I am writing some powershell to keep my Sophos XG up to date with a letsencrypt certificate. The logic flow is roughly: Add the new cert if it doesn't exist Get all the firewall rules (SecurityPolicy) Skip the rule if it isn't a HTTPBasedPolicy, or if the Certificate doesn't match letsencrypt_<domain> Update the certificate in the <SecurityPolicy> XML fragment Post the XML fragment back with the appropriate decorations Delete the old certificates that were attached to the policies I thought it was all in place except that I have found that the Allowed Client Networks setting, and the TrafficShapingPolicy disappear after I update the rule, and this is because they aren't in the XML I get from the get operation. Has anyone else had much experience with the API? This sort of shortcoming makes it useless for my purpose and I'm wondering if it's even worth pursuing with a bug report. This sort of bug would be so easy to catch via even the most basic test framework I feel that i'd be wasting my time logging it. James

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

API drops AllowedClientNetworks(?) and TrafficShapingPolicy on SecurityPolicy get

I am writing some powershell to keep my Sophos XG up to date with a letsencrypt certificate.

The logic flow is roughly:

Add the new cert if it doesn't exist
Get all the firewall rules (SecurityPolicy)
Skip the rule if it isn't a HTTPBasedPolicy, or if the Certificate doesn't match letsencrypt_<domain>
Update the certificate in the <SecurityPolicy> XML fragment
Post the XML fragment back with the appropriate decorations
Delete the old certificates that were attached to the policies

I thought it was all in place except that I have found that the Allowed Client Networks setting, and the TrafficShapingPolicy disappear after I update the rule, and this is because they aren't in the XML I get from the get operation.

Has anyone else had much experience with the API? This sort of shortcoming makes it useless for my purpose and I'm wondering if it's even worth pursuing with a bug report. This sort of bug would be so easy to catch via even the most basic test framework I feel that i'd be wasting my time logging it.

James

This thread was automatically locked due to age.