Create FIrewall Policy - HTTPBased response 501

Luke, 

Were you able to get this to work? I recently started playing with the API and I have been able to successfully create firewall rules. If you want I can post the code here. 

IPInfoSec said:

Luke, 

Were you able to get this to work? I recently started playing with the API and I have been able to successfully create firewall rules. If you want I can post the code here. 

 

So I'm able to create firewall policies. The only issue I'm having is create a HTTPBased policy. In the API documentation you need to select a Policy type e.g User/Network/HTTPBased/NonHTTPBased/PublicNonHTTPPolicy. I can create all of these except for an HTTPBased. Just looking for minimum requirements or what I'm missing to make a valid request.

Luke,

I understand now. That is strange. Are you passing all these parameters into the browser or through a separate xml file? 

IPInfoSec said:

Luke,

I understand now. That is strange. Are you passing all these parameters into the browser or through a separate xml file? 

 

Using Python to make the request. I have Python build the URL that will be passed in the request. The URL contains all the XML and is what I posted in the request section.

I would pass the XML as a separate file - If the XML request in the URL is too long it will fail out. Below is a function that I built in Python to do this - Give it a try with all the XML in a separate file:  Note to use this you only need to change the 'ip_address' variable and the 'xml_files' variable

 import requests

xml_files = ['myFile1.xml', 'myFile2.xml']  # Add xml files here
ip_address = '10.10.10.10'

def api_call(api_ip, xml_doc):
    api_url = r'https://{}:4444/webconsole/APIController?'.format(api_ip)
    payload = {'reqxml' : (None, open(xml_doc, 'rb'))}
    r = requests.post(api_url, files=payload, verify=False)
    print(r.text)

for file in xml_files:
    api_call(api_ip=ip_address, xml_doc=file)

Thanks, Ill give this a shot and see how it goes.

Sorry for the delay. I tested it with the file and I still seem to get 

<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1700.1">
<Login>
<status>Authentication Successful</status>
</Login>
<SecurityPolicy transactionid="">
<Status code="501">Configuration parameters validation failed.</Status>
<InvalidParams/>
</SecurityPolicy>
</Response>

Am I missing anything or have anything set incorrectly?

Thanks,

Luke

Luke, 

It is hard to say if you missed something without seeing the full URL and XML being passed. Typically when I get that error message it means I have a typo somewhere. Considering it Authenticated correctly, your issue is after that in the XML and not with the URL or the Auth phase. 

Yeah I think Im missing a few things. After doing what I could with the XML I started looking over the system logs. Think I found my issue in /log/apiparser.log. Seems I'm missing a few things.

Thanks for the help!

INFO : 24325 No need to create Tar file. Response file is /sdisk/APIXMLOutput/1528226409136.xmlINFO : 24325 Start Login Handler,Component : Login
ERROR : 24325 Key:ISCrEntity is not found in RequestMap File for Login.
INFO : 24325 Mapping file for Login component is /_conf/csc/IOMappingFiles//1700.1/Login/Login.xml
ERROR : 24325 Flag setting for this opcode is 18.
INFO : 24325 Opcode response: status:200
INFO : 24325 Authentication Successful
INFO : 24325 Start Set Handler,Component : SecurityPolicy
ERROR : 24325 Key:ISCrEntity is not found in RequestMap File for SecurityPolicy.
WARNING : 24325 Transaction id is missing of for the component : <SecurityPolicy>.
ERROR : 24325 Parser Error: xmlvalue for jsonkey="tempsourceid", xmlelement="/SecurityPolicy/SourceNetworks/Network" cannot be found in request file.
ERROR : 24325 Parser Error: xmlvalue for jsonkey="tempexceptionid", xmlelement="/SecurityPolicy/ExceptionNetworks/Network" cannot be found in request file.
ERROR : 24325 Parser Error: xmlvalue for jsonkey="", xmlelement="/SecurityPolicy/HTTPBasedPolicy/Certificate" cannot be found in request file.
ERROR : 24325 json object not found with key="tempsourceid" to handle logicaloperator.
ERROR : 24325 Parser Error: xmlvalue for jsonkey="sourceid", xmlelement="/SecurityPolicy/SourceNetworks/Network" cannot be found in request file.
ERROR : 24325 json object not found with key="tempexceptionid" to handle logicaloperator.
ERROR : 24325 Parser Error: xmlvalue for jsonkey="exceptionid", xmlelement="/SecurityPolicy/ExceptionNetworks/Network" cannot be found in request file.
ERROR : 24325 Parser Error: xmlvalue for jsonkey="frontend.certificate", xmlelement="/SecurityPolicy/HTTPBasedPolicy/Certificate" cannot be found in request file.
ERROR : 24325 Flag setting for this opcode is 16.
INFO : 24325 Opcode response: status:500
INFO : 24325 End SET Handler, Status : Success, Component : SecurityPolicy, Transaction : NONE, Operation : add.
INFO : 24325 Command:/scripts/apiparser_generate_tar.sh /sdisk/api-1528226409292181.txt /sdisk/API-1528226409292181 /sdisk/APIXMLOutput/1528226409136.xml /sdisk/API-1528226409292181.tar /sdisk/API-1528226409292181.log 0 status:3
INFO : 24325 No need to create Tar file. Response file is /sdisk/APIXMLOutput/1528226409136.xml

Luke, 

Yeah it is hard to say without the XML to compare it to, but it looks like you didn't define a <Network> tag correctly.