Fortinet Function App: Playbook fails with HTTP 500 error

Question

We have successfully deployed the Fortinet Function app, 3 playbooks, and a custom connector from the GitHub solution. When the "BlockIPs" playbook is triggered, it fails with an HTTP 500 error while trying to connect to the Fortinet server where the blocklist is configured. This happens for every IP address in the Threat Indicator IOC. The log below shows the error, with the obfuscated fqdn etc:

2024-03-19T15:39:33.875 [Information] Executing 'Functions.Fortinet-GetEntityDetails' (Reason='This function was programmatically called via the host APIs.', Id=ab740431-a771-4e9f-ac84-05a26dec4420) 
2024-03-19T15:39:33.875 [Information] HTTP request recived. 
2024-03-19T15:39:33.875 [Information] filter=start-ip=@167.248.133.164 
2024-03-19T15:39:33.875 [Information] address 
2024-03-19T15:39:33.875 [Information] https://[fqdn]/api/v2/cmdb/firewall/addrgrp/[blocklistgroup]/address?filter=start-ip=@167.248.133.164 
2024-03-19T15:39:33.992 [Error] Executed 'Functions.Fortinet-GetEntityDetails' (Failed, Id=ab740431-a771-4e9f-ac84-05a26dec4420, Duration=10ms)Unexpected character encountered while parsing value: <. Path '', line 0, position 0.

Has anyone been able to deploy the function app and make it work properly?

Answer 1

Hi @rob wood

With the trigger failing with a 500 and the error message pointing to an invalid character in Functions.Fortinet-GetEntityDetails, the attention should be focused there. However, it seems this is a marketplace offering. I see Fortinet is a publisher, but I didn't see anything specific to Function app. It could part of a different offering, but I'm not familiar with their offerings at all.

I don't know what their function does, but I would check to the logs to determine what the HTTP request payload that's being passed. Could be a deserialization issue with the payload. But I suggest reaching out their community and support at https://www.fortinet.com/support/contact to see if anyone there has run into a similar issue.