This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall: How to use API

Barb@Sophos over 7 years ago

Hi all,

This article describes the steps how to use Sophos XG Firewall's API.

Please find more information here.

Regards,

This thread was automatically locked due to age.

0 Paul Digby over 7 years ago

Is it going to be possible to do this from external over the internet? Meaning use the API
Cancel
Vote Up 0 Vote Down

Cancel
0 FloSupport over 7 years ago in reply to Paul Digby

Hey Paul Digby

Yes it would be possible. As per the KB:

Go to Backup & Firmware > API to enable the API Configuration and input the IP addresses you will make the call (the WAN IP you will be connecting from) from in the Allowed IP Address field.

This IP address needs to be in a zone that has access to the HTTPS Admin Services, if not, it needs a Local Service ACL Exception Rule.

Go to Administration > Device Access to verify its associated Zone or to create a Local Service ACL Exception Rule.

Hope this helps,
Cancel
Vote Up 0 Vote Down

Cancel
0 Paul Digby over 7 years ago in reply to FloSupport

Yes understood, if you use a fixed IP address.

However, I was thinking along the lines of using from mobile phone, where the cell IP address changes
Cancel
Vote Up 0 Vote Down

Cancel
0 Luke Leigh over 6 years ago in reply to Paul Digby

Rather than expose your API to the internet, would suggest that you connect your phone to your network using a VPN connection so that you can access the API.

Would be secure and saves exposing your API to the interwebs!

HTH
Cancel
Vote Up 0 Vote Down

Cancel
0 Paul Digby over 6 years ago in reply to Luke Leigh

You're right - that's the way to do it.
Cancel
Vote Up 0 Vote Down

Cancel
0 Kevin Roman over 6 years ago

Hi all! Is anyone else experiencing issues with authenticating to the API using the encrypted password for a user? I found a forum post from 2016 that was updated in 2017 RE: v16.05 saying that encrypted login via API won't work (https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/v16beta/f/sfos-v16-beta-issues-bugs/79383/api-login-with-encrypted-password). I am also experiencing this but haven't found another more recent post. Does anybody know if this is still a problem in the most current release\version? I am running API v1701.1 and the "encrypted" password I get from my user export won't work, but plain text auth does.

Side note: I also noticed that it appeared the encrypted password, when opened with a straight text editor like notepad, seemed to have HTML encoded characters (i.e. it ended with "4da%3D%3D" which would be "4da==" and sounds like a base64 encoded string). I tried both converting from HTML encoded and using the password that was actually included in the export and neither worked via the API.
Cancel
Vote Up 0 Vote Down

Cancel
0 Tech Centio over 6 years ago in reply to Kevin Roman

Hi,

I know it's a bit late, but if you haven't figured this out already - you have to obtain the encrypted password from here:

The export from the Authentication -> User is not the right one.
Cancel
Vote Up 0 Vote Down

Cancel