Fortinet Function App: Playbook fails with HTTP 500 error

rob wood 41 Reputation points
2024-03-21T12:04:40.19+00:00

We have successfully deployed the Fortinet Function app, 3 playbooks, and a custom connector from the GitHub solution. When the "BlockIPs" playbook is triggered, it fails with an HTTP 500 error while trying to connect to the Fortinet server where the blocklist is configured. This happens for every IP address in the Threat Indicator IOC. The log below shows the error, with the obfuscated fqdn etc:

2024-03-19T15:39:33.875 [Information] Executing 'Functions.Fortinet-GetEntityDetails' (Reason='This function was programmatically called via the host APIs.', Id=ab740431-a771-4e9f-ac84-05a26dec4420) 
2024-03-19T15:39:33.875 [Information] HTTP request recived. 
2024-03-19T15:39:33.875 [Information] filter=start-ip=@167.248.133.164 
2024-03-19T15:39:33.875 [Information] address 
2024-03-19T15:39:33.875 [Information] https://[fqdn]/api/v2/cmdb/firewall/addrgrp/[blocklistgroup]/address?filter=start-ip=@167.248.133.164 
2024-03-19T15:39:33.992 [Error] Executed 'Functions.Fortinet-GetEntityDetails' (Failed, Id=ab740431-a771-4e9f-ac84-05a26dec4420, Duration=10ms)Unexpected character encountered while parsing value: <. Path '', line 0, position 0.

Has anyone been able to deploy the function app and make it work properly?

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,231 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Ryan Hill 25,481 Reputation points Microsoft Employee
    2024-03-23T18:37:56.0133333+00:00

    Hi @rob wood

    With the trigger failing with a 500 and the error message pointing to an invalid character in Functions.Fortinet-GetEntityDetails, the attention should be focused there. However, it seems this is a marketplace offering. I see Fortinet is a publisher, but I didn't see anything specific to Function app. It could part of a different offering, but I'm not familiar with their offerings at all.

    I don't know what their function does, but I would check to the logs to determine what the HTTP request payload that's being passed. Could be a deserialization issue with the payload. But I suggest reaching out their community and support at https://www.fortinet.com/support/contact to see if anyone there has run into a similar issue.

    0 comments No comments