When Fortinet decided to scrap the automatic configuration backup from the basic FortiCloud offering, we set up a Linux VM with a quick script for a handful of SMB customers. That backed up the config file flawlessly... until yesterday, when we migrated the VM: different datacenter, different public IP.
So we updated the trusted host in the REST API administrator user in all FGs with the new public IP, changed nothing else. Same API key, same script, same inventory file (contains URL target, HTTPS port and API key).
Now I can get my correct API responses from a specific Fortigate from the inventory, all others fail (didn't check all of them, just tried several).
With a packet capture I can see the SYN packets arriving on the FG (correct source IP, correct HTTPS dport), but no response. No reference to those calls anywhere else on the FG: no log in Local Traffic, nothing debugging httpd.. The SYNs just got received and then POOF!
I double checked the Local In Policies, but that traffic has been explicitly allowed via a new policy (it was going to be allowed anyway, as we only have GEO based filtering and both datacenter are in same country).
I added a second trusted host and double checked from my PC: works fine.
I'm afraid this will be the absolute pinnacle of stupidity display from my part, but here I am, desperate for advice.