1

I want to make a program that takes the backup of my fortigate firewall using C#.

I have created a profile on firewall which has read access of configuration and also generated the API key for same.

Below is my sample code to do that

class Program
{
    public static string urlParameters = "?scope=global&access_token=mytoken";//ill replace mytoken with generated token
    static void Main(string[] args)
    {
        HttpClient httpClient = new HttpClient();
        httpClient.BaseAddress = new Uri("https://x.x.x.x/api/v2/monitor/system/config/backup/");
        HttpResponseMessage responseMessage = httpClient.GetAsync(urlParameters).Result;//Im getting error in this statement
        Console.WriteLine(responseMessage.ToString());
    }
}

I'm getting below 3 errors executing above code

  1. HttpRequestException: An error occurred while sending the request.

  2. WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

  3. AuthenticationException: The remote certificate is invalid according to the validation procedure.

I'm able to ping that firewall from system that i'm executing program in.

parthraj panchal
  • 111
  • 13
  • The firewall probably uses a self signed certificate. By using the httpclient the chain of signers is checked and if it not results in a trusted root certificate you get this error. To disable see this question (the accepted answer): https://stackoverflow.com/questions/12506575/how-to-ignore-the-certificate-check-when-ssl – Sascha Jul 19 '21 at 09:00
  • @Sascha currently I'm running a console application and later ill turn it into windows service. So i dont have any global.asax in my project. Can you suggest where do i need to make changes . – parthraj panchal Jul 19 '21 at 09:18
  • You can do this on startup (within you main function( – Sascha Jul 19 '21 at 09:29
  • 1
    @Sascha i have added ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; and Im able to communicate to it but it shows "StatusCode: 403, ReasonPhrase: 'Forbidden'" . I have allowed all read permissions on firewall. Any idea about this ? – parthraj panchal Jul 19 '21 at 09:34
  • 2
    Now you have a different question: you are unauthorized. Are you sure you've followed correct authentication process, normally it requires a cookie. Where are the docs for the API? – Charlieface Jul 19 '21 at 11:29
  • @Charlieface thanks for the reference post [POST](https://stackoverflow.com/questions/12506575/how-to-ignore-the-certificate-check-when-ssl) this helped. And also i proved read/write access to my profile on firewall which was only read before. – parthraj panchal Jul 20 '21 at 04:50

0 Answers0