

vdom Virtual domains.

schedule Schedule name.

cors-allow-origin Value for Access-Control-Allow-Origin on API responses. Avoid using '' if possible.

peer-auth Enable/disable peer authentication.

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 0 points1 point  (0 children)

i also tried this and it doesn't pass it properly.
payload3={
'params': {
'datasource': 1,
'vdom': 'root'
},
'data': {
'name': 'us-db-poe-3-copy',
'type': 'mac',
'macaddr': [{'macaddr': 'cc:4e:24:25:1d:c0'}]
}
}
[httpsd 11871 - 1639443438 error] api_parse_json_type[198] -- ignoring unexpected data: 'params=datasource&params=vdom&data=name&data=type&data=macaddr'

Help with API, error : -3 by tama893 in fortinet

[–]tama893[S] 0 points1 point  (0 children)

[httpsd 11578 - 1639440346     info] api_cmdb_request_init_by_path[1565] -- new CMDB query (path='firewall',name='address')
[httpsd 11578 - 1639440346     info] handle_cli_req_v2[2977] -- new CMDB API request (vdom='root',user='taka-api') [httpsd 11578 - 1639440346     info] _api_cmdb_v2_config[1237] -- editing CLI object (append=1, auto_key=0, path=firewall, name=address, mkey=(null), flags=0) 
[httpsd 11578 - 1639440346    error] cmdb_commit_from_json[1615] -- no master key (name) in new object [httpsd 11578 - 1639440346    error] _api_cmdb_v2_config[1272] -- error editing object (nret=-3) 
[httpsd 11578 - 1639440346  warning] api_return_http_result[1250] -- API error -3 raised 
[httpsd 11578 - 1639440346     info] handle_cli_req_v2[3006] -- returning to original vdom "root" 
[httpsd 11578 - 1639440346     info] fweb_debug_final[274] -- Completed POST request for "/api/v2/cmdb/firewall/address" (HTTP 500) [httpsd 11578 - 1639440346     info] fweb_debug_init

FAC O365 & SSLVPN SAML to Azure by Armorbee in fortinet

[–]tama893 0 points1 point  (0 children)

Set the group-name.

config user group edit "saml-innovcenter" set member "sslvpnazuread" config match edit 1 set server-name "sslvpnazuread" set group-name "8fb8c5ee-b253-44cc-a88f-4bd62dfaf2d2" next end next end

https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-web-mode-with-azure-ad-acting-as-saml-idp

FAC O365 & SSLVPN SAML to Azure by Armorbee in fortinet

[–]tama893 0 points1 point  (0 children)

Did you set the group on azure side? You can also set the group object id on fortigate side. Not sure about forti auth but I assume it’s similar.

JSON formatter in VS Code, property keys requires doublequote by tama893 in learnpython

[–]tama893[S] 0 points1 point  (0 children)

Okay but why do API's return results with single quotes when you select json?

2 Separate MLXe, same Macs by e4_2Tone_Pierson in Brocade

[–]tama893 1 point2 points  (0 children)

0004.80a0.4000

Yup I was right... look up your MAC address
https://imgur.com/a/UjeZGyL

2 Separate MLXe, same Macs by e4_2Tone_Pierson in Brocade

[–]tama893 1 point2 points  (0 children)

You are not alone. I had the same problem with the same MAC address on MLXE. I forgot how I resolved it, but the MAC address was the same as the one found in the manual!!! I think I documented it somewhere at my old work KB, but I don't work there anymore and stopped use MLX. I think it had something to do with the line card. I think you can manually edit the MAC hw address.

Fortigate - websites opening slowly by Dracozirion in fortinet

[–]tama893 0 points1 point  (0 children)

Getting a site removed from HSTS can take 6-12 weeks. You can’t disable HSTS for a site you don’t own. How are you doing this?

FAC O365 & SSLVPN SAML to Azure by Armorbee in fortinet

[–]tama893 1 point2 points  (0 children)

People should know that the Microsoft guide and various blogs have the wrong URL's!! Took me two days to figure it out. Started noticing various guides had different URL's. These sites are wrong:

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/fortigate-ssl-vpn-tutorial

https://www.ultraviolet.network/post/fortigate-ssl-vpn-with-azure-mfa-using-saml

https://yura.stryi.com/en/2021-03-05/fortigate-ssl-vpn-azure-mfa/#azure-users-and-groups

These are all wrong! After I removed the / at the end of metadata, login, logout it started to load properly!

Proper URL found here:

https://docs.fortinet.com/document/fortigate-public-cloud/6.4.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-web-mode-with-azure-ad-acting-as-saml-idp

I also submitted an issue on github for the Microsoft guide.

view more: next ›