Auvik can gather details for your FortiSwitches that are running in FortiLink mode and cannot be reached by the Auvik collector from your FortiGate. To monitor a FortiSwitch in FortiLink mode, you’ll need to add FortiOS REST API credentials to allow Auvik to gather the data from the FortiGate. This functionality is supported for FortiOS versions 6.0.0 and newer.
To use the FortiOS REST API credentials, you’ll need to do the following:
How to generate an API token
Create an admin profile
- Log into the FortiGate UI.
- Navigate to System > Admin Profiles.
- Click Create New.
- Enter a name (as desired).
- Set the access permissions as follows (see screenshot below for details):
- Firewall to Custom > Address to Read
- Network to Custom > Configuration and Router to Read
- System to Custom > Configuration to Read
- WiFi & Switch to Read
- Click OK.
Create a REST API admin
- Log into FortiGate.
- Navigate to System > Administrators.
- Click Create New > REST API Admin.
- Enter a username (as desired).
- Select the admin profile from above.
- Disable the PKI Group.
- CORS Allow Origin is not required if the Auvik collector is on the local network.
- Set the trusted hosts to A.B.C.D/0 where A.B.C.D is the IP address of the Auvik collector.
- Click OK.
- Copy the API token. It cannot be retrieved later.
- Click Close.
How to add API credentials
- Click Discovery in the side navigation bar.
- Click the Manage Credentials tab.
- Click the Device API Credentials tab.
- Hover over the Add Device API Credentials button and choose Fortinet.
- In Auvik, fill in the following detail:
- Name - a name or description for use in Auvik only
- Device - the device name that the API key is for
- API Key (from above)
- Port - the port that the API/HTTP service is running
- Click Test Connection to confirm your settings are accurate.
- Click Save.