This library is automatically generated, if you want support for a newer version, please open an issue.
PHP library used for interacting with Fortigate firewall (FortiOS) APIs (CMDB (Configuration), Log and Monitor). This library can retrieve, create, update and delete configuration on the firewall.
You can find all supported methods on Fortinet's developer website, you will need an account to browse information.
- Get Composer.
- Install the library using composer
composer require benclerc/fortinet-fortiosapi
. - Add the following to your application's main PHP file
require 'vendor/autoload.php';
. - Instanciate the Config class with the firewall's hostname, username and password
$configConnection = new \Fortinet\FortiOSAPI\Config('123.123.123.123', 'admin', 'password');
. - Use the Config object previously created to instanciate the FortiOSAPI object
$firewallConf = new \Fortinet\FortiOSAPI\Configuration($configConnection);
. - Start using the library
$staticRoutes = $firewallConf->getAllRouterStatic();
.
You can find a full documentation here.
This Config class is used to prepare the mandatory configuration information to instanciate and use the FortiOSAPI... classes. In the constructor you must pass :
- The firewall's hostname (FQDN) or IP address
- A valid user's username
- The valid user's password
Optional parameters :
- Timeout : 5000ms. Use
setTimeout()
to change. - SSL verify peer option : TRUE. Use
setSSLVerifyPeer()
to change. - SSL verify host option : 2. Use
setSSLVerifyHost()
to change. - API version : 2. Use
setAPIVersion()
to change.
// Basic configuration
$configConnection = new \Fortinet\FortiOSAPI\Config('123.123.123.123', 'admin', 'password');
// Configuration for very slow firewalls/long requests
$configConnection = new \Fortinet\FortiOSAPI\Config('123.123.123.123', 'admin', 'password');
$configConnection->setTimeout(20000);
// Unsecure configuration
$configConnection = new \Fortinet\FortiOSAPI\Config('123.123.123.123', 'admin', 'password');
$configConnection->setSSLVerifyPeer(FALSE)->setSSLVerifyHost(FALSE);
// Special API version
$configConnection = new \Fortinet\FortiOSAPI\Config('123.123.123.123', 'admin', 'password');
$configConnection->setAPIVersion(1);
// The class logins to the firewall when being instanciated hence the try/catch statement.
// Here I use the class Configuration for the example but it the same for Log and Monitor classes.
try {
$firewallConf = new \Fortinet\FortiOSAPI\Configuration($configConnection);
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
These classes uses Exception to handle errors, for nominal execution you should instanciate and request methods inside try/catch statements.
// Get one particular static route
try {
$res = $firewallConf->getRouterStatic(1);
echo('Gateway is : '.$res->results[0]->gateway);
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
// Get routes using filters
try {
// Will return fields dst and status of default gateways
$res = $firewallConf->getAllRouterStatic(NULL, NULL, NULL, NULL, NULL, NULL, ['dst', 'status'], ['dst==0.0.0.0 0.0.0.0']);
// For obvious reasons, it would be a charm to use the new PHP 8.0 syntax to call the method :
// $firewallConf->getAllRouterStatic(format: ['dst', 'status'], filter: ['dst==0.0.0.0 0.0.0.0'])
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
// Set a static route
// Define the route
$staticRoute = new stdClass;
$staticRoute->status = 'enable';
$staticRoute->dst = '1.1.1.1 255.255.255.255';
$staticRoute->src = '198.168.1.0 255.255.255.0';
$staticRoute->gateway = '198.168.1.254';
$staticRoute->device = 'lan';
$staticRoute->distance = 20;
// Send the request to the firewall
try {
$res = $firewallConf->addRouterStatic($staticRoute);
if ($res->status == 'success') {
echo('Route added');
} else {
echo('Route adding failed');
}
} catch (Exception $e) {
echo('Handle error : '.$e->getMessage());
}
This library also supports transactions : start a transaction, create, update, delete, and depending on the result commit or abort your changes.
// Start transaction
$firewallConf->startTransaction();
// Create many IP objects
$error = FALSE;
for ($i=1; $i < 50; $i++) {
// Create body object
$ip = new stdClass;
$ip->name = 'IP'.$i;
$ip->type = 'subnet';
$ip->subnet = '10.1.'.$i.'.0/24';
// Create object on the firewall
try {
$firewallConf->addFirewallAddress($ip);
echo("[SUCCESS] Created IP ".$ip->name.".\n");
} catch (Exception $e) {
echo("[ERROR] Unable to create IP : ".$ip->name.". Details : ".$e->getMessage()."\n");
$error = TRUE;
}
}
// Check error
if ($error === FALSE) {
// No errors, commit
$firewallConf->commitTransaction();
} else {
// Errors, abort and rollback
$firewallConf->abortTransaction();
}