Fortinet API

Objective

I want to copy the Let’s Encrypt Certificate from my web server to the FortiOS every 60-90 days.  Create the Deep Inspection Certificate and apply it to the policies.  Put the same certificate and all locations in the FortiOS.

I created the API User and received the API Key for the python code.  I created a config.py file to store the key and pass it to the AP and urlI.  

config.py

# Add this file to your .gitignore to prevent it from being committed to version control
ACCESS_TOKEN = 'xxxxxxxxxxxxxxxxxxxxxxxxxx'

api_url = 'https://xxxxxxxxxxxxxxxxxxxxxxxxx/api/v2/monitor/system/config/backup'

IPv6

I had to go into the CLI to add the /64 IPv6 Trusted Host address to the Rest API user account.   You can’t add the /64 to the GUI.  xxxx:xxxx:xxxx:xxxx::/64

config system api-user
    edit "xxxxxxxxxxxx"
        set comments ''
        set api-key ENC xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        set accprofile "xxxxxxxxxxxx"
        set vdom "root"
        set schedule ''
        set cors-allow-origin ''
        set peer-auth disable
        config trusthost
            edit 1
                set type ipv4-trusthost
                set ipv4-trusthost xx.xx.xx.xx 255.255.255.0
            next
            edit 2
                set type ipv4-trusthost
                set ipv4-trusthost xx.xx.xx.xx 255.255.255.255
            next
            edit 3
                set type ipv4-trusthost
                set ipv4-trusthost xx.xx.xx.xx 255.255.255.0
            next
            edit 4
                set type ipv4-trusthost
                set ipv4-trusthost xx.xx.xx.xx 255.255.255.255
            next
            edit 5
                set type ipv6-trusthost
                set ipv6-trusthost xxxx:xxxx:xxxx:xxxx::/64
            next
        end
    next
end
x