Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 28 subscribers
  • Views 3053 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error 501 while creating a VLAN using API on XG firewalls

SubnetMaster

Hello guys,

We just moved to Sophos XG Firewalls for our customers. I'm trying to fully configure XGs using API but, whatever I try, I can't create a VLAN using API because of the "Name" field.

<VLAN>
<Name>???</Name>
<Interface>Port8</Interface>
<Zone>MyZone</Zone>
<VLANID>99</VLANID>
<IPv4Configuration>Enable</IPv4Configuration><!-- default on -->
<IPv4Assignment>Static</IPv4Assignment>
<IPAddress>172.16.254.1</IPAddress>
<Netmask>255.255.255.0</Netmask>
</VLAN>

Whatever I try to put into this field (or even to remove this field), I always get the error 501:

<Response APIVersion="1702.1" IPS_CAT_VER="1">
<Login>
  <status>Authentication Successful</status>
</Login>
<VLAN transactionid="">
  <Status code="501">Configuration parameters validation failed.</Status>
  <InvalidParams>
     <Params>/VLAN/Name</Params>
  </InvalidParams>
</VLAN>
</Response>
 


From what I found, this is just a String field:


Description: 
Select the parent interface/port for the virtual sub-interface from the available options.
Interface/Name confines to:
Type is 'SCALAR'
DataType is "STRING"

 

I tried interface's name, VLAN's number, interface's name with VLAN's number (PortX.VLAN), a simple name without special char, even an empty string.
I tried checking the actual configuration of a VLAN using a "GET". I see that this field, when a VLAN is created through the WEB UI, is automatically filled by the XG using the format (Portx.VLANNumber):

 

<Response APIVersion="1702.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<VLAN transactionid="">
<Zone>WAN_IP</Zone>
<Interface>Port5</Interface>
<Name>Port5.181</Name>
<VLANID>181</VLANID>
<IPv4Configuration>Enable</IPv4Configuration>
<IPv6Configuration>Disable</IPv6Configuration>
<IPv4Assignment>Static</IPv4Assignment>
<IPv6Address/>
<IPv6Prefix/>
<IPv6GatewayName/>
<IPv6GatewayAddress/>
<LocalIP/>
<Status>Connected, 1000 Mbps - Full Duplex</Status>
<IPv6Assignment/>
<DHCPRapidCommit/>
<IPAddress>MY IP BUT YOU DONT CARE</IPAddress>
<Netmask>255.255.255.255</Netmask>
</VLAN>
</Response>

Does somebody knows what am I doing wrong ?
Thanks in advance !
Regards


Hardware and firmware: Sophos XG 125 (SFOS 17.5.3 MR-3)




This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    do you have an IP address assigned to the physical network?

    Ian

  • 0 in reply to rfcat_vk

    Hi,
    Thanks for the answer.

    Yes. I tried with the port UP and down. it doesn't change anything.

    <Interface transactionid="">
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <Name>Port8</Name>
    <NetworkZone>LAN</NetworkZone>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Assignment/>
    <DHCPRapidCommit>Disable</DHCPRapidCommit>
    <InterfaceSpeed/>
    <MTU>1500</MTU>
    <MSS>
    <OverrideMSS>Disable</OverrideMSS>
    <MSSValue>1460</MSSValue>
    </MSS>
    <Status>Unplugged</Status>
    <MACAddress>Default</MACAddress>
    <IPAddress>10.200.1.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
    </Interface>

    I'm currently downloading the firmware 17.5.4 MR-4 To check if it's a bug or something.
Reply
  • 0 in reply to rfcat_vk

    Hi,
    Thanks for the answer.

    Yes. I tried with the port UP and down. it doesn't change anything.

    <Interface transactionid="">
    <IPv4Configuration>Enable</IPv4Configuration>
    <IPv6Configuration>Disable</IPv6Configuration>
    <Name>Port8</Name>
    <NetworkZone>LAN</NetworkZone>
    <IPv4Assignment>Static</IPv4Assignment>
    <IPv6Assignment/>
    <DHCPRapidCommit>Disable</DHCPRapidCommit>
    <InterfaceSpeed/>
    <MTU>1500</MTU>
    <MSS>
    <OverrideMSS>Disable</OverrideMSS>
    <MSSValue>1460</MSSValue>
    </MSS>
    <Status>Unplugged</Status>
    <MACAddress>Default</MACAddress>
    <IPAddress>10.200.1.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
    </Interface>

    I'm currently downloading the firmware 17.5.4 MR-4 To check if it's a bug or something.
Children
  • 0 in reply to SubnetMaster

    A little trick I learnt the other day, might or might not help was to set the physical connection to DHCP and up.

    Ian

  • 0 in reply to rfcat_vk

    I just tried with the interface UP and in DHCP with firmware 17.5.4 MR-4.

    I decided to check API parser logs through SSH.
    The "Name" field is not here (maybe because there's no error with it). The parser create an "APIXMLOutput" xml file which, I think, is the answer I get in HTTPS. We can clearly see that no error is present for the "Name" Field in the parser but i see a lot of other errors. At this point, I don't know if these errors could block VLAN's creation or not. I'll try to remove a lot of them and see what happens.


    XG125_XN02_SFOS 17.5.4 MR-4-1# tail -f /log/apiparser.log
    ERROR Apr 11 10:58:45 [26262]: Key:ISCrEntity is not found in RequestMap File for Login.
    INFO Apr 11 10:58:45 [26262]: Mapping file for Login component is /_conf/csc/IOMappingFiles//1702.1/Login/Login.xml
    ERROR Apr 11 10:58:45 [26262]: Flag setting for this opcode is 18.
    INFO Apr 11 10:58:46 [26262]: Opcode response: status:200
    INFO Apr 11 10:58:46 [26262]: Authentication Successful
    INFO Apr 11 10:58:46 [26262]: Start Set Handler,Component : VLAN
    ERROR Apr 11 10:58:46 [26262]: Key:ISCrEntity is not found in RequestMap File for VLAN.
    WARNING Apr 11 10:58:46 [26262]: Transaction id is missing of for the component : <VLAN>.
    WARNING Apr 11 10:58:46 [26262]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="ipfamilyv6", xmlelement="/VLAN/IPv6Configuration" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="txtIPAddress_ip6", xmlelement="/VLAN/IPv6Address" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="txtNetmask_ip6", xmlelement="/VLAN/IPv6Prefix" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="gatewayname_ip6", xmlelement="/VLAN/IPv6GatewayName" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="gatewayip_ip6", xmlelement="/VLAN/IPv6GatewayAddress" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="strLocalIP", xmlelement="/VLAN/LocalIP" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="", xmlelement="/VLAN/Status" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="bootproto_ip6", xmlelement="/VLAN/IPv6Assignment" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="rapidcommit", xmlelement="/VLAN/DHCPRapidCommit" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: type != const in logicaloperator.So string comparision is done.
    ERROR Apr 11 10:58:46 [26262]: json object not found with key="ipfamilyv6" to handle logicaloperator.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
    ERROR Apr 11 10:58:46 [26262]: json object not found with key="bootproto_ip6" to handle logicaloperator.
    ERROR Apr 11 10:58:47 [26262]: Flag setting for this opcode is 18.
    INFO Apr 11 10:58:48 [26262]: Opcode response: status:500
    WARNING Apr 11 10:58:48 [26262]: Opcode failed with 'Add' operation. So call opcode with 'Update'.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="ipfamilyv6", xmlelement="/VLAN/IPv6Configuration" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="txtIPAddress_ip6", xmlelement="/VLAN/IPv6Address" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="txtNetmask_ip6", xmlelement="/VLAN/IPv6Prefix" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="gatewayname_ip6", xmlelement="/VLAN/IPv6GatewayName" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="gatewayip_ip6", xmlelement="/VLAN/IPv6GatewayAddress" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="strLocalIP", xmlelement="/VLAN/LocalIP" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="", xmlelement="/VLAN/Status" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="bootproto_ip6", xmlelement="/VLAN/IPv6Assignment" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="rapidcommit", xmlelement="/VLAN/DHCPRapidCommit" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: type != const in logicaloperator.So string comparision is done.
    ERROR Apr 11 10:58:48 [26262]: json object not found with key="ipfamilyv6" to handle logicaloperator.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="gatewayname", xmlelement="/VLAN/GatewayName" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: Parser Error: xmlvalue for jsonkey="gatewayip", xmlelement="/VLAN/GatewayAddress" cannot be found in request file.
    ERROR Apr 11 10:58:48 [26262]: json object not found with key="bootproto_ip6" to handle logicaloperator.
    ERROR Apr 11 10:58:49 [26262]: Flag setting for this opcode is 18.
    INFO Apr 11 10:58:50 [26262]: Opcode response: status:500
    INFO Apr 11 10:58:50 [26262]: End SET Handler, Status : Success, Component : VLAN, Transaction : NONE, Operation : NONE.
    MESSAGE Apr 11 10:58:50 [26262]: ENTITY 'VLAN' IMPORT Success
    INFO Apr 11 10:58:50 [26262]: Command:/scripts/apiparser_generate_tar.sh /sdisk/api-1554973125133411.txt /sdisk/API-1554973125133411 /sdisk/APIXMLOutput/1554973124429.xml /sdisk/API-1554973125133411.tar /sdisk/API-1554973125133411.log 0 status:3
    INFO Apr 11 10:58:50 [26262]: No need to create Tar file. Response file is /sdisk/APIXMLOutput/1554973124429.xml

    The strange thing is that OPcode 500 means "the operation can't be performed on this Entity" but I get a 501 (Configuration parameters validation failed) in the Web UI. 
    I wanted to check the files in /sdisk for analysis but they are only temporary files and are remove at the end of the request...

    Still searching :)

  • 0 in reply to SubnetMaster

    Hi,

    I was hoping one of the forum wiz kids who is into APIs might review the thread and assist.

    Ian

  • +1 in reply to rfcat_vk

    Could succesful add a Interface via API (Browser).

    192.168.100.10:4444/.../APIController passwordform="plain">admin</Password></Login><Set operation="add"><VLAN><Name>PortA.12</Name><Interface>PortA</Interface><Zone>LAN</Zone><VLANID>12</VLANID><IPv4Configuration>Enable</IPv4Configuration><!-- default on --><IPv4Assignment>Static</IPv4Assignment><IPAddress>172.16.254.1</IPAddress><Netmask>255.255.255.0</Netmask></VLAN></Set></Request>

     

    (High Security!) 

     

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
    <Response APIVersion="1702.1" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <VLAN transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
    </VLAN>
    </Response>
     
     
     
    <VLAN>
    <Name>PortA.12</Name>
    <Interface>PortA</Interface>
    <Zone>LAN</Zone>
    <VLANID>12</VLANID>
    <IPv4Configuration>Enable</IPv4Configuration><!-- default on -->
    <IPv4Assignment>Static</IPv4Assignment>
    <IPAddress>172.16.254.1</IPAddress>
    <Netmask>255.255.255.0</Netmask>
    </VLAN>
     
     
  • 0 in reply to LuCar Toni

    Well your solution made me find where was my mistake and it was so dumb that i'm ashamed

    I prepared tons of configuration and made a copy-paste of the Interface config, so I copied the "Networkzone" parameter, which is incorrect for VLAN because the name is "Zone"

    Shame... *Ding*


    <Response APIVersion="1702.1" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <VLAN transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
    </VLAN>
    </Response>


    Thanks ! Solved :)