FortiOS API and policy creations

I had an earlier  email dialog from a user that found my API blog  that I posted earlier and he had a question on adding a new policy within FortiOS

Note , the POST action creates the policy and PUT  modifies any existing items. You need to ensure you  select the right policyid#.

Be very very very careful to ensure you do NOT modify or DELETE a policyid#  that was not correct.

What  a lot of org that uses API automations they  run the   script to backup the firewall 1st or list out all policies and then  execute  the changes regardless if it's and ADD DELETE or MODIFY { POST DELETE  PUT }


Also make sure you  place sanity  checks

      * if your going blacklist on add entries to the address group with a /32 subnet value


      * check your feeds and  scripts to ensure you do not  mistakenly  add your own blocks or trusted networks
      *  be very careful with  DELETE operations

      *  make sys-config backups before and after the  operations are ran


      *  !!!! YMMV  and use extreme caution until you get it all under control  !!!!

!!!!Any API call that's a GET is a Read-Only and will cause zero harm!!!!

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \