HFortix - Python SDK for Fortinet products (FortiOS, FortiManager, FortiAnalyzer)
Project description
HFortix - Fortinet Python SDK
Python client library for Fortinet products including FortiOS, FortiManager, and FortiAnalyzer.
๐ฏ Current Status
- CMDB API: 79 endpoints across 15 categories (52% coverage) โ
- NEW: Firewall category with 28 endpoints (11 flat + 17 nested)
- Service API: 21 methods across 3 modules โ
- Log API: 42 methods across 5 modules (100% complete) โ
- Monitor API: Not yet implemented โธ๏ธ
Latest Addition (v0.3.5):
- โจ Enhanced IDE Autocomplete: Full PEP 561 type hint support for better IntelliSense
- โ Type Annotations: Explicit type hints on all API helper classes (cmdb, firewall, etc.)
- โ
Better Import Discovery: Improved
__all__exports for cleaner autocomplete suggestions - ๐ Bug Fix: Removed duplicate assignments in CMDB initialization
Previous Releases:
- v0.3.4: Unified import syntax documentation (
from hfortix import FortiOS) - v0.3.3: Package restructuring for unified imports
- v0.3.0: Firewall endpoints (11 flat + 17 nested = 28 total)
- firewall/DoS-policy, DoS-policy6 (DoS protection)
- firewall/access-proxy, access-proxy6 (Reverse proxy/WAF)
- firewall/access-proxy-ssh-client-cert (SSH certificates)
- firewall/access-proxy-virtual-host (Virtual hosts)
- firewall/address, address6 (IPv4/IPv6 addresses)
- firewall/addrgrp, addrgrp6 (IPv4/IPv6 address groups with simplified API)
- firewall/address6-template (IPv6 address templates)
- โ
Firewall Sub-categories:
- firewall.ipmacbinding (setting, table)
- firewall.schedule (group, onetime, recurring)
- firewall.service (category, custom, group)
- firewall.shaper (per-ip-shaper, traffic-shaper)
- firewall.ssh (host-key, local-ca, local-key, setting)
- firewall.ssl (setting)
- firewall.wildcard-fqdn (custom, group)
๐ฏ Features
- Unified Package: Import all Fortinet products from a single package
- Enhanced IDE Support: Full type hints with PEP 561 compliance for excellent autocomplete
- Modular Architecture: Each product module can be used independently
- PyPI Installation:
pip install hfortix- simple and straightforward - Comprehensive Exception Handling: 387+ FortiOS error codes with detailed descriptions
- Type-Safe: Proper exception hierarchy and error handling
- Simplified APIs: Auto-conversion for common patterns (e.g., address group members)
- Well-Documented: Extensive API documentation and examples
- Modern Python: Type hints, PEP 585 compliance, Python 3.8+
๐ฆ Available Modules
| Module | Status | Description |
|---|---|---|
| FortiOS | โ Active | FortiGate firewall management API |
| FortiManager | โธ๏ธ Planned | Centralized management for FortiGate devices |
| FortiAnalyzer | โธ๏ธ Planned | Log analysis and reporting platform |
๐ Installation
From PyPI (Recommended)
pip install hfortix
๐ Quick Start
Basic Usage
from hfortix import FortiOS
# Initialize with API token (recommended)
fgt = FortiOS(
host='192.168.1.99',
token='your-api-token',
verify=False # Use True in production with valid SSL cert
)
# List firewall addresses
addresses = fgt.cmdb.firewall.address.list()
print(f"Found {len(addresses['results'])} addresses")
# Create a new address
result = fgt.cmdb.firewall.address.create(
name='web-server',
subnet='192.168.10.50/32',
comment='Production web server'
)
Exception Handling
from hfortix import (
FortiOS,
APIError,
ResourceNotFoundError,
DuplicateEntryError
)
try:
result = fgt.cmdb.firewall.address.create(
name='test-address',
subnet='10.0.0.0/24'
)
except DuplicateEntryError as e:
print(f"Address already exists: {e}")
except ResourceNotFoundError as e:
print(f"Resource not found: {e}")
except APIError as e:
print(f"API Error: {e.message}")
print(f"HTTP Status: {e.http_status}")
print(f"Error Code: {e.error_code}")
๐๏ธ Project Structure
fortinet/
โโโ __init__.py # Main package entry point
โโโ exceptions.py # Base exceptions for all products
โโโ exceptions_forti.py # FortiOS-specific error codes
โโโ FortiOS/ # FortiGate management
โ โโโ __init__.py
โ โโโ client.py
โ โโโ exceptions.py # Backward compatibility
โ โโโ api/ # API endpoints
โ โโโ v2/
โ โโโ cmdb/ # Configuration (firewall, system, etc.)
โ โโโ monitor/ # Monitoring endpoints
โ โโโ log/ # Log retrieval
โ โโโ service/ # Services (sniffer, security rating)
โโโ FortiManager/ # Coming soon
โ โโโ __init__.py
โโโ FortiAnalyzer/ # Coming soon
โโโ __init__.py
๐ Module Discovery
Check which modules are available:
from fortinet import get_available_modules
modules = get_available_modules()
print(modules)
# {'FortiOS': True, 'FortiManager': False, 'FortiAnalyzer': False}
๐ Examples
FortiOS - Firewall Address Management
from hfortix import FortiOS
fgt = FortiOS(host='192.168.1.99', token='your-token', verify=False)
# List addresses
addresses = fgt.cmdb.firewall.address.list()
# Create address
result = fgt.cmdb.firewall.address.create(
name='web-server',
subnet='10.0.1.100/32',
comment='Production web server'
)
# Update address
result = fgt.cmdb.firewall.address.update(
name='web-server',
comment='Updated comment'
)
# Delete address
result = fgt.cmdb.firewall.address.delete(name='web-server')
FortiOS - DoS Protection (NEW!)
# Create IPv4 DoS policy with simplified API
result = fgt.cmdb.firewall.dos_policy.create(
policyid=1,
name='protect-web-servers',
interface='port3', # Simple string format
srcaddr=['all'], # Simple list format
dstaddr=['web-servers'],
service=['HTTP', 'HTTPS'],
status='enable',
comments='Protect web farm from DoS attacks'
)
# API automatically converts to FortiGate format:
# interface='port3' โ {'q_origin_key': 'port3'}
# service=['HTTP'] โ [{'name': 'HTTP'}]
# Custom anomaly detection thresholds
result = fgt.cmdb.firewall.dos_policy.create(
policyid=2,
name='strict-dos-policy',
interface='wan1',
srcaddr=['all'],
dstaddr=['all'],
service=['ALL'],
anomaly=[
{'name': 'tcp_syn_flood', 'threshold': 500, 'action': 'block'},
{'name': 'udp_flood', 'threshold': 1000, 'action': 'block'}
]
)
FortiOS - Reverse Proxy/WAF (NEW!)
# Create access proxy (requires VIP with type='access-proxy')
result = fgt.cmdb.firewall.access_proxy.create(
name='web-proxy',
vip='web-vip', # VIP must be type='access-proxy'
auth_portal='enable',
log_blocked_traffic='enable',
http_supported_max_version='2.0',
svr_pool_multiplex='enable'
)
# Create virtual host with simplified API
result = fgt.cmdb.firewall.access_proxy_virtual_host.create(
name='api-vhost',
host='*.api.example.com',
host_type='wildcard',
ssl_certificate='Fortinet_Factory' # String auto-converts to list
)
# API automatically converts:
# ssl_certificate='cert' โ [{'name': 'cert'}]
FortiOS - Address & Address Group Management (NEW!)
# Create IPv4 address (subnet)
result = fgt.cmdb.firewall.address.create(
name='internal-net',
type='ipmask',
subnet='192.168.1.0/24',
comment='Internal network'
)
# Create IPv4 address (IP range)
result = fgt.cmdb.firewall.address.create(
name='dhcp-range',
type='iprange',
start_ip='192.168.1.100',
end_ip='192.168.1.200'
)
# Create IPv4 address (FQDN)
result = fgt.cmdb.firewall.address.create(
name='google-dns',
type='fqdn',
fqdn='dns.google.com'
)
# Create IPv6 address
result = fgt.cmdb.firewall.address6.create(
name='ipv6-internal',
type='ipprefix',
ip6='2001:db8::/32',
comment='IPv6 internal network'
)
# Create address group with simplified API
result = fgt.cmdb.firewall.addrgrp.create(
name='internal-networks',
member=['subnet1', 'subnet2', 'subnet3'], # Simple string list!
comment='All internal networks'
)
# API automatically converts:
# member=['addr1', 'addr2'] โ [{'name': 'addr1'}, {'name': 'addr2'}]
# Create IPv6 address group
result = fgt.cmdb.firewall.addrgrp6.create(
name='ipv6-internal-networks',
member=['ipv6-subnet1', 'ipv6-subnet2'],
comment='All internal IPv6 networks'
)
# Create IPv6 address template
result = fgt.cmdb.firewall.address6_template.create(
name='ipv6-subnet-template',
ip6='2001:db8::/32',
subnet_segment_count=2,
comment='IPv6 subnet template'
)
FortiOS - Schedule Management
# Create recurring schedule
result = fgt.cmdb.firewall.schedule.recurring.create(
name='business-hours',
day=['monday', 'tuesday', 'wednesday', 'thursday', 'friday'],
start='08:00',
end='18:00'
)
# Create one-time schedule
from datetime import datetime, timedelta
tomorrow = datetime.now() + timedelta(days=1)
start = f"09:00 {tomorrow.strftime('%Y/%m/%d')}"
end = f"17:00 {tomorrow.strftime('%Y/%m/%d')}"
result = fgt.cmdb.firewall.schedule.onetime.create(
name='maintenance-window',
start=start,
end=end,
color=5
)
Exception Hierarchy
Exception
โโโ FortinetError (base)
โโโ AuthenticationError
โโโ AuthorizationError
โโโ APIError
โโโ ResourceNotFoundError (404)
โโโ BadRequestError (400)
โโโ MethodNotAllowedError (405)
โโโ RateLimitError (429)
โโโ ServerError (500)
โโโ DuplicateEntryError (-5, -15, -100)
โโโ EntryInUseError (-23, -94, -95)
โโโ InvalidValueError (-651, -1, -50)
โโโ PermissionDeniedError (-14, -37)
๐งช Testing
Each module includes comprehensive tests:
# Run FortiOS tests (requires FortiGate access)
cd FortiOS/Tests
python3 test_exceptions.py
python3 cmdb/firewall/address.py
๐ Version
Current version: 0.1.0
from fortinet import get_version
print(get_version()) # '0.1.0'
๐ค Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests
- Submit a pull request
๐ License
[Your License Here]
๐ Links
๐ก Tips
- Use API Tokens: Only token-based authentication is supported for FortiOS REST API
- Error Handling: Always catch specific exceptions for better error handling
- Verify SSL: Set
verify=Truein production (requires valid certificates) - Rate Limiting: Be aware of API rate limits (HTTP 429 errors)
โ๏ธ Configuration
Environment Variables
export FGT_HOST="192.168.1.99"
export FGT_TOKEN="your-api-token"
export FGT_VERIFY_SSL="false"
Using .env File
from dotenv import load_dotenv
import os
load_dotenv()
fgt = FortiOS(
host=os.getenv('FGT_HOST'),
token=os.getenv('FGT_TOKEN'),
verify=os.getenv('FGT_VERIFY_SSL', 'false').lower() == 'true'
)
๐ฏ Roadmap
- [๐ง] FortiOS API implementation (In Development)
- Exception handling system (387 error codes)
- Base client architecture
- [๐ท] CMDB endpoints (Beta - partial coverage)
- Firewall (address, policy, service, etc.)
- System (interface, admin, global, etc.)
- Router (static, policy, etc.)
- VPN (IPsec, SSL, etc.)
- [๐ท] Service endpoints (Beta)
- Sniffer, Security Rating, etc.
- [๐ท] Log endpoints (Beta)
- Traffic, Event, Virus, etc.
- Monitor endpoints (Not Started)
- Complete API coverage
- Modular package architecture
- FortiManager module (Not Started)
- FortiAnalyzer module (Not Started)
- PyPI package publication
- Async support
- CLI tool
๐ค Author
Herman W. Jacobsen
- Email: herman@wjacobsen.fo
- LinkedIn: linkedin.com/in/hermanwjacobsen
- GitHub: @hermanwjacobsen
Built with โค๏ธ for the Fortinet community
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
hfortix-0.3.5.tar.gz
(138.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
hfortix-0.3.5-py3-none-any.whl
(234.5 kB
view details)
File details
Details for the file hfortix-0.3.5.tar.gz.
File metadata
- Download URL: hfortix-0.3.5.tar.gz
- Upload date:
- Size: 138.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
4350e29a70d72b45916067798da62e68c7115dd1984f3f9ce2858df11d40e214
|
|
| MD5 |
b07545660695caeaeb0a8e8c0aeb3905
|
|
| BLAKE2b-256 |
1a85702fb2937deb71f6dd4a2009cf3db92c6451f646408d85b4ff720195a8b2
|
File details
Details for the file hfortix-0.3.5-py3-none-any.whl.
File metadata
- Download URL: hfortix-0.3.5-py3-none-any.whl
- Upload date:
- Size: 234.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5ef01a1bd6a13093347a98a86421d671da6b64db24ac71071e392c520196d0be
|
|
| MD5 |
927c99001dae8fc9dea6ab0372155595
|
|
| BLAKE2b-256 |
42f1cfdc9df001e5531dd100a05df3b99f2c16fd31575d9439da311733609eea
|
