DescriptionThis article describeshow to call 'REST API' script through ClearPass application for integrating dynamic address objects.
SolutionAbout ClearPass Policy Manager (CPPM).The ClearPass Policy Manager (CPPM) can gather information about the statuses of network hosts, for example, the latest patches or virus infections.
Based on this information, CPPM send the IP addresses and current states, such as Healthy or Infected, to the FortiGate.
On the FortiGate, the IP addresses received from CPPM are added to a dynamic firewall address with the 'clearpass-spt subtype'.
This address can be used in any policy that supports dynamic addresses, such as Firewall or SSL-VPN policies.
In this example, create two dynamic IP addresses that are used in two firewall policies (deny and allow).
One policy allows traffic (host state = Healthy), and the other denies traffic (host state = Infected).
When CPPM sends the information, the IP addresses are assigned according to their host state: Healthy or Infected.
Verify that traffic from the Infected host is denied access by the deny policy, and traffic from the Healthy host is allowed access by the allow policy.
Find the below document for ClearPass integration for dynamic address objects.https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/912201/clearpass-integration-for-dynamic...
Find the below CURL format to call 'REST AP'I script through ClearPass application for integrating dynamic address objects.$ curl -k -X POST https://x.x.x.x/api/v2/monitor/firewall/clearpass-address/add
-H "Authorization: xxxxxxxx" -H "accept: application/json"
-H "Cotent-Type: application/x-www-form-urlencoded"
-d "{'endpoint_ip' : ['x.x.x.x', 'x.x.x.x', 'x.x.x.x'], 'spt': 'healthy'}"
