Skip to content

Fix: FortiOS config collection fails with HTTP 405 on current FortiOS#3465

Merged
ipspace merged 1 commit into
ipspace:devfrom
a-v-popov:worktree-collect
Jun 9, 2026
Merged

Fix: FortiOS config collection fails with HTTP 405 on current FortiOS#3465
ipspace merged 1 commit into
ipspace:devfrom
a-v-popov:worktree-collect

Conversation

@a-v-popov

@a-v-popov a-v-popov commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Problem

netlab collect collects no configuration for FortiOS nodes on current
FortiOS releases; the FortiOS hosts fail their collection task with an
HTTP 405 error:

http_status: 405, action: backup, path: system, status: error

The collection task (netsim/ansible/tasks/fetch-config/fortios.yml) used
fortinet.fortios.fortios_monitor_fact with selector system_config_backup,
which issues GET /api/v2/monitor/system/config/backup. The config-backup
monitor endpoint changed HTTP verb across FortiOS releases: per the FNDN API
reference it is GET on FortiOS 6.4 (6.4.16) but POST on FortiOS 7.0
(7.0.17) and later. On a release that expects POST, the GET request is
rejected with 405 Method Not Allowed. The FortiOS hosts then collect no
.cfg file; other devices in the lab are unaffected and collect normally,
but the failed hosts make the run exit with a non-zero status.

Fix

Switch the task to fortinet.fortios.fortios_monitor with selector
backup.system.config. This targets the same
/api/v2/monitor/system/config/backup URL but issues the POST request the
endpoint now expects. The POST response continues to expose the raw
configuration at meta.raw, so the ansible_net_config extraction is
unchanged.

Validation

Verified live against a running FortiGate cluster (FGCP HA, FortiOS
v8.0.0 build 167) plus FRR/Linux nodes:

  • Before: netlab collect on a FortiOS node returns http_status: 405,
    no config file written, playbook aborts.
  • After: full netlab collect over the lab completes with failed=0 for
    every node; both FGCP HA members and all FRR routers collect cleanly. The
    FortiOS backups are well-formed (≈16.9k-line configurations).

The exact FortiOS release in which the verb changed was not bisected; the
GET→POST transition is bracketed by the FNDN API reference (GET on 6.4.16,
POST on 7.0.17), and the 405 failure was reproduced directly on 8.0.0.

References

🤖 Generated with Claude Code

@a-v-popov @claude
Fix: FortiOS config collection fails with HTTP 405 on current FortiOS
c29e0f9 
The config-backup monitor endpoint changed HTTP verb across FortiOS
releases: per the FNDN API reference it is GET on 6.4 (6.4.16) but POST
on 7.0 (7.0.17) and later. The collection task issued GET via
fortios_monitor_fact (selector system_config_backup), so on current
FortiOS the FortiOS hosts fail this task with HTTP 405 and collect no
configuration. Other devices in the lab are unaffected, but the failed
hosts make netlab collect exit non-zero. Verified against FortiOS 8.0.0.

Switch to fortios_monitor with selector backup.system.config, which posts
to the same /api/v2/monitor/system/config/backup URL. The response still
exposes the raw configuration at meta.raw, so the ansible_net_config
extraction is unchanged.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
ipspace
ipspace approved these changes Jun 9, 2026
View reviewed changes

@ipspace ipspace left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@ipspace ipspace merged commit 49b4a46 into ipspace:dev Jun 9, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ipspace ipspace ipspace approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@a-v-popov @ipspace