Payload Logo

FortiAPI

Type-Safe and scalable API wrapper for FortiOS API v2 build in C++ using Nlohmann define_type_intrusive for easy scalability and expansion.

Technology Stack

C++ logo
Meson logo
Conan logo
JFrog Artifactory logo

Motivation

This project was driven by the aspiration to bridge the gap between Fortinet's powerful firewall capabilities and the flexible control provided by third-party integrations. By combining these strengths, we chart a new frontier in proactive network security management.

FortiHole

Inspired by Pi-hole’s proven DNS filtering model, FortiHole leverages DNS filtering capabilities and External Threat Feed Connectors built into FortiGate devices to effectively block malicious traffic at the DNS level, enhancing network security right at the perimeter.

Forti2Ban (Concept)

Currently in conceptual stages, Forti2Ban aims to integrate Fail2Ban-like IP blocking directly into the FortiGate network edge via its own External Threat Feed Connector, utilizing the FortiAPI for rapid automated response against malicious requests.

Features

Nlohmann JSON Integration

Leveraging Nlohmann JSON's define_intrusive_type feature for lightweight, scalable, and robust JSON parsing. This ensures type-safe handling of FortiGate API responses, some containing upwards of 100 attributes, maintaining both performance and maintainability.

Dynamic API Import

Flexible modular design allows importing either the full FortiGate API suite or specific sections—such as External Connectors. The result is a minimal, robust, and highly adaptable integration tailored precisely to your needs.

Artifactory + Conan Package Management

Easily accessible via a private Artifactory CE instance hosted on my VPS. Effortlessly integrate the API wrapper into your Conan-managed project with just a simple remote repository configuration, accelerating development workflows.

Future Plans

Validate API v2 Longevity

Careful verification of FortiGate's API v2 roadmap ensures long-term viability, protecting your integration investment from unexpected API deprecations or major breaking changes.

Robust Integration Testing

Comprehensive testing suite planned to rigorously handle scenarios involving default configuration values, preventing inadvertent overwrites and preserving existing FortiGate setups.

Community and Talent Development

Proactively attract skilled contributors to expand and maintain the API mapping. Due to Fortinet’s sparse documentation, community involvement is essential to fully realize the potential of automated FortiGate integrations.

Seeking Competent Contributors

Must own a FortiGate device.
Open a PR if you expand functionality or improve integration. This initiative aims to foster a community-driven ecosystem, automating and refining security practices across threat feeds, policies, and security profiles.