abort.user.query - Abort a running user device unified query.
- query_id - Provide a query ID to abort an unified type query. type: int required: True
activate.user.fortitoken - Activate a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to activate. If omitted, all tokens will be used. type: array required: False
add-license.registration.forticare - Add a FortiCare license.
- registration_code - FortiCare contract number. type: string required: True
add-license.registration.vdom - Add a VDOM license.
- license - VDOM license key. type: string required: True
add.firewall.clearpass-address - Add ClearPass address with SPT (System Posture Token) value.
- endpoint_ip - Endpoint IPv4 address. type: array required: True
- spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
add.nsx.service - Add NSX service to connector.
- mkey - NSX connector name. type: string required: True
add_users.user.banned - Immediately add one or more users to the banned list.
- ip_addresses - List of IP Addresses to ban. IPv4 and IPv6 addresses are allowed. type: array required: True
- expiry - Time until expiry in seconds. 0 for indefinite ban. type: int required: False
auth.user.firewall - Trigger authentication for a single firewall user.
- username - User name. type: string required: True
- ip - User IP address. type: string required: True
- server - Name of an existing LDAP server entry. If supplied, authenticate that user against any matched groups on that LDAP server. type: string required: False
backup-action.system.fortimanager - Import or update from FortiManager objects.
- operation - Operation to perform on the given CMDB objects [import|update]. type: string required: True
- objects - Array of CMDB tables and mkeys. type: array required: True
backup.system.config - Backup system config
- destination - Configuration file destination [file* | usb]. type: string required: False
- usb_filename - When using 'usb' destination: the filename to save to on the connected USB device. type: string required: False
- password - Password to encrypt configuration data. type: string required: False
- scope - Specify global or VDOM only backup [global | vdom]. type: string required: True
- vdom - If 'vdom' scope specified, the name of the VDOM to backup configuration. type: string required: False
- password_mask - True to replace all the secrects and passwords with a mask. type: boolean required: False
- file_format - Configuration file format [fos* | yaml]. type: string required: False
block.endpoint-control.registration - Block endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to block. type: string required: False
- mac - Single MAC to block. type: string required: False
bounce-port.switch-controller.managed-switch - Reset the port to force all connected clients to re-request DHCP lease. All active client sessions will be terminated.
- mkey - FortiSwitch ID. type: string required: True
- port - FortiSwitch Port ID. type: string required: True
- duration - Duration in seconds from 1 to 5 for port to be down. Defaults to 1 second if not provided. type: int required: False
- stop - Stop a bounce in progress. type: boolean required: False
cancel.fortiview.session - Cancel a FortiView request session.
- sessionid - Session ID to cancel. type: int required: False
- device - FortiView request session's device. [disk|faz] type: string required: False
- report_by - Report by field. type: string required: False
- view_level - FortiView View level. type: string required: False
change-password.user.local - Change password for local user.
- username - User name. type: string required: True
- new_password - Password. type: string required: True
change-vdom-mode.system.admin - Switch between VDOM modes.
- vdom-mode - VDOM mode [no-vdom|split-vdom|multi-vdom] type: string required: True
check.endpoint-control.registration-password - Check if provided registration password is valid for current VDOM.
- password - Registration password to test. type: string required: True
clear-counters.firewall.central-snat-map - Reset traffic statistics for one or more firewall central SNAT policy by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear-counters.firewall.dnat - Reset hit count statistics for one or more firewall virtual IP/server by ID.
- id - Single IDs to reset. type: int required: False
- is_ipv6 - Clear only IPv6 VIP stats. type: boolean required: False
clear-counters.firewall.ztna-firewall-policy - Reset traffic statistics for one or more ZTNA firewall policies by policy ID.
- policy - Single ZTNA firewall policy ID to reset. type: int required: False
clear-soft-in.router.bgp - Inbound soft-reconfiguration for BGP peers.
clear-soft-out.router.bgp - Outbound soft-reconfiguration for BGP peers.
clear-statistics.system.fortiguard - Immediately clear all FortiGuard statistics.
clear.system.crash-log - Clear system crash log.
clear.system.sniffer - Clear the results of a specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
clear.vpn.ike - Clear IKE gateways.
- mkey - Name of the IKE gateway to clear. type: string required: True
clear_all.firewall.session - Immediately clear all active IPv4 and IPv6 sessions and IPS sessions of current VDOM.
clear_all.user.banned - Immediately clear all banned users.
clear_all.wifi.rogue_ap - Clear all detected rogue APs.
clear_counters.firewall.acl - Reset counters for one or more IPv4 ACLs by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.acl6 - Reset counters for one or more IPv6 ACLs by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.consolidated-policy - Reset traffic statistics for one or more consolidated policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.multicast-policy - Reset traffic statistics for one or more firewall IPv4 multicast policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.multicast-policy6 - Reset traffic statistics for one or more firewall IPv6 multicast policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.policy - Reset traffic statistics for one or more firewall policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.policy6 - Reset traffic statistics for one or more IPv6 policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.proxy-policy - Reset traffic statistics for one or more explicit proxy policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_counters.firewall.security-policy - Reset traffic statistics for one or more security policies by policy ID.
- policy - Single policy ID to reset. type: int required: False
clear_tunnel.vpn.ssl - Remove all active tunnel sessions in current virtual domain.
clear_users.user.banned - Immediately clear a list of specific banned users by IP.
- ip_addresses - List of banned user IPs to clear. IPv4 and IPv6 addresses are allowed. type: array required: True
close-all.firewall.session - Immediately close all active IPv4 and IPv6 sessions, as well as IPS sessions of the current VDOM.
close-multiple.firewall.session - Close multiple IPv4 firewall sessions which match the provided criteria.
- proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
- saddr - Source address. type: string required: False
- daddr - Destination address. type: string required: False
- sport - Source port. type: int required: False
- dport - Destination port. type: int required: False
- naddr - NAT'd source IP address. type: string required: False
- nport - NAT'd source port. type: int required: False
- policy - Policy ID. type: int required: False
close-multiple.firewall.session6 - Close multiple IPv6 firewall sessions which match the provided criteria.
- proto - Protocol name [tcp|udp|icmp|...] or number. type: string required: False
- saddr - Source address. type: string required: False
- daddr - Destination address. type: string required: False
- sport - Source port. type: int required: False
- dport - Destination port. type: int required: False
- policy - Policy ID. type: int required: False
close.firewall.session - Close a single firewall session that matches all provided criteria.
- pro - Protocol name [tcp|udp|icmp|...]. type: string required: True
- saddr - Source address. type: string required: True
- daddr - Destination address. type: string required: True
- sport - Source port. type: int required: True
- dport - Destination port. type: int required: True
config.system.fortimanager - Configure FortiManager IP. Register FortiManager if 'fortimanager_ip' is provided. Unregister FortiManager if only 'unregister' parameter is specified and set to true.
- fortimanager_ip - FortiManager IP address. type: string required: False
- unregister - Unregister the FortiManager (default=false). type: boolean required: False
connect.system.modem - Trigger a connect for the configured modem.
connect.wifi.network - When FortiWiFi is in client mode, connect to the specified network, if configured in the 'wifi' interface.
- ssid - SSID of network to connect to. type: string required: True
create-default.wifi.ap-profile - Create a default FortiAP profile for the specified platform.
- platform - FortiAP platform to create a default profile for. type: string required: True
create.forticonverter.ticket - Create a new FortiConverter service ticket to initiate a migration.
create.registration.forticare - Create a new FortiCare account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- first_name - First name. type: string required: True
- last_name - Last name. type: string required: True
- title - Title. type: string required: False
- company - Company. type: string required: True
- address - Address. type: string required: True
- city - City. type: string required: True
- country_code - Country code. type: int required: True
- state - State/Province. type: string required: True
- state_code - State/Province code. type: string required: False
- postal_code - Postal code. type: string required: True
- phone - Phone number. type: string required: True
- industry - Industry. type: string required: True
- industry_id - Industry ID. type: int required: True
- orgsize_id - Organization size ID. type: int required: True
- reseller_name - Reseller name. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
create.registration.forticloud - Create a FortiCloud account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- send_logs - Send logs to FortiCloud. type: boolean required: False
create.vpn-certificate.local - Generate a new certificate signed by Fortinet_CA_SSL.
- certname - Certificate name. type: string required: True
- common_name - Certificate common name. type: string required: True
- scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators. type: string required: True
create.web-ui.custom-language - Upload custom language file to this Fortigate.
- lang_name - Name of custom language entry. type: string required: True
- lang_comments - Comments of custom language entry. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
deauth.user.firewall - Deauthenticate single, multiple, or all firewall users.
- user_type - User type [proxy|firewall]. Required for both proxy and firewall users. type: string required: False
- id - User ID. Required for both proxy and firewall users. type: int required: False
- ip - User IP address. Required for both proxy and firewall users. type: string required: False
- ip_version - IP version [ip4|ip6]. Only required if user_type is firewall. type: string required: False
- method - Authentication method [fsso|rsso|ntlm|firewall|wsso|fsso_citrix|sso_guest]. Only required if user_type is firewall. type: string required: False
- all - Set to true to deauthenticate all users. Other parameters will be ignored. type: boolean required: False
- users - Array of user objects to deauthenticate. Use this to deauthenticate multiple users at once. Each object should include the above properties. type: array required: False
delete.firewall.clearpass-address - Delete ClearPass address with SPT (System Posture Token) value.
- endpoint_ip - Endpoint IPv4 address. type: array required: True
- spt - SPT value [healthy|checkup|transient|quarantine|infected|unknown*]. type: string required: False
delete.log.local-report - Delete a local report.
- mkeys - Local Report Name. type: array required: True
delete.system.config-revision - Deletes one or more system configuration revisions.
- config_ids - List of configuration ids. type: array required: True
delete.system.config-script - Delete the history of config scripts.
- id_list - List of config script history ids to delete. type: array required: True
delete.vpn.ssl - Terminate the provided Agentless VPN session.
- type - The session type [websession|subsession]. type: string required: True
- index - The session index. type: int required: True
delete.webfilter.override - Delete a configured webfilter override.
- mkey - ID of webfilter override to delete. type: string required: False
deregister-device.registration.forticare - Deregister the FortiGate from a FortiCare account.
- email - FortiCare email. type: string required: True
- password - Account password. type: string required: True
deregister.endpoint-control.registration - Deregister endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to deregister. type: string required: False
- mac - Single MAC to deregister. type: string required: False
dhcp-renew.system.interface - Renew DHCP lease of an interface.
- mkey - Name of the interface. type: string required: True
- ipv6 - Renew the DHCPv6 lease. type: boolean required: False
diagnose.extender-controller.extender - Execute diagnotic commands.
- id - FortiExtender ID. type: string required: True
- cmd - Command to execute. type: string required: True
disassociate.wifi.client - Disassociate a WiFi client from the FortiAP it's currently connected to. The client will need to reassociate with the same FortiAP or another to resume connectivity.
- mac - MAC address. type: string required: True
disconnect.system.ha-peer - Update configuration of peer in HA cluster.
- serial_no - Serial number of the HA member. type: string required: True
- interface - Name of the interface which should be assigned for management. type: string required: True
- ip - IP to assign to the selected interface. type: string required: True
- mask - Full network mask to assign to the selected interface. type: string required: True
disconnect.system.modem - Trigger a disconnect for the configured modem.
download-eval.system.vmlicense - Download Evaluation VM License and reboot immediately if successful.
- account_id - FortiCare account email. type: string required: True
- account_password - FortiCare account password. type: string required: True
- is_government - Is the account in use by a government user? type: boolean required: False
download.switch-controller.fsw-firmware - Download FortiSwitch firmware from FortiGuard to the FortiGate according to FortiSwitch image ID.
- image_id - FortiSwitch image ID. type: string required: True
download.system.vmlicense - Download Flex-VM license and reboot immediately if successful.
- token - VM license token. type: string required: False
- proxy_url - HTTP proxy URL in the form: http://user:pass@proxyip:proxyport. type: string required: False
download.wifi.firmware - Download FortiAP firmware from FortiGuard to the FortiGate according to FortiAP image ID.
- image_id - FortiAP image ID. type: string required: True
dump.system.com-log - Dump system com-log to file.
dynamic.system.external-resource - Push updates to the specified external resource.
- commands - The commands to execute to update dynamic external resources. type: array required: True
eject.system.usb-device - Eject USB drives for safe removal.
email.user.guest - Sent guest login details via email.
- group - Guest group name. type: string required: True
- guest - Guest user IDs. type: array required: True
enable-app-bandwidth-tracking.system.traffic-history - Enable FortiView application bandwidth tracking.
factory-reset.switch-controller.managed-switch - Send 'Factory Reset' command to a given FortiSwitch.
- mkey - Name of managed FortiSwitch. type: string required: True
flush.firewall.gtp - Flush GTP tunnels.
- scope - Scope from which to flush tunnels from [global|*vdom]. type: string required: False
- gtp_profile - Filter: GTP profile. type: string required: False
- version - Filter: GTP version. type: int required: False
- imsi - Filter: International mobile subscriber identity. type: string required: False
- msisdn - Filter: Mobile station international subscriber directory number type: string required: False
- ms_addr - Filter: Mobile user IP address. type: string required: False
- ms_addr6 - Filter: Mobile user IPv6 address. type: string required: False
- cteid - Filter: Control plane fully qualified tunnel endpoint identifier. type: int required: False
- cteid_addr - Filter: Control plane TEID IP address. type: string required: False
- cteid_addr6 - Filter: Control plane TEID IPv6 address. type: string required: False
- fteid - Filter: Data plane fully qualified tunnel endpoint identifier. type: int required: False
- fteid_addr - Filter: Data plane TEID IP address. type: string required: False
- fteid_addr6 - Filter: Data plane TEID IPv6 address. type: string required: False
- apn - Filter: Access point name. type: string required: False
format.system.logdisk - Format log disk.
- raid - RAID level [Raid-0|Raid-1|Raid-5|Raid-10]. type: string required: True
forticonverter.set-source-sn - Set the source FortiGate which will upload its config.
- source_sn - Source FortiGate serial. type: string required: True
- ticket_id - Service ticket ID. type: string required: True
generate-key.system.api-user - Generate a new api-key for the specified api-key-auth admin. The old api-key will be replaced. The response contains the only chance to read the new api-key plaintext in the api_key field.
- api-user - Generate a new token for this api-user. type: string required: True
- expiry - Expiry of API key in minutes from now (valid range: 1 - 10080). This can only be set for Fortinet Support Tool user. type: int required: False
generate-keys.wifi.ssid - Generate pre-shared keys for specific multi pre-shared key profile.
- mpsk_profile - Multi pre-shared key profile to add keys to. type: string required: True
- group - Multi pre-shared key group to add keys to. type: string required: True
- prefix - Prefix to be added at the start of the generated key's name. type: string required: True
- count - Number of keys to be generated [1-512]. type: int required: True
- key_length - Length of the keys to be generated [8-63]. type: int required: True
generate.vpn-certificate.csr - Generate a certificate signing request (CSR) and a private key. The CSR can be retrieved / downloaded from CLI, GUI and REST API.
- certname - Certicate name. Used to retrieve / download the CSR. Not included in CSR and key content. type: string required: True
- subject - Subject (Host IP/Domain Name/E-Mail). Common Name (CN) of the certificate subject. type: string required: True
- keytype - Generate a RSA or an elliptic curve certificate request [rsa|ec]. The Elliptic Curve option is unavailable if the FortiGate is a Low Encryption Device (LENC) type: string required: True
- keysize - Key size.[1024|1536|2048|4096]. 512 only if the FortiGate is a Low Encryption Device (LENC). Required when keytype is RSA. type: int required: False
- curvename - Elliptic curve name. [secp256r1|secp384r1|secp521r1]. Unavailable if the FortiGate is a Low Encryption Device (LENC). Required when keytype is ec. type: string required: False
- orgunits - List of organization units. Organization Units (OU) of the certificate subject. type: array required: False
- org - Organization (O) of the certificate subject. type: string required: False
- city - Locality (L) of the certificate subject. type: string required: False
- state - State (ST) of the certificate subject. type: string required: False
- countrycode - Country (C) of the certificate subject. type: string required: False
- email - Email of the certificate subject. type: string required: False
- subject_alt_name - Subject alternative name (SAN) of the certificate. type: string required: False
- password - Password / pass phrase for the private key. If not provided, FortiGate generates a random one. type: string required: False
- scep_url - SCEP server URL. If provided, use the url to enroll the csr through SCEP. type: string required: False
- scep_password - SCEP challenge password. Some SCEP servers may require challege password. Provide it when SCEP server requires. type: string required: False
- scope - Scope of CSR [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
generic-address.system.external-resource - Push JSON data to the specified external resource.
- mkey - The name of the external resource to update. type: string required: True
- data - JSON data. type: object required: True
geoip.geoip-query - Retrieve location details for IPs queried against FortiGuard's geoip service.
- ip_addresses - One or more IP address strings to query for location details. type: array required: True
import-mobile.user.fortitoken - Import a list of tokens from FortiGuard to the FortiGate unit.
- code - Activation code on redemption certificate. type: string required: True
import-seed.user.fortitoken - Import a FortiToken seed file.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
import-trial.user.fortitoken - Import trial mobile FortiTokens.
import.vpn-certificate.ca - Import CA certificate.
- import_method - Method of importing CA certificate.[file|scep] type: string required: True
- scep_url - SCEP server URL. Required for import via SCEP type: string required: False
- scep_ca_id - SCEP server CA identifier for import via SCEP. type: string required: False
- scope - Scope of CA certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
import.vpn-certificate.crl - Import certificate revocation lists (CRL) from file content.
- scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
import.vpn-certificate.local - Import local certificate.
- type - Type of certificate.[local|pkcs12|regular] type: string required: True
- certname - Certificate name for pkcs12 and regular certificate types. type: string required: False
- password - Optional password for pkcs12 and regular certificate types. type: string required: False
- key_file_content - Key content encoded in BASE64 for regular certificate type. type: string required: False
- scope - Scope of local certificate [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- acme_domain - A valid domain that resolves to an IP whose TCP port 443 reaches this FortiGate. type: string required: False
- acme_email - Contact email address that is required by some CAs such as LetsEncrypt. type: string required: False
- acme_ca_url - URL for the ACME CA server. type: string required: False
- acme_rsa_key_size - Length of the RSA private key for the generated cert. type: int required: False
- acme_renew_window - Certificate renewal window in days. type: int required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
import.vpn-certificate.remote - Import remote certificate.
- scope - Scope of CRL [vdom*|global]. Global scope is only accessible for global administrators type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
import.web-ui.language - Import localization language file to this FortiGate.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
keep-alive.wifi.spectrum - Extend duration of an existing spectrum analysis for a specific FortiAP.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- duration - Duration in seconds. type: int required: True
kill.system.process - Kill a running process.
- pid - The process ID. type: int required: True
- signal - Signal to use when killing the process [9 (SIGKILL) | 11 (SIGSEGV) | 15 (SIGTERM)]. Defaults to 15. type: int required: False
led-blink.wifi.managed_ap - Turn a managed FortiAP's LED blinking on or off.
- serials - FortiAP IDs to turn LED blink on/off. type: array required: True
- blink - True to turn on blinking, false to turn off. type: boolean required: True
- duration - Time to blink, in seconds. 0 or omit for indefinite. type: int required: False
login.registration.forticare - Login to FortiCare.
- serial - Serial number of an HA cluster member to register to login to FortiCare. Current device will be selected if not set. type: string required: False
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- reseller_name - Reseller name. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- agreement_accepted - Set to true if the end-user accepted the agreement. type: boolean required: False
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
login.registration.forticloud - Login to FortiCloud.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- send_logs - Send logs to FortiCloud. type: boolean required: False
- domain - FortiCloud domain. type: string required: False
logout.registration.forticloud - Logout from FortiCloud.
manual-update.system.fortiguard - Manually update entitlements.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
migrate.registration.forticloud - Migrate standalone FortiGate Cloud account to FortiCloud.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
poe-reset.switch-controller.managed-switch - Reset PoE on a given FortiSwitch's port.
- mkey - Name of managed FortiSwitch. type: string required: True
- port - Name of port to reset PoE on. type: string required: True
port-stats-reset.switch-controller.managed-switch - Reset port statistics for a given FortiSwitch.
- mkey - FortiSwitch ID. type: string required: True
- ports - Name of ports to reset statistics on. type: array required: False
provision-user.vpn.ssl - Provision SSL-VPN users with target applications. The provisioning message (email or SMS) is sent with no confirmation of success.
- host - The hostname/IP address of the VPN server. type: string required: True
- port - The port of the VPN server. type: int required: True
- vpn_name - The name of the VPN configuration. type: string required: True
- method - Method to send [email|sms]. If not set, email will be the default. type: string required: False
- email_list - The email address that the VPN configuration message should be sent to. Required if "method" is "email". type: string required: False
- phone_user_list - The user that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
- phone_number_list - The phone number that the VPN configuration SMS should be sent to. At least one of "phone_user_list" or "phone_number_list" is required if "method" is "sms". type: string required: False
- sms_method - The method to be used for sending the SMS [fortiguard|custom]. Default is "fortiguard". type: string required: False
- sms_server - The SMS server to be used for sending SMS messages, required if "custom" SMS method is chosen. type: string required: False
provision.user.fortitoken - Provision a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to provision. If omitted, all tokens will be used. type: array required: False
pse-config.switch-controller.recommendation - Execute switch recommendation for pse-config to prevent PSE-PSE scenarios.
- fortilink - FortiLink interface name. type: string required: True
purdue-level.user.device - Update the Purdue level of device from device store.
- mac - Main MAC address of the device. type: string required: True
- ip - IP address of the device. type: string required: False
- level - Purdue level of the device [1|1.5|2|2.5|3|3.5|4|5|5.5]. type: string required: True
push.switch-controller.fsw-firmware - Push FortiSwitch firmware to the given device.
- switch_id - The target device's switch ID. type: string required: True
- image_id - FortiSwitch image ID. type: string required: True
push.wifi.firmware - Push FortiAP firmware to the given device.
- serial - The target device's serial. type: string required: True
- image_id - FortiAP image ID. type: string required: True
quarantine.endpoint-control.registration - Quarantine endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to quarantine. type: string required: False
- mac - Single MAC to quarantine. type: string required: False
read-info.system.certificate - Get certificate information from a certificate string.
- value - PEM formatted certificate. type: string required: True
reboot.system.os - Immediately reboot this device.
- event_log_message - Message to be logged in event log. type: string required: False
refresh-server.user.fsso - Refresh remote agent group list for all fsso agents.
refresh.azure.application-list - Update the Azure application list data or get the status of an update.
- last_update_time - Timestamp of a previous update request. If this is not provided then it will refresh the Azure application list data. type: int required: False
refresh.system.external-resource - Fetch the external resource file and refresh status for the specified external resource.
- mkey - The name of the external resource to query. type: string required: True
- check_status_only - Set to true to return only the refresh status. type: boolean required: False
- last_connection_time - The timestamp of last connection to the resource; used for checking refresh status. type: int required: False
refresh.user.fortitoken - Refresh a set of FortiTokens by serial number.
- tokens - List of FortiToken serial numbers to refresh. If omitted, all tokens will be used. type: array required: False
register-appliance.system.csf - Register appliance to Security Fabric.
- type - Appliance type (Example: 'faz'). type: string required: True
- mgmt_ip - Management IP or FQDN. type: string required: True
- mgmt_port - Management port. type: int required: False
- mgmt_url_parameters - Array of URL parameters. Each item is a key/value pair. If provided, the URL parameters will be included in the management IP URL. type: array required: False
- serial - Serial number. type: string required: True
- hostname - Host name. type: string required: False
register-device.registration.forticloud - Register a device to FortiCloud through FortiGate. Currently FortiSwitches, FortiAPs and FortiExtenders are supported.
- serial - Device serial number type: string required: False
- email - FortiCloud email. type: string required: True
- password - Password. type: string required: True
- reseller - Reseller. type: string required: True
- reseller_id - Reseller ID. type: int required: True
- country - Country. type: string required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
- agreement_accepted - Set to true if the end-user accepted the agreement. type: boolean required: False
remove.user.device - Remove single or multiple user devices specified by host MAC addresses.
- macs - An array of host MAC addresses to be removed. type: array required: False
report.sdwan.link-monitor-metrics - Report the application-level performance metrics collected by other fabric devices.
- agent_ip - IPv4 or IPv6 address. type: string required: True
- application_name - Destination application that the FMR agent is monitoring. type: string required: True
- application_id - Destination application ID based on the FortiGuard Application Control DB. type: int required: True
- latency - Latency to report (ms). type: double required: True
- jitter - Jitter to report (ms). type: double required: True
- packet_loss - Packet loss to report [0, 100]. type: double required: True
- ntt - Network transmit time (ms). type: double required: False
- srt - Server response time (ms). type: double required: False
- application_error - Application errors in the current session. type: double required: False
reset.extender-controller.extender - Reset a specific FortiExtender unit.
- id - FortiExtender ID to reset. type: string required: True
reset.firewall.central-snat-map - Reset traffic statistics for all firewall central SNAT policies.
reset.firewall.consolidated-policy - Reset traffic statistics for all consolidated policies.
reset.firewall.dnat - Reset hit count statistics for all firewall virtual IPs/servers.
reset.firewall.multicast-policy - Reset traffic statistics for all IPv4 firewall multicast policies.
reset.firewall.multicast-policy6 - Reset traffic statistics for all IPv6 firewall multicast policies.
reset.firewall.per-ip-shaper - Reset statistics for all configured firewall per-IP traffic shapers.
reset.firewall.policy - Reset traffic statistics for all firewall policies.
reset.firewall.policy6 - Reset traffic statistics for all IPv6 policies.
reset.firewall.shaper - Reset statistics for all configured traffic shapers.
reset.log.stats - Reset logging statistics for all log devices.
reset.system.modem - Reset statistics for internal/external configured modem.
reset.wanopt.history - Reset WAN opt. statistics.
reset.wanopt.peer_stats - Reset WAN opt peer statistics.
reset.wanopt.webcache - Reset webcache statistics.
reset.webcache.stats - Reset all webcache statistics.
reset.webfilter.category-quota - Reset webfilter quota for user or IP.
- profile - Webfilter profile to reset. type: string required: False
- user - User or IP to reset with. type: string required: False
reset.wifi.euclid - Reset presence analytics statistics.
restart.switch-controller.managed-switch - Restart a given FortiSwitch.
- mkey - Name of managed FortiSwitch. type: string required: True
restart.system.sniffer - Restart specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
restart.wifi.managed_ap - Restart a given FortiAP.
- wtpname - FortiAP name. type: string required: False
restore.system.config - Restore system configuration from uploaded file or from USB.
- source - Configuration file data source [upload | usb | revision]. type: string required: True
- usb_filename - When using 'usb' source: the filename to restore from the connected USB device. type: string required: False
- config_id - When using 'revision' source: valid ID of configuration stored on disk to revert to. type: int required: False
- password - Password to decrypt configuration data. type: string required: False
- scope - Specify global or VDOM only restore [global | vdom]. type: string required: True
- vdom - If 'vdom' scope specified, the name of the VDOM to restore configuration. type: string required: False
- confirm_password_mask - True to upload password mask config file. type: boolean required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
revoke.system.dhcp - Revoke IPv4 DHCP leases.
- ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
revoke.system.dhcp6 - Revoke IPv6 DHCP leases.
- ip - Optional list of addresses to revoke. Defaults to all addresses if not provided. type: array required: False
run.system.compliance - Immediately run compliance checks for the selected VDOM.
run.system.config-script - Run remote config scripts.
- remote_script - Name of remote config script to run. type: string required: True
save.system.config - Explicitly save all configuration.
save.system.config-revision - Create a new config revision checkpoint.
- comments - Optional revision comments type: string required: False
scan.wifi.network - When FortiWiFi is in client mode, start a scan for local WiFi networks.
send-activation.user.fortitoken - Send a FortiToken activation code to a user via SMS or Email.
- token - FortiToken serial number. The token must be assigned to a user/admin. type: string required: True
- method - Method to send activation code [email|sms]. If not set, SMS will be attempted first, then email. type: string required: False
- email - Override email address. type: string required: False
- sms_phone - Override SMS phone number. SMS provider must be set in the assigned user/admin. type: string required: False
set-tier-plus.switch-controller.mclag-icl - Setup a tier 2/3 MC-LAG link between a pair of FortiSwitches.
- fortilink - FortiLink interface name. type: string required: True
- parent_peer1 - FortiSwitch ID for MC-LAG parent peer 1. type: string required: True
- parent_peer2 - FortiSwitch ID for MC-LAG parent peer 2. type: string required: True
- peer1 - FortiSwitch ID for MC-LAG peer 1. type: string required: True
- peer2 - FortiSwitch ID for MC-LAG peer 2. type: string required: True
- isl_port_group - ISL port group name. type: string required: True
set-tier1.switch-controller.mclag-icl - Setup a tier-1 MC-LAG link between a pair of FortiSwitches.
- fortilink - FortiLink interface name. type: string required: True
- peer1 - FortiSwitch ID for MC-LAG peer 1. type: string required: True
- peer2 - FortiSwitch ID for MC-LAG peer 2. type: string required: True
set.system.private-data-encryption - Sets private data encryption. To be deprecated and replaced by the CMDB REST API.
- enable - Enable private data encryption. type: boolean required: True
- password - Admin password. type: string required: False
set.system.time - Sets current system time stamp.
- year - Specifies the year for setting/updating time manually. type: int required: True
- month - Specifies the month (0 - 11) for setting/updating time manually. type: int required: True
- day - Specifies the day for setting/updating time manually. type: int required: True
- hour - Specifies the hour (0 - 23) for setting/updating time manually. type: int required: True
- minute - Specifies the minute (0 - 59) for setting/updating time manually. type: int required: True
- second - Specifies the second (0 - 59) for setting/updating time manually. type: int required: True
set_status.wifi.managed_ap - Update administrative state for a given FortiAP (enable or disable authorization).
- wtpname - FortiAP name. type: string required: False
- admin - New FortiAP administrative state [enable|disable|discovered]. type: string required: False
set_status.wifi.rogue_ap - Mark detected APs as rogue APs.
- bssid - List of rogue AP MAC addresses. type: array required: False
- ssid - Corresponding list of rogue AP SSIDs. type: array required: False
- status - Status to assign matching APs [unclassified|rogue|accepted|suppressed]. type: string required: False
shutdown.system.os - Immediately shutdown this device.
- event_log_message - Message to be logged in event log. type: string required: False
sms.user.guest - Sent guest login details via SMS.
- group - Guest group name. type: string required: True
- guest - Guest user IDs. type: array required: True
soft-reset-neighbor.router.bgp - BGP Neighbor soft reset.
- ip - IPv4 or IPv6 address of neighbor to perform soft reset on. type: string required: True
speed-test-trigger.system.interface - Run a speed-test on the given interface.
- mkey - Name of the interface. type: string required: True
start.forticonverter.download - Start download from FortiConverter for processed config.
- ticket_id - Service ticket ID. type: string required: True
- extension - File extension [pdf|conf]. type: string required: True
start.network.debug-flow - Start debug flow packet capture.
- num_packets - Number of packets. type: int required: True
- ipv6 - Whether we are debugging IPv6 traffic. type: boolean required: True
- negate - Inverse IPv4 or IPv6 filter. type: boolean required: False
- addr_from - IPv4 or IPv6 address start of range. type: string required: False
- addr_to - IPv4 or IPv6 address end of range. type: string required: False
- daddr_from - Destination IPv4 or IPv6 address start of range. type: string required: False
- daddr_to - Destination IPv4 or IPv6 address end of range. type: string required: False
- saddr_from - Source IPv4 or IPv6 address start of range. type: string required: False
- saddr_to - Source IPv4 or IPv6 address end of range. type: string required: False
- port_from - Port from. type: int required: False
- port_to - Port to. type: int required: False
- dport_from - Destination port from. type: int required: False
- dport_to - Destination port to. type: int required: False
- sport_from - Source port from. type: int required: False
- sport_to - Source port to. type: int required: False
- proto - Protocol number. type: int required: False
start.system.fsck - Set file system check flag so that it will be executed on next device reboot.
start.system.sniffer - Start specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
start.system.usb-log - Start backup of logs from current VDOM to USB drive.
start.wifi.spectrum - Start spectrum analysis for a specific FortiAP for a duration of time.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
- channels - Channels. type: array required: True
- duration - Duration in seconds. type: int required: True
start.wifi.vlan-probe - Start a VLAN probe.
- ap_interface - FortiAP interface to send the probe on. type: int required: True
- wtp - FortiAP ID. type: string required: True
- start_vlan_id - The starting VLAN ID for the probe. type: int required: True
- end_vlan_id - The ending VLAN ID for the probe. type: int required: True
- retries - Number of times to retry a probe for a particular VLAN. type: int required: True
- timeout - Timeout duration (in seconds) to wait for a VLAN probe response. type: int required: True
stop.network.debug-flow - Stop debug flow packet capture.
stop.system.sniffer - Stop specified packet capture.
- mkey - ID of packet capture entry. type: int required: True
stop.system.usb-log - Stop backup of logs to USB drive.
stop.wifi.spectrum - Stop spectrum analysis for a specific FortiAP.
- wtp_id - FortiAP ID. type: string required: True
- radio_id - Radio ID. type: int required: True
stop.wifi.vlan-probe - Stop a VLAN probe.
- ap_interface - FortiAP interface to send the probe on. type: int required: True
- wtp - FortiAP ID. type: string required: True
submit.forticonverter.intf-mapping - Submit physical interface mapping to FortiConverter.
- intf_mapping - Interface mapping from source to target. type: object required: True
- ticket_id - Service ticket ID. type: string required: True
submit.forticonverter.mgmt-intf - Submit management interface details to FortiConverter.
- intf_details - Management interface details. type: object required: True
- ticket_id - Service ticket ID. type: string required: True
submit.forticonverter.notes - Submit contact details and conversion notes to FortiConverter.
- ticket_id - Service ticket ID. type: string required: True
- contact_name - Contact name. type: string required: True
- contact_email - Contact email. type: string required: True
- contact_phone - Contact phone. type: string required: True
- notes - Conversion notes. type: string required: False
submit.forticonverter.ticket - Submit FortiConverter ticket.
- ticket_id - Service ticket ID. type: string required: True
system.change-password - Save admin and guest-admin passwords. To be deprecated and replaced by the CMDB REST API.
- mkey - User ID for password change. type: string required: False
- old_password - Old password. type: string required: False
- new_password - New password. type: string required: True
system.disconnect-admins - Disconnects logged in administrators.
- id - Admin ID type: int required: False
- method - Login method used to connect admin to FortiGate. type: string required: False
- admins - List of objects with admin id and method. type: array required: True
system.password-policy-conform - Check whether password conforms to the password policy.
- mkey - User ID for password change. type: string required: False
- apply_to - Password Policy ID. type: string required: False
- password - Password. type: string required: False
- old_password - Old password. type: string required: False
test-availability.system.fortiguard - Test availability of FortiGuard services.
- protocol - Protocol to check. [https | udp | http] type: string required: True
- port - Port to check. type: int required: True
- service - Service to check. [emailfilter | webfilter] type: string required: True
test-connect.user.radius - Test the connectivity of the given RADIUS server and, optionally, the validity of a username & password.
- mkey - Name of FortiGate's RADIUS object whose settings to test. type: string required: False
- ordinal - If 'mkey' is provided, the server-secret pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
- server - Host name or IP of a RADIUS server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
- secret - Secret password for the RADIUS server. If 'mkey' is provided, this overrides the 'secret' value in the object. type: string required: False
- auth_type - Authentication protocol to use [auto|ms_chap_v2|ms_chap|chap|pap]. If 'mkey' is provided, this overrides the 'auth-type' value in the object. type: string required: False
- user - User name whose access to check. type: string required: False
- password - User's password. type: string required: False
test.system.automation-stitch - Triggers an automation stitch for testing purposes.
- mkey - ID of automation stitch to trigger. type: string required: True
- log - Message to store in the log buffer when triggering an event. For example, "logid=\"32102\" eventtime=1528840790000000000 logdesc=\"Sample description\" msg=\"Sample message\"". This parameter is required for the 'event-log' event type. For the test to run, the 'logid' argument value must match the trigger-defined value. If 'logid' is not provided, the test will use the trigger-defined value. type: string required: False
test.user.tacacs-plus - Test the connectivity of the given TACACS+ server.
- mkey - Name of FortiGate's TACACS+ object whose settings to test. type: string required: False
- ordinal - If 'mkey' is provided, the server-key pair to use from the object: 'primary', 'secondary' or 'tertiary'. Defaults to 'primary'. type: string required: False
- server - Host name of IP of a TACACS+ server. If 'mkey' is provided, this overrides the 'server' value in the object. type: string required: False
- secret - Secret key for the TACACS+ server. If 'mkey' is provided, this overrides the 'key' value in the object. type: string required: False
- port - Port number of the TACACS+ server. If 'mkey' is provided, this overrides the 'port' value in the object. Defaults to 49. type: int required: False
- source_ip - Source IP for communications to TACACS+ server. If 'mkey' is provided, this overrides the 'source-ip' value in the object. type: string required: False
toggle-vdom-mode.system.admin - Toggles VDOM mode on/off. Enables or disables VDOM mode if it is disabled or enabled respectively.
transfer.registration.forticare - Transfer to a new FortiCare account.
- email - Account email. type: string required: True
- password - Account password. type: string required: True
- old_email - Old account email. type: string required: True
- old_password - Old account password. type: string required: True
- is_government - Set to true if the end-user is affiliated with a government. type: boolean required: False
trial.user.fortitoken-cloud - Activate FortiToken Cloud trial.
trigger.system.security-rating - Run a Security Rating report.
- report_type - Security Rating report to run, run all reports when unspecified. type: string required: False
- report_types - Multiple Security Rating reports to run, run all reports when unspecified. type: array required: False
tunnel_down.vpn.ipsec - Bring down a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- p2name - IPsec phase2 name. type: string required: True
- p2serial - IPsec phase2 serial. type: int required: False
tunnel_reset_stats.vpn.ipsec - Reset statistics for a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
tunnel_up.vpn.ipsec - Bring up a specific IPsec VPN tunnel.
- p1name - IPsec phase1 name. type: string required: True
- p2name - IPsec phase2 name. type: string required: True
- p2serial - IPsec phase2 serial. type: int required: False
unblock.endpoint-control.registration - Unblock endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to unblock. type: string required: False
- mac - Single MAC to unblock. type: string required: False
unquarantine.endpoint-control.registration - Unquarantine endpoint by FortiClient UID or MAC.
- uid - Single FortiClient UID to unquarantine. type: string required: False
- mac - Single MAC to unquarantine. type: string required: False
unverify-cert.endpoint-control.ems - Unverify EMS server certificate for a specific EMS.
- ems_id - EMS server ID (as defined in CLI table endpoint-control.fctems). type: int required: True
- scope - Scope from which to retrieve EMS certificate status [vdom*|global]. type: string required: False
update-comments.system.config-revision - Updates comments for a system configuration file.
- config_id - Configuration id. type: int required: False
- comments - Configuration comments. type: string required: False
update-global-label.firewall.policy - Update the global-label of group starting with the provided leading policy ID.
- policyid - Leading policy ID of the group to update. type: string required: True
- current-label - The current global-label of the group. If not provided, will assume the current group's label is empty string. type: string required: False
- new-label - The new global-label of the group. If not provided, the current group's label will be deleted type: string required: False
update-global-label.firewall.security-policy - Update the global-label of group starting with the provided leading policy ID.
- policyid - Leading policy ID of the group to update. type: string required: True
- current-label - The current global-label of the group. If not provided, will assume the current group's label is empty string. type: string required: False
- new-label - The new global-label of the group. If not provided, the current group's label will be deleted type: string required: False
update.forticonverter.eligibility - Force an immediate request to update eligibility and ticket info.
update.forticonverter.intf-list - Force an immediate request to update source interface list.
update.forticonverter.sn-list - Force an immediate request to update source device serials.
update.forticonverter.submitted-info - Force an immediate request to update all submitted info.
update.switch-controller.isl-lockdown - Enable/disable ISL lockdown.
- fortilink - FortiLink interface name. type: string required: True
- status - To enable or disable lockdown. [enable|disable] type: string required: True
update.switch-controller.managed-switch - Update administrative state for a given FortiSwitch (enable or disable authorization).
- mkey - FortiSwitch name. type: string required: False
- admin - New FortiSwitch administrative state [enable|disable|discovered]. type: string required: False
update.system.fortiguard - Immediately update status for FortiGuard services.
update.system.ha-peer - Update configuration of peer in HA cluster.
- serial_no - Serial number of the HA member. type: string required: True
- vcluster_id - Virtual cluster number. type: int required: False
- priority - Priority to assign to HA member. type: int required: False
- hostname - Name to assign the HA member. type: string required: False
update.system.modem - Update supported modem list from FortiGuard.
update.system.sdn-connector - Update an SDN connector's connection status.
- mkey - SDN connector name. type: string required: True
update.web-ui.custom-language - Update custom language file to this Fortigate.
- mkey - Name of custom language entry. type: string required: True
- lang_name - New name of custom language entry. type: string required: False
- lang_comments - Comments of custom language entry. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upgrade.extender-controller.extender - Upgrade FortiExtender.
- id - FortiExtender ID to upgrade. type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upgrade.license.database - Upgrade or downgrade UTM engine or signature package (IPS/AntiVirus/Application Control/Industrial database/Security Rating/Internet Service Database) using uploaded file.
- db_name - Security service database name [ips|appctrl|industrial_db|antivirus|security_rating|isdb|iotddb] type: string required: True
- confirm_not_signed - Confirm whether unsigned pkg files may be uploaded. type: boolean required: False
- confirm_not_ga_certified - Confirm whether non GA-certified pkg files may be uploaded. type: boolean required: False
- file_id - File id of existing pkg file from a previous upload. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upgrade.system.firmware - Upgrade firmware image on this device.
- source - Firmware file data source [upload|usb|fortiguard|url]. type: string required: True
- url - URL where the image should be retrieved from. type: string required: False
- passphrase - Image encryption passphrase. type: string required: False
- force - Bypass signature and validity checking. type: boolean required: False
- filename - Name of file on USB disk to upgrade to, or ID from FortiGuard available firmware. type: string required: False
- format_partition - Set to true to format boot partition before upgrade. type: boolean required: False
- ignore_invalid_signature - Set to true to allow upgrade of firmware images with invalid signatures. type: boolean required: False
- file_id - File ID of the uploaded firmware image to allow upgrade of firmware images with invalid signatures. type: string required: False
- ignore_admin_lockout_upon_downgrade - Set to true to allow dowgrading if the firmware doesn't support safer password and there is at least 1 admin that will be locked out after upgrade. type: boolean required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upgrade.system.lte-modem - Upgrade LTE modem firmware image on this device using uploaded files.
upload.forticonverter.config - Upload config from target FortiGate to FortiConverter.
- ticket_id - Service ticket ID. type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.switch-controller.fsw-firmware - Upload FortiSwitch firmware to the management FortiGate and then push to target FortiSwitches.
- switch_ids - The target device's switch ID. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.system.config-script - Upload and run a new configuration script file.
- filename - Name of configuration script file. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.system.hscalefw-license - Update Hyperscale firewall license for hardware acceleration using license key.
- license_key - License key. Format:0000-0000-0000-0000-0000-0000-00. type: string required: True
upload.system.lte-modem - Upload the modem firmware upgrade files.
- filename - Firmware file being uploaded. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.system.vmlicense - Update VM license using uploaded file. Reboots immediately if successful.
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.webproxy.pacfile - Upload webproxy PAC file.
- filename - Name of PAC file. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.wifi.firmware - Upload FortiAP firmware to the management FortiGate and then push to target FortiAPs.
- serials - The target device's serial. type: string required: False
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
upload.wifi.region-image - Saves a floorplan/region image to an existing region.
- region_name - Region name to save image to. type: string required: True
- image_type - MIME type of the image (png|jpeg|gif). type: string required: True
- file_content - Provided when uploading a file: base64 encoded file data. Must not contain whitespace or other invalid base64 characters. Must be included in HTTP body. type: string required: False
user.password-policy-conform - Check if password adheres to local user password policy.
- username - User name. type: string required: False
- password - Password. type: string required: True
utm.rating-lookup - Lookup FortiGuard rating for a specific URL.
- url - List of URLs to query. type: array required: False
- lang - Language for the rating response. type: string required: False
validate-gcp-key.system.sdn-connector - Validate a string representing a private key from GCP in PEM format.
- private-key - Private key in PEM format. type: string required: True
verify-cert.endpoint-control.ems - Verify EMS server certificate for a specific EMS.
- ems_id - EMS server ID (as defined in CLI table endpoint-control.fctems). type: int required: True
- scope - Scope from which to verify EMS [vdom*|global]. type: string required: False
- fingerprint - EMS server certificate fingerprint to check with. type: string required: True
wake-on-lan.system.interface - Send wake on lan packet to device.
- mkey - Name of the interface that will send out the packet. type: string required: True
- mac - MAC of device to wake up. type: string required: True
- protocol_option - protocol [wol | udp]. Default is udp type: string required: False
- port - Port used by UDP WoL packets (0, 7, or 9). Port 9 will be used by default. type: int required: False
- address - Broadcast IP address used by UDP WoL packets. type: string required: False
- secureon_password - Password of the destination host if SecureOn is enabled. type: string required: False
webhook.system.automation-stitch - Triggers an incoming webhook for an automation stitch.
- mkey - The incoming webhook name to trigger. type: string required: True

Show full selector list...