# config system global2) Check administrator user has been added on FortiMail.
set hostname FML_IntSRV
set admin-idle-timeout 30
set data-loss-prevention disable
set rest-api enable
end
# config system admin3) Use following command on the API-agent to make administrator user called 'jklee' login to FortiMail.
edit admin
set password ENC $1$233bbec9$Xb8npD7/j3Bsj.mert9H1.
set access-profile super_admin_prof
set language english
next
edit jklee
set password ENC $1$172bd7d5$gJrUnT4/7unlhRsxHvzvK.
set access-profile super_admin_prof
set language english
next
end
[root@Linux-JKLEE api]# curl --insecure -v -H "Content-Type: application/json" -X POST -d '{"name":"jklee","password":"fortinet"}' https://10.5.1.99/api/v1/AdminLogin -c cookie1.txtNote:
* About to connect() to 10.5.1.99 port 443 (#0)Followings are the action receiving '200 OK' from FortiMail.
* Trying 10.5.1.99... connected
* Connected to 10.5.1.99 (10.5.1.99) port 443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* warning: ignoring value of ssl.verifyhost
* skipping SSL peer certificate verification
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
* Server certificate:
* subject: E=support@fortinet.com,CN=FortiMail,OU=FortiMail,O=Fortinet,L=Sunnyvale,ST=California,C=US
* start date: Jul 03 17:24:18 2015 GMT
* expire date: Jan 19 03:14:07 2038 GMT
* common name: FortiMail
* issuer: E=support@fortinet.com,CN=support,OU=Certificate Authority,O=Fortinet,L=Sunnyvale,ST=California,C=US
> POST /api/v1/AdminLogin HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 10.5.1.99
> Accept: */*
> Content-Type: application/json
> Content-Length: 38
>
< HTTP/1.1 200 OK
< Date: Wed, 11 Dec 2019 08:04:37 GMT
< Cache-Control: no-cache
* Added cookie APSCOOKIE="Era%3D0%26Payload%3DH0GBlo9rG82OWUcRRR4iRBwGYLTwUGMRfBXUgUmCzHtomNE63fqnzY%2FXpwouT78Y%0AUguSlytMk2lKJ4DL6p1oL3cLT4%2FKIsE3rv3CeFWrze2w%2Fh20wgX6WRnnD4nhhiX2%0AsGJX7C4eMPU%3D%0A%26AuthHash%3D%2Bre%2FBjCJlo1%2Fh7vJCwGpXg%3D%3D%0A" for domain 10.5.1.99, path /, expire 0
< Set-Cookie: APSCOOKIE=Era%3D0%26Payload%3DH0GBlo9rG82OWUcRRR4iRBwGYLTwUGMRfBXUgUmCzHtomNE63fqnzY%2FXpwouT78Y%0AUguSlytMk2lKJ4DL6p1oL3cLT4%2FKIsE3rv3CeFWrze2w%2Fh20wgX6WRnnD4nhhiX2%0AsGJX7C4eMPU%3D%0A%26AuthHash%3D%2Bre%2FBjCJlo1%2Fh7vJCwGpXg%3D%3D%0A; Path=/; Version=1
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Accept-Encoding
< X-XSS-Protection: 1; mode=block
< X-Frame-Options: SAMEORIGIN
< Content-Security-Policy: frame-ancestors 'self'
< X-Content-Type-Options: nosniff
< Transfer-Encoding: chunked
< Content-Type: application/json
<
* Connection #0 to host 10.5.1.99 left intact
* Closing connection #0
{"objectID": "AdminLogin:","reqAction": 2,"nodePermission": 0,"name": "jklee","password": "******","new_password": "******","token": "******","domain": "system","webmode": 1,"locale": "en","loginstatus": 1,"model": "FE-VMW","serial": "FEVM000000000000","theme": 0,"operation_mode": 2,"manager_supported": 0,"debug": false,"product_name": "FortiMail","product_version": "6.0.160","post_login_banner": false,"disclaimer": "","is_superadmin": true,"scramble": true,"forced_encryption": 3,"migration_enabled": false,"dlp_enabled": false,"minimum_length": 8,"must_contain": 0,"reqAction": 2}
# get system admin-list- On the GUI:
[2] login-name: jklee
access-profile: super_admin_prof
login-method: HTTPS
login-time: Wed Dec 11 17:04:37 2019
timeout-time: Wed Dec 11 17:34:37 2019
process-ID: 2135
client-address: 10.5.1.254
# config system globalHowever, when specific administrator user logged out before reaching the 'admin-idle-timeout' follow these steps:
set hostname FML_IntSRV
set admin-idle-timeout 30
set data-loss-prevention disable
set rest-api enable
end
[root@Linux-JKLEE api]# ls -lrt | grep cookie1.txt3) Use following command on the API-agent to make administrator user called "jklee" log-out from FortiMail.
-rw-r--r--. 1 root root 398 Dec 11 08:04 cookie1.txt
[root@Linux-JKLEE api]#
[root@Linux-JKLEE api]# curl --insecure -b cookie1.txt -H "Content-Type: application/json" -X POST -d '{"reqAction":8}' https://10.5.1.99/api/v1/AdminLogin- See the result step by step.
{"errorType": 0,"errorMsg": "Successful:Custom action2 on object (AdminLogin) ","objectID": "AdminLogin:","reqAction": 8}3) Check that "jklee" does not exist on the list.
# get system admin-list- From the GUI:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.