InsightConnect Marketplace

Fortinet FortiGate

Back to Marketplace

Fortinet FortiGate

v4.0.4

FortiGate Next Generation Firewalls (NGFWs) enable security-driven networking and consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection

Tags: firewall, fortinet, fortigate


Actions
  • Add Address Object to Group
  • Check if Address in Group
  • Create Address Object
  • Delete Address Object
  • Get Address Objects
  • Get Policies
  • Remove Address Object from Group

Description

FortiGate Next Generation Firewalls (NGFWs) enable security-driven networking and consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection.

Key Features

  • Create network address objects
  • Add address object to address groups

The intended way to use this plugin is to have an existing policy in place with a predefined address group in it. As threats are detected, their address can be added to your existing policy through the address group. This allows for flexible policy management of large groups of dynamic addresses.

Requirements

  • An admin API key
  • The IP of the orchestrator must be set as a trusted host in Settings > Administrator (Edit button) > Trusted Hosts

Documentation

Setup

The connection configuration accepts the following parameters:

Name Type Default Required Description Enum Example
api_key credential_secret_key None True API key None 2Fty5834tFpBdidePJnt9075MMdkUb
hostname string None True Hostname or IP of your FortiGate server e.g. myfortigate.internal, 192.168.10.1, 192.168.10.1:8000 None example.com
ssl_verify boolean None True SSL verify None False

Example input:

{
  "api_key": "2Fty5834tFpBdidePJnt9075MMdkUb",
  "hostname": "example.com",
  "ssl_verify": false
}

Technical Details

Actions

Remove Address Object from Group

This action removes an address object from an address group.

Input
Name Type Default Required Description Enum Example
address_object string None True Address object None 198.51.100.100
group string None True Group name None InsightConnect Block List

Example input:

{
  "address_object": "198.51.100.100",
  "group": "InsightConnect Block List"
}
Output
Name Type Required Description
result_object object True An object containing the results of the action
success boolean True Was the operation successful

Example output:

{
  "success": true,
  "result_object": {
    "http_method": "PUT",
    "revision": "ae0c665d9d5ad469c280efc424e00e29",
    "revision_changed": true,
    "old_revision": "94d82356a2bc4cb05963807103392ca3",
    "mkey": "Test Group",
    "status": "success",
    "http_status": 200,
    "vdom": "root",
    "path": "firewall",
    "name": "addrgrp",
    "serial": "FGVM02TM20001791",
    "version": "v6.2.3",
    "build": 1066
  }
}

Check if Address in Group

This action is used to check if an IP address is in an address group.

Input
Name Type Default Required Description Enum Example
address string None True The Address Object name to check. If Enable Search is set to true then we search the addresses (IP, CIDR, domain) within the address object instead of matching the name None 198.51.100.100
enable_search boolean False True When enabled, the Address input will accept a IP, CIDR, or domain name to search across the available Address Objects in the system. This is useful when you don't know the Address Object by its name None False
group string None True Name of Address Group to check for address None InsightConnect Block Policy

Example input:

{
  "address": "198.51.100.100",
  "enable_search": false,
  "group": "InsightConnect Block Policy"
}
Output
Name Type Required Description
address_objects []string True The names of the address objects that match or contain the address
found boolean True Was address found in group

Example output:

{
  "found": true,
  "address_objects": ["198.51.100.100/32"]
}

Get Policies

This action is used to get policies.

Input
Name Type Default Required Description Enum Example
name_filter string None False Optional name to filter on None InsightConnect Block Policy

Example input:

{
  "name_filter": "InsightConnect Block Policy"
}
Output
Name Type Required Description
policies []policies False Policies

Example output:

{
  "policies": [
    {
      "policyid": 1,
      "q_origin_key": 1,
      "name": "Test Policy",
      "uuid": "6193559a-6862-51ea-44ce-e27594b8536a",
      "srcintf": [
        {
          "name": "port1",
          "q_origin_key": "port1"
        }
      ],
      "dstintf": [
        {
          "name": "port1",
          "q_origin_key": "port1"
        }
      ],
      "srcaddr": [
        {
          "name": "Test Group",
          "q_origin_key": "Test Group"
        }
      ],
      "dstaddr": [
        {
          "name": "Test Group",
          "q_origin_key": "Test Group"
        }
      ],
      "internet-service": "disable",
      "internet-service-id": [],
      "internet-service-group": [],
      "internet-service-custom": [],
      "internet-service-custom-group": [],
      "internet-service-src": "disable",
      "internet-service-src-id": [],
      "internet-service-src-group": [],
      "internet-service-src-custom": [],
      "internet-service-src-custom-group": [],
      "reputation-minimum": 0,
      "reputation-direction": "destination",
      "rtp-nat": "disable",
      "rtp-addr": [],
      "action": "accept",
      "send-deny-packet": "disable",
      "firewall-session-dirty": "check-all",
      "status": "enable",
      "schedule": "always",
      "schedule-timeout": "disable",
      "service": [
        {
          "name": "ALL",
          "q_origin_key": "ALL"
        }
      ],
      "tos": "0x00",
      "tos-mask": "0x00",
      "tos-negate": "disable",
      "anti-replay": "enable",
      "tcp-session-without-syn": "disable",
      "geoip-anycast": "disable",
      "utm-status": "disable",
      "inspection-mode": "flow",
      "http-policy-redirect": "disable",
      "ssh-policy-redirect": "disable",
      "profile-type": "single",
      "profile-protocol-options": "default",
      "ssl-ssh-profile": "no-inspection",
      "logtraffic": "utm",
      "logtraffic-start": "disable",
      "capture-packet": "disable",
      "auto-asic-offload": "enable",
      "wanopt": "disable",
      "wanopt-detection": "active",
      "wanopt-passive-opt": "default",
      "webcache": "disable",
      "webcache-https": "disable",
      "application": [],
      "app-category": [],
      "url-category": [],
      "app-group": [],
      "nat": "enable",
      "permit-any-host": "disable",
      "permit-stun-host": "disable",
      "fixedport": "disable",
      "ippool": "disable",
      "poolname": [],
      "session-ttl": "0",
      "vlan-cos-fwd": 255,
      "vlan-cos-rev": 255,
      "inbound": "disable",
      "outbound": "enable",
      "natinbound": "disable",
      "natoutbound": "disable",
      "wccp": "disable",
      "ntlm": "disable",
      "ntlm-guest": "disable",
      "ntlm-enabled-browsers": [],
      "fsso": "enable",
      "wsso": "enable",
      "rsso": "disable",
      "groups": [],
      "users": [],
      "fsso-groups": [],
      "auth-path": "disable",
      "disclaimer": "disable",
      "email-collect": "disable",
      "natip": "0.0.0.0 0.0.0.0",
      "match-vip": "disable",
      "match-vip-only": "disable",
      "diffserv-forward": "disable",
      "diffserv-reverse": "disable",
      "diffservcode-forward": "000000",
      "diffservcode-rev": "000000",
      "tcp-mss-sender": 0,
      "tcp-mss-receiver": 0,
      "block-notification": "disable",
      "custom-log-fields": [],
      "srcaddr-negate": "disable",
      "dstaddr-negate": "disable",
      "service-negate": "disable",
      "internet-service-negate": "disable",
      "internet-service-src-negate": "disable",
      "timeout-send-rst": "disable",
      "captive-portal-exempt": "disable",
      "ssl-mirror": "disable",
      "ssl-mirror-intf": [],
      "dsri": "disable",
      "radius-mac-auth-bypass": "disable",
      "delay-tcp-npu-session": "disable"
    }
  ]
}

Add Address Object to Group

This action is used to add an address object to an address group.

Input
Name Type Default Required Description Enum Example
address_object string None True Address object None 198.51.100.100
group string None True Group name None InsightConnect Block List

Example input:

{
  "address_object": "198.51.100.100",
  "group": "InsightConnect Block List"
}
Output
Name Type Required Description
result_object object True An object containing the results of the action
success boolean True Was the operation successful

Example output:

{
  "success": true,
  "result_object": {
    "http_method": "PUT",
    "revision": "ae0c665d9d5ad469c280efc424e00e29",
    "revision_changed": true,
    "old_revision": "94d82356a2bc4cb05963807103392ca3",
    "mkey": "Test Group",
    "status": "success",
    "http_status": 200,
    "vdom": "root",
    "path": "firewall",
    "name": "addrgrp",
    "serial": "FGVM02TM20001791",
    "version": "v6.2.3",
    "build": 1066
  }
}

Create Address Object

This action is used to create an address object.

Input
Name Type Default Required Description Enum Example
address string None True The address to assign to the Address Object. This can be an IP address, CIDR IP address e.g. 198.51.100.0/24, or a domain name None 198.51.100.100
address_object string None False Optional name to give this address object. If not provided, the name will be the value of address input field None MaliciousHost
skip_rfc1918 boolean True True Skip private IP addresses as defined in RFC 1918 None True
whitelist []string None False This list contains a set of network object that should not be blocked. This can be an IP address, CIDR IP address e.g. 198.51.100.0/24, or a domain name None ["198.51.100.100", "example.com", "192.0.2.0/24"]

Example input:

{
  "address": "198.51.100.100",
  "address_object": "MaliciousHost",
  "skip_rfc1918": true,
  "whitelist": [
    "198.51.100.100",
    "example.com",
    "192.0.2.0/24"
  ]
}
Output
Name Type Required Description
response_object object True Information about the operation that was performed
success boolean True Boolean value indicating the success of the operation

Example output:

{
  "success": true,
  "response_object": {
    "http_method": "POST",
    "revision": "e089319342f23d5e31b70f5edfb5164c",
    "revision_changed": true,
    "old_revision": "d04190fe309ea6ce1fbf4be1e5cd3233",
    "mkey": "192.168.2.1",
    "status": "success",
    "http_status": 200,
    "vdom": "root",
    "path": "firewall",
    "name": "address",
    "serial": "FGVM02TM20001791",
    "version": "v6.2.3",
    "build": 1066
  }
}

Delete Address Object

This action is used to delete an address object.

Input
Name Type Default Required Description Enum Example
address_object string None True Name of Address Object to delete None MaliciousHost

Example input:

{
  "address_object": "MaliciousHost"
}
Output
Name Type Required Description
response_object object True Information about the operation that was performed
success boolean True Boolean value indicating the success of the operation

Example output:

{
  "success": true,
  "response_object": {
    "http_method": "DELETE",
    "revision": "31a57b41b37574780e38a4be9a5cf117",
    "revision_changed": true,
    "old_revision": "e089319342f23d5e31b70f5edfb5164c",
    "mkey": "192.168.3.1/32",
    "status": "success",
    "http_status": 200,
    "vdom": "root",
    "path": "firewall",
    "name": "address",
    "serial": "FGVM02TM20001791",
    "version": "v6.2.3",
    "build": 1066
  }
}

Get Address Objects

This action is used to get address objects.

Input
Name Type Default Required Description Enum Example
name_filter string None False Optional name to filter on None 198.51.100.100

Example input:

{
  "name_filter": "198.51.100.100"
}
Output
Name Type Required Description
address_objects []object True A list of address objects

Example output:

{
  "address_objects": [
    {
      "name": "FABRIC_DEVICE",
      "q_origin_key": "FABRIC_DEVICE",
      "uuid": "7773d538-25a0-51ea-fcb2-a2340d71f5d9",
      "subnet": "0.0.0.0 0.0.0.0",
      "type": "ipmask",
      "sub-type": "sdn",
      "clearpass-spt": "unknown",
      "start-mac": "00:00:00:00:00:00",
      "end-mac": "00:00:00:00:00:00",
      "cache-ttl": 0,
      "fsso-group": [],
      "comment": "IPv4 addresses of Fabric Devices.",
      "visibility": "enable",
      "color": 0,
      "sdn-addr-type": "private",
      "list": [],
      "tagging": [],
      "allow-routing": "disable"
    }
  ]
}

Triggers

This plugin does not contain any triggers.

Custom Output Types

address_objects

Name Type Required Description
Allow-Routing string False Allow-routing
Cache-TTL integer False Cache-TTL
Clear Pass-Spt string False Clear Pass-spt
Color integer False Color
Comment string False Comment
End-MAC string False End-MAC
FSSO-Group []object False FSSO-group
List []object False List
Name string False Name
Q Origin Key string False Q origin key
Sdn-Addr-Type string False Sdn-addr-type
Start-MAC string False Start-MAC
Sub-Type string False Sub-type
Subnet string False Subnet
Tagging []object False Tagging
Type string False Type
UUID string False UUID
Visibility string False Visibility

dstaddr

Name Type Required Description
Name string False Name
Q Origin Key string False Q origin key

policies

Name Type Required Description
Action string False Action
Anti-Replay string False Anti-replay
App-Category []object False App-category
App-Group []object False App-group
Application []object False Application
Auth-Path string False Auth-path
Auto-ASIC-Offload string False Auto-ASIC-offload
Block-Notification string False Block-notification
Captive-Portal-Exempt string False Captive-portal-exempt
Capture-Packet string False Capture-packet
Delay-TCP-Npu-Session string False Delay-TCP-npu-session
Diffserv-Forward string False Diffserv-forward
Diffserv-Reverse string False Diffserv-reverse
Diffservcode-Forward string False Diffservcode-forward
Diffservcode-Rev string False Diffservcode-rev
Disclaimer string False Disclaimer
DSRI string False DSRI
Dstaddr []dstaddr False Dstaddr
Dstaddr-Negate string False Dstaddr-negate
Dstintf []dstaddr False Dstintf
Email-Collect string False Email-collect
Firewall-Session-Dirty string False Firewall-session-dirty
Fixed Port string False Fixed port
FSSO string False FSSO
FSSO-Groups []object False FSSO-groups
Geoip-Anycast string False Geoip-anycast
Groups []object False Groups
HTTP-Policy-Redirect string False HTTP-policy-redirect
Inbound string False Inbound
Inspection-Mode string False Inspection-mode
Internet-Service string False Internet-service
Internet-Service-Custom []object False Internet-service-custom
Internet-Service-Group []object False Internet-service-group
Internet-Service-Negate string False Internet-service-negate
Internet-Service-Src string False Internet-service-src
Internet-Service-Src-Group []object False Internet-service-src-group
Internet-Service-Src-Negate string False Internet-service-src-negate
IP Pool string False IP pool
Log Traffic string False Log Traffic
Logtraffic-Start string False Logtraffic-start
Match-VIP string False Match-VIP
Match-VIP-Only string False Match-VIP-only
Name string False Name
NAT string False NAT
NAT Inbound string False NAT inbound
NAT IP string False NAT IP
NAT Outbound string False NAT outbound
NTLM string False NTLM
NTLM-Enabled-Browsers []object False NTLM-enabled-browsers
NTLM-Guest string False NTLM-guest
Outbound string False Outbound
Permit-Any-Host string False Permit-any-host
Permit-Stun-Host string False Permit-stun-host
Policy ID integer False Policy ID
Profile-Protocol-Options string False Profile-protocol-options
Profile-Type string False Profile-type
Q Origin Key integer False Q origin key
Radius-MAC-Auth-Bypass string False Radius-MAC-auth-bypass
Reputation-Direction string False Reputation-direction
Reputation-Minimum integer False Reputation-minimum
RSSO string False RSSO
Rtp-Addr []object False Rtp-addr
RTP-NAT string False RTP-NAT
Schedule string False Schedule
Schedule-Timeout string False Schedule-timeout
Send-Deny-Packet string False Send-deny-packet
Service []dstaddr False Service
Service-Negate string False Service-negate
Session-TTL string False Session-TTL
Srcaddr []dstaddr False Srcaddr
Srcaddr-Negate string False Srcaddr-negate
Srcintf []dstaddr False Srcintf
SSH-Policy-Redirect string False SSH-policy-redirect
SSL-Mirror string False SSL-mirror
Ssl-Ssh-Profile string False Ssl-ssh-profile
Status string False Status
Tcp-Mss-Receiver integer False Tcp-mss-receiver
TCP-Mss-Sender integer False TCP-mss-sender
TCP-Session-Without-SYN string False TCP-session-without-SYN
Timeout-Send-RST string False Timeout-send-RST
TOS string False TOS
TOS-Mask string False TOS-mask
TOS-Negate string False TOS-negate
URL-Category []object False URL-category
Users []object False Users
UTM-Status string False UTM-status
UUID string False UUID
Vlan-Cos-Fwd integer False Vlan-cos-fwd
Vlan-Cos-Rev integer False Vlan-cos-rev
WAN Option string False WAN option
WAN opt-Detection string False WAN opt-detection
WAN opt-Passive-Opt string False WAN opt-passive-opt
WCCP string False WCCP
Webcache string False Webcache
Web cache-https string False Web cache-https
WSSO string False WSSO

Troubleshooting

In order for this plugin to communicate with the Fortigate firewall, the orchestrator's IP address must be added to the trusted hosts list for the API admin account. To accomplish this, log into the FortiGate firewall. Go to the System tab -> Administrator subtab and then select and edit the API admin. Add the orchestrator's IP address to the trusted hosts in CIDR form e.g. 198.51.100.100/32

Version History

  • 4.0.4 - Improve error messaging around HTTP 401 status codes to indicate that the InsightConnect orchestrator IP address not being in the trusted host list may be the cause
  • 4.0.3 - Improve assistance message when the API returns an Internal Server Errror
  • 4.0.2 - Support host URL in connection | Improve Create Address Object action to allow for IPs and CIDRs as input
  • 4.0.1 - Bug fix where some names were being incorrectly parsed in the Check if Address in Group action causing the action to fail
  • 4.0.0 - Update Create Address Object action to accept a RFC1918 whitelist | Add enable_search functionality to Check if Address in Group action
  • 3.0.0 - Revise action input/output naming schemes | Add example inputs | New action Remove Address Object from Group
  • 2.0.0 - Simplify the Create Address Object action to auto-detect the input type | Add whitelist safety check to Create Address Object action
  • 1.1.0 - New Action Check if IP is in Address Group
  • 1.0.0 - Initial plugin

Links

References

plugin_spec_version: v2
extension: plugin
products: [insightconnect]
name: fortinet_fortigate
title: Fortinet FortiGate
description: FortiGate Next Generation Firewalls (NGFWs) enable security-driven networking and consolidate industry-leading security capabilities such as intrusion prevention system (IPS), web filtering, secure sockets layer (SSL) inspection, and automated threat protection
version: 4.0.4
vendor: rapid7
support: community
status: []
resources:
  source_url: https://github.com/rapid7/insightconnect-plugins/tree/master/fortinet_fortigate
  license_url: https://github.com/rapid7/insightconnect-plugins/blob/master/LICENSE
  vendor_url: https://www.fortinet.com/products/next-generation-firewall.html
tags:
- firewall
- fortinet
- fortigate
hub_tags:
  use_cases: [application_management, threat_detection_and_response, vulnerability_management]
  keywords: [firewall, fortinet, fortigate]
  features: []

types:
  dstaddr:
    q_origin_key:
      title: "Q Origin Key"
      type: string
      description: "Q origin key"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
  policies:
    wanopt-passive-opt:
      title: "WAN opt-Passive-Opt"
      type: string
      description: "WAN opt-passive-opt"
      required: false
    wanopt-detection:
      title: "WAN opt-Detection"
      type: string
      description: "WAN opt-detection"
      required: false
    webcache-https:
      title: "Web cache-https"
      type: string
      description: "Web cache-https"
      required: false
    uuid:
      title: "UUID"
      type: string
      description: "UUID"
      required: false
    match-vip-only:
      title: "Match-VIP-Only"
      type: string
      description: "Match-VIP-only"
      required: false
    session-ttl:
      title: "Session-TTL"
      type: string
      description: "Session-TTL"
      required: false
    ntlm-guest:
      title: "NTLM-Guest"
      type: string
      description: "NTLM-guest"
      required: false
    tos-mask:
      title: "TOS-Mask"
      type: string
      description: "TOS-mask"
      required: false
    diffservcode-rev:
      title: "Diffservcode-Rev"
      type: string
      description: "Diffservcode-rev"
      required: false
    match-vip:
      title: "Match-VIP"
      type: string
      description: "Match-VIP"
      required: false
    natip:
      title: "NAT IP"
      type: string
      description: "NAT IP"
      required: false
    reputation-direction:
      title: "Reputation-Direction"
      type: string
      description: "Reputation-direction"
      required: false
    schedule-timeout:
      title: "Schedule-Timeout"
      type: string
      description: "Schedule-timeout"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    tcp-session-without-syn:
      title: "TCP-Session-Without-SYN"
      type: string
      description: "TCP-session-without-SYN"
      required: false
    rtp-nat:
      title: "RTP-NAT"
      type: string
      description: "RTP-NAT"
      required: false
    permit-stun-host:
      title: "Permit-STUN-Host"
      type: string
      description: "Permit-STUN-host"
      required: false
    natoutbound:
      title: "NAT Outbound"
      type: string
      description: "NAT outbound"
      required: false
    http-policy-redirect:
      title: "HTTP-Policy-Redirect"
      type: string
      description: "HTTP-policy-redirect"
      required: false
    logtraffic:
      title: "Log Traffic"
      type: string
      description: "Log Traffic"
      required: false
    ntlm:
      title: "NTLM"
      type: string
      description: "NTLM"
      required: false
    timeout-send-rst:
      title: "Timeout-Send-RST"
      type: string
      description: "Timeout-send-RST"
      required: false
    anti-replay:
      title: "Anti-Replay"
      type: string
      description: "Anti-replay"
      required: false
    diffservcode-forward:
      title: "Diffservcode-Forward"
      type: string
      description: "Diffservcode-forward"
      required: false
    users:
      title: "Users"
      type: "[]object"
      description: "Users"
      required: false
    diffserv-forward:
      title: "Diffserv-Forward"
      type: string
      description: "Diffserv-forward"
      required: false
    firewall-session-dirty:
      title: "Firewall-Session-Dirty"
      type: string
      description: "Firewall-session-dirty"
      required: false
    wanopt:
      title: "WAN Option"
      type: string
      description: "WAN option"
      required: false
    schedule:
      title: "Schedule"
      type: string
      description: "Schedule"
      required: false
    auth-path:
      title: "Auth-Path"
      type: string
      description: "Auth-path"
      required: false
    vlan-cos-fwd:
      title: "Vlan-Cos-Fwd"
      type: integer
      description: "Vlan-cos-fwd"
      required: false
    internet-service-negate:
      title: "Internet-Service-Negate"
      type: string
      description: "Internet-service-negate"
      required: false
    dstintf:
      title: "Dstintf"
      type: "[]dstaddr"
      description: "Dstintf"
      required: false
    srcintf:
      title: "Srcintf"
      type: "[]dstaddr"
      description: "Srcintf"
      required: false
    block-notification:
      title: "Block-Notification"
      type: string
      description: "Block-notification"
      required: false
    service-negate:
      title: "Service-Negate"
      type: string
      description: "Service-negate"
      required: false
    action:
      title: "Action"
      type: string
      description: "Action"
      required: false
    disclaimer:
      title: "Disclaimer"
      type: string
      description: "Disclaimer"
      required: false
    dstaddr-negate:
      title: "Dstaddr-Negate"
      type: string
      description: "Dstaddr-negate"
      required: false
    logtraffic-start:
      title: "Logtraffic-Start"
      type: string
      description: "Logtraffic-start"
      required: false
    groups:
      title: "Groups"
      type: "[]object"
      description: "Groups"
      required: false
    internet-service-src:
      title: "Internet-Service-Src"
      type: string
      description: "Internet-service-src"
      required: false
    webcache:
      title: "Webcache"
      type: string
      description: "Webcache"
      required: false
    utm-status:
      title: "UTM-Status"
      type: string
      description: "UTM-status"
      required: false
    ippool:
      title: "IP Pool"
      type: string
      description: "IP pool"
      required: false
    service:
      title: "Service"
      type: "[]dstaddr"
      description: "Service"
      required: false
    wccp:
      title: "WCCP"
      type: string
      description: "WCCP"
      required: false
    tos:
      title: "TOS"
      type: string
      description: "TOS"
      required: false
    auto-asic-offload:
      title: "Auto-ASIC-Offload"
      type: string
      description: "Auto-ASIC-offload"
      required: false
    srcaddr-negate:
      title: "Srcaddr-Negate"
      type: string
      description: "Srcaddr-negate"
      required: false
    capture-packet:
      title: "Capture-Packet"
      type: string
      description: "Capture-packet"
      required: false
    ssh-policy-redirect:
      title: "SSH-Policy-Redirect"
      type: string
      description: "SSH-policy-redirect"
      required: false
    internet-service:
      title: "Internet-Service"
      type: string
      description: "Internet-service"
      required: false
    inbound:
      title: "Inbound"
      type: string
      description: "Inbound"
      required: false
    profile-type:
      title: "Profile-Type"
      type: string
      description: "Profile-type"
      required: false
    ssl-mirror:
      title: "SSL-Mirror"
      type: string
      description: "SSL-mirror"
      required: false
    inspection-mode:
      title: "Inspection-Mode"
      type: string
      description: "Inspection-mode"
      required: false
    send-deny-packet:
      title: "Send-Deny-Packet"
      type: string
      description: "Send-deny-packet"
      required: false
    permit-any-host:
      title: "Permit-Any-Host"
      type: string
      description: "Permit-any-host"
      required: false
    internet-service-src-negate:
      title: "Internet-Service-Src-Negate"
      type: string
      description: "Internet-service-src-negate"
      required: false
    ntlm-enabled-browsers:
      title: "NTLM-Enabled-Browsers"
      type: "[]object"
      description: "NTLM-enabled-browsers"
      required: false
    rsso:
      title: "RSSO"
      type: string
      description: "RSSO"
      required: false
    app-group:
      title: "App-Group"
      type: "[]object"
      description: "App-group"
      required: false
    tcp-mss-sender:
      title: "TCP-Mss-Sender"
      type: integer
      description: "TCP-mss-sender"
      required: false
    reputation-minimum:
      title: "Reputation-Minimum"
      type: integer
      description: "Reputation-minimum"
      required: false
    natinbound:
      title: "NAT Inbound"
      type: string
      description: "NAT inbound"
      required: false
    fixedport:
      title: "Fixed Port"
      type: string
      description: "Fixed port"
      required: false
    dsri:
      title: "DSRI"
      type: string
      description: "DSRI"
      required: false
    outbound:
      title: "Outbound"
      type: string
      description: "Outbound"
      required: false
    fsso-groups:
      title: "FSSO-Groups"
      type: "[]object"
      description: "FSSO-groups"
      required: false
    url-category:
      title: "URL-Category"
      type: "[]object"
      description: "URL-category"
      required: false
    application:
      title: "Application"
      type: "[]object"
      description: "Application"
      required: false
    nat:
      title: "NAT"
      type: string
      description: "NAT"
      required: false
    internet-service-src-group:
      title: "Internet-Service-Src-Group"
      type: "[]object"
      description: "Internet-service-src-group"
      required: false
    internet-service-group:
      title: "Internet-Service-Group"
      type: "[]object"
      description: "Internet-service-group"
      required: false
    fsso:
      title: "FSSO"
      type: string
      description: "FSSO"
      required: false
    vlan-cos-rev:
      title: "Vlan-Cos-Rev"
      type: integer
      description: "Vlan-cos-rev"
      required: false
    status:
      title: "Status"
      type: string
      description: "Status"
      required: false
    ssl-ssh-profile:
      title: "Ssl-Ssh-Profile"
      type: string
      description: "Ssl-ssh-profile"
      required: false
    q_origin_key:
      title: "Q Origin Key"
      type: integer
      description: "Q origin key"
      required: false
    profile-protocol-options:
      title: "Profile-Protocol-Options"
      type: string
      description: "Profile-protocol-options"
      required: false
    geoip-anycast:
      title: "Geoip-Anycast"
      type: string
      description: "Geoip-anycast"
      required: false
    email-collect:
      title: "Email-Collect"
      type: string
      description: "Email-collect"
      required: false
    policyid:
      title: "Policy ID"
      type: integer
      description: "Policy ID"
      required: false
    tos-negate:
      title: "TOS-Negate"
      type: string
      description: "TOS-negate"
      required: false
    internet-service-custom:
      title: "Internet-Service-Custom"
      type: "[]object"
      description: "Internet-service-custom"
      required: false
    diffserv-reverse:
      title: "Diffserv-Reverse"
      type: string
      description: "Diffserv-reverse"
      required: false
    srcaddr:
      title: "Srcaddr"
      type: "[]dstaddr"
      description: "Srcaddr"
      required: false
    delay-tcp-npu-session:
      title: "Delay-TCP-Npu-Session"
      type: string
      description: "Delay-TCP-npu-session"
      required: false
    captive-portal-exempt:
      title: "Captive-Portal-Exempt"
      type: string
      description: "Captive-portal-exempt"
      required: false
    app-category:
      title: "App-Category"
      type: "[]object"
      description: "App-category"
      required: false
    rtp-addr:
      title: "Rtp-Addr"
      type: "[]object"
      description: "Rtp-addr"
      required: false
    wsso:
      title: "WSSO"
      type: string
      description: "WSSO"
      required: false
    tcp-mss-receiver:
      title: "Tcp-Mss-Receiver"
      type: integer
      description: "Tcp-mss-receiver"
      required: false
    dstaddr:
      title: "Dstaddr"
      type: "[]dstaddr"
      description: "Dstaddr"
      required: false
    radius-mac-auth-bypass:
      title: "Radius-MAC-Auth-Bypass"
      type: string
      description: "Radius-MAC-auth-bypass"
      required: false
  address_objects:
    cache-ttl:
      title: "Cache-TTL"
      type: integer
      description: "Cache-TTL"
      required: false
    comment:
      title: "Comment"
      type: string
      description: "Comment"
      required: false
    q_origin_key:
      title: "Q Origin Key"
      type: string
      description: "Q origin key"
      required: false
    fsso-group:
      title: "FSSO-Group"
      type: "[]object"
      description: "FSSO-group"
      required: false
    name:
      title: "Name"
      type: string
      description: "Name"
      required: false
    subnet:
      title: "Subnet"
      type: string
      description: "Subnet"
      required: false
    color:
      title: "Color"
      type: integer
      description: "Color"
      required: false
    sdn-addr-type:
      title: "Sdn-Addr-Type"
      type: string
      description: "Sdn-addr-type"
      required: false
    list:
      title: "List"
      type: "[]object"
      description: "List"
      required: false
    start-mac:
      title: "Start-MAC"
      type: string
      description: "Start-MAC"
      required: false
    end-mac:
      title: "End-MAC"
      type: string
      description: "End-MAC"
      required: false
    sub-type:
      title: "Sub-Type"
      type: string
      description: "Sub-type"
      required: false
    visibility:
      title: "Visibility"
      type: string
      description: "Visibility"
      required: false
    allow-routing:
      title: "Allow-Routing"
      type: string
      description: "Allow-routing"
      required: false
    type:
      title: "Type"
      type: string
      description: "Type"
      required: false
    clearpass-spt:
      title: "Clear Pass-Spt"
      type: string
      description: "Clear Pass-spt"
      required: false
    tagging:
      title: "Tagging"
      type: "[]object"
      description: "Tagging"
      required: false
    uuid:
      title: "UUID"
      type: string
      description: "UUID"
      required: false

connection:
  hostname:
    type: string
    title: Hostname
    description: Hostname or IP of your FortiGate server e.g. myfortigate.internal, 192.168.10.1, 192.168.10.1:8000
    required: true
    example: example.com
  api_key:
    type: credential_secret_key
    title: API Key
    description: API key
    required: true
    example: 2Fty5834tFpBdidePJnt9075MMdkUb
  ssl_verify:
    type: boolean
    title: SSL Verify
    description: SSL verify
    required: true
    example: false

actions:
  check_if_address_in_group:
    title: Check if Address in Group
    description: Check if an IP address is in an address group
    input:
      group:
        title: Group
        description: Name of Address Group to check for address
        type: string
        required: true
        example: InsightConnect Block Policy
        order: 1
      address:
        title: Address
        description: The Address Object name to check. If Enable Search is set to true then we search the addresses (IP, CIDR, domain) within the address object instead of matching the name
        type: string
        example: 198.51.100.100
        required: true
        order: 2
      enable_search:
        title: Enable Search
        description: When enabled, the Address input will accept a IP, CIDR, or domain name to search across the available Address Objects in the system. This is useful when you don't know the Address Object by its name
        type: boolean
        example: false
        default: false
        required: true
        order: 3
    output:
      found:
        title: Found
        description: Was address found in group
        type: boolean
        required: true
      address_objects:
        title: Address Objects
        description: The names of the address objects that match or contain the address
        type: "[]string"
        required: true
  get_policies:
    title: Get Policies
    description: Get policies
    input:
      name_filter:
        title: Name Filter
        description: Optional name to filter on
        type: string
        required: false
        example: InsightConnect Block Policy
    output:
      policies:
        title: Policies
        description: Policies
        type: "[]policies"
        required: false
  get_address_objects:
    title: Get Address Objects
    description: Get address objects
    input:
      name_filter:
        title: Name Filter
        description: Optional name to filter on
        type: string
        required: false
        example: 198.51.100.100
    output:
      address_objects:
        title: Address Objects
        description: A list of address objects
        type: '[]object'
        required: true
  create_address_object:
    title: Create Address Object
    description: Create an address object
    input:
      address:
        title: Address
        description: The address to assign to the Address Object. This can be an IP address, CIDR IP address e.g. 198.51.100.0/24, or a domain name
        type: string
        required: true
        example: 198.51.100.100
        order: 2
      address_object:
        title: Address Object
        description: Optional name to give this address object. If not provided, the name will be the value of address input field
        type: string
        required: false
        example: MaliciousHost
        order: 1
      whitelist:
        title: Whitelist
        description: This list contains a set of network object that should not be blocked. This can be an IP address, CIDR IP address e.g. 198.51.100.0/24, or a domain name
        type: "[]string"
        example: ["198.51.100.100", "example.com", "192.0.2.0/24"]
        required: false
        order: 3
      skip_rfc1918:
        title: Skip RFC 1918 (Private) IP Addresses
        description: Skip private IP addresses as defined in RFC 1918
        type: boolean
        example: true
        required: true
        default: true
        order: 4
    output:
      success:
        title: Success
        description: Boolean value indicating the success of the operation
        type: boolean
        required: true
      response_object:
        title: Response Object
        description: Information about the operation that was performed
        type: object
        required: true
  delete_address_object:
    title: Delete Address Object
    description: Delete an address object
    input:
      address_object:
        title: Address Object
        description: Name of Address Object to delete
        type: string
        example: MaliciousHost
        required: true
    output:
      success:
        title: Success
        description: Boolean value indicating the success of the operation
        type: boolean
        required: true
      response_object:
        title: Response Object
        description: Information about the operation that was performed
        type: object
        required: true
  add_address_object_to_address_group:
    title: Add Address Object to Group
    description: Add an address object to an address group
    input:
      group:
        title: Group
        description: Group name
        type: string
        required: true
        example: InsightConnect Block List
      address_object:
        title: Address Object
        description: Address object
        type: string
        required: true
        example: 198.51.100.100
    output:
      success:
        title: Success
        description: Was the operation successful
        type: boolean
        required: true
      result_object:
        title: Result Object
        description: An object containing the results of the action
        type: object
        required: true
  remove_address_object_from_group:
    title: Remove Address Object from Group
    description: Removes an address object from an address group
    input:
      group:
        title: Group
        description: Group name
        type: string
        required: true
        example: InsightConnect Block List
      address_object:
        title: Address Object
        description: Address object
        type: string
        required: true
        example: 198.51.100.100
    output:
      success:
        title: Success
        description: Was the operation successful
        type: boolean
        required: true
      result_object:
        title: Result Object
        description: An object containing the results of the action
        type: object
        required: true
Other plugins
Ivanti Security Controls
Rapid7   |   v1.5.0
Plugin
Get
McAfee ePO
Rapid7   |   v5.0.0
Plugin
Get
BlackBerry CylancePROTECT
Rapid7   |   v1.1.0
Plugin
Get
Fortinet FortiGate
Rapid7   |   v4.0.4
Plugin
Get
Jira
Rapid7   |   v6.0.1
Plugin
Get