Query Fortinet FortiOS Devices
Query Fortinet FortiGate firewalls running FortiOS with cnquery
Rely on cnquery to query configuration and firmware information from Fortinet FortiGate devices running FortiOS. Discover system status, firmware versions, and available updates across your FortiGate firewall infrastructure.
Requirements
To analyze and explore your FortiOS devices with cnquery, you must have:
- cnquery installed on your workstation.
- Network access to the FortiGate management interface.
- A REST API token for authentication.
Create a REST API token
To create a REST API token in FortiOS:
- Log in to the FortiGate web interface.
- Navigate to System > Administrators.
- Click Create New > REST API Admin.
- Configure the administrator profile with appropriate permissions.
- Copy the generated API token.
For detailed instructions, see the FortiOS REST API documentation.
Connect to a FortiOS device
To connect to a FortiGate firewall:
cnquery shell fortios --hostname fortigate.example.com --token 'your-api-token'To skip TLS certificate verification (for self-signed certificates):
cnquery shell fortios --hostname fortigate.example.com --token 'your-api-token' --insecureConnection options
| Option | Description |
|---|---|
--hostname | Hostname or IP address of the FortiOS device |
--token, -t | REST API Bearer token for authentication |
--insecure, -k | Skip TLS certificate verification |
Example queries
Once connected, you can query information from the FortiOS device.
This query retrieves current firmware information:
cnquery> fortios.system.firmware
fortios.system.firmware: {
current: fortios.system.firmware.versionInfo
available: [...]
}This query retrieves the current firmware version details:
cnquery> fortios.system.firmware.current { version major minor patch build }
fortios.system.firmware.current: {
version: "7.2.4"
major: 7
minor: 2
patch: 4
build: 1396
}This query lists available firmware versions:
cnquery> fortios.system.firmware.available { version releaseType maturity }
fortios.system.firmware.available: [
0: {
version: "7.2.5"
releaseType: "GA"
maturity: "Mature"
}
...
]Exit the cnquery shell
To exit the cnquery shell, either press Ctrl + D or type exit.
Learn more
-
To learn more about how the MQL query language works, read Write Effective MQL.
-
For more information about FortiOS, see the Fortinet documentation.