Skip to content

Fortinet FortiOS API Key

Service Name: Fortinet FortiOS

Service Description: Fortinet FortiOS is the operating system that powers Fortinet's FortiGate network security appliances. It provides comprehensive security features including firewall, VPN, intrusion prevention, and application control capabilities.

Service Address: https://www.fortinet.com/products/fortigate

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the admin profile level within FortiOS to limit API access to specific IP addresses or ranges.

Secret Access Scope: Grants programmatic access to FortiOS configuration and management capabilities through the REST API, allowing for automation of security policy management, device configuration, and monitoring.

Secret Revokement URL: https://docs.fortinet.com/document/fortigate/7.0.0/new-features/562317/rest-api-administrator

Secret Example: y98f6d2xhm49p38xnw4xj1z5c0rw7k

Suspicious Activity Investigation Instructions:

  • Review FortiOS logs for unusual API calls or configuration changes.
  • Check for unauthorized policy modifications or firewall rule changes.
  • Monitor for unexpected VPN configuration changes or new administrator accounts.
  • Examine system logs for login attempts from unusual IP addresses or outside normal business hours.
  • Review audit logs for mass configuration changes or security policy modifications.

Mitigation Instructions:

  • Log in to the FortiGate web interface as a super-admin user.
  • Navigate to System > Administrators.
  • Locate the API administrator account in question.
  • Either disable the account by unchecking "Enable" or delete it completely.
  • Create a new API key with appropriate permissions if needed.
  • Update any automation tools or scripts to use the new API key.
  • Consider implementing more restrictive trusted hosts (IP restrictions) for API access.
  • Enable two-factor authentication for administrative access where possible.