Lighted Networks / Fortinet | Create network interface with Python

Created Sun, 29 Dec 2024 20:34:14 +0100
694 Words

Fortinet | Create network interface with Python!

Introduction

Welcome to my first blog post! In this post, I’ll walk you through the process of creating, changing, and deleting network interfaces on a FortiGate device using Python and its REST API. This script will be useful for automating tasks such as managing interfaces on FortiGate devices, whether you’re working on a single device or managing multiple units.

One of my goals with this blog is not only to share what I’ve learned but also to continue learning along the way. As a network engineer and a technology enthusiast, I believe that sharing knowledge is a powerful way to both teach and expand one’s own understanding. Writing these posts helps me solidify my learning while giving others the opportunity to grow with me.

Index

  • Generate REST API token
  • Generate a base script
  • Create an interface
  • Change an interface
  • Delete an interface

Generating REST API token

SSH

config system api-user
    edit [API user name] ## example: Python-API
        set accprofile super_admin
            config trusthost
            edit 1
                set ipv4-trusthost x.x.x.x/y
            next
            edit 2
                set type ipv6-trusthost
                set ipv6-trusthost xxxx:xxxx:xxxx:xxxx:xxxx::xxxx/y
            next
        end
    next
end

HTTPS

Navigate to System -> Administrators -> Create New -> REST API Admin Fill in the following:

  • Username: [API user name] for example: Python-API
  • Administrator profile: super_admin
  • PKI Group: toggle off
  • Trusted Hosts: x.x.x.x/y and/or xxxx:xxxx:xxxx:xxxx:xxxx::xxxx/y

Generate a base script

We need to generate a base script to communicate with the FortiGate in order to add, change and delete an interface later on.

Import some libraries to communicate with the FortiGate

import requests  ## API handling
import urllib3  ## Suppress SSL warning

Define the variables

fortigate_api_token = '' ## Specify API token generated in FortiGate Administrators
fortigate_ip = '' ## Specify FortiGate IP with HTTPS access
fortigate_port = '' ## Specify FortiGate HTTPS port

Create a reference for the requests library

apisession = requests.session()

Disable SSL verification

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) ## Disable invalid SSL warning
apisession.verify = False

Define the API header

## API header
api_header = {
    'Accept': 'application/json', ## Specify API format
    'Authorization': f'Bearer {fortigate_api_token}' ## Specify Bearer token
}

Create an interface

Using the base script, you can now add functionality to create an interface.

Define function

def create_interface(api_url, api_body, headers):
    response = apisession.post(api_url, json=api_body, headers=headers)
    return response

Define the API url

interfaceapi = f'https://{fortigate_ip}:{fortigate_port}/api/v2/cmdb/system/interface'

Define the API body

interfaceapi_body = {
                "name": "", ## Example: Test
                "vdom": "root", ## Default VDOM
                "mode": "static", ## static / dhcp
                "ip": "x.x.x.x/y", ## Example: 1.1.1.1/32
                "status": "up", ## up / down
                "vlanid": "", ## Example: 1001 
                "interface": "", ## Example: internal1
                "role": "lan" ## lan / wan / dmz / undefined
                }

Send the request to FortiGate

interfaceapi_request = create_interface(interfaceapi, interfaceapi_body, api_header)
    if interfaceapi_request.status_code == 200:
    print(f'Interface creation successfull')
    else:
    print(f'Interface creation failed, code: {interfaceapi_request.status_code}') ## Print HTTP error status code

Verify the interface creation

SSH
config system interface
show
HTTPS

Navigate to Network -> Interfaces

Change an interface

Using the base script, you can now add functionality to change an interface.

Define function

def change_interface(api_url, api_body, headers):
    response = apisession.put(api_url, json=api_body, headers=headers)
    return response

Define the API url

interfaceapi = f'https://{fortigate_ip}:{fortigate_port}/api/v2/cmdb/system/interface/<interface_name>'

Define the API body

interfaceapi_body = {
                "name": "", ## Example: Test
                "vdom": "root", ## Default VDOM
                "mode": "static", ## static / dhcp
                "ip": "x.x.x.x/y", ## Example: 1.1.1.1/32
                "status": "up", ## up / down
                "vlanid": "", ## Example: 1001 
                "interface": "", ## Example: internal1
                "role": "lan" ## lan / wan / dmz / undefined
                }

Send the request to FortiGate

interfaceapi_request = change_interface(interfaceapi, interfaceapi_body, api_header)
    if interfaceapi_request.status_code == 200:
    print(f'Interface changed successfull')
    else:
    print(f'Interface change failed, code: {interfaceapi_request.status_code}') ## Print HTTP error status code

Verify the interface creation

SSH
config system interface
show
HTTPS

Navigate to Network -> Interfaces

Delete an interface

Using the base script, you can now add functionality to delete an interface.

Define function

def change_interface(api_url, headers):
    response = apisession.delete(api_url, headers=headers)
    return response

Define the API url

interfaceapi = f'https://{fortigate_ip}:{fortigate_port}/api/v2/cmdb/system/interface/<interface_name>'

Send the request to FortiGate

interfaceapi_request = change_interface(interfaceapi, api_header)
    if interfaceapi_request.status_code == 200:
    print(f'Interface changed successfull')
    else:
    print(f'Interface change failed, code: {interfaceapi_request.status_code}') ## Print HTTP error status code

Verify the interface creation

SSH
config system interface
show
HTTPS

Navigate to Network -> Interfaces