Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 1742 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

API Rule Group Endpoint

Lior Dahan

I've been working with the Sophos XG Firewall XML API and so far I've been unable to access the firewall rule group endpoint that is defined in the docs.

My request xmlreq parameter looks like this:

<Request>
<Login>
<Username>admin</Username>
<Password>sadfjiojO8AUOFDSJ!</Password>
</Login>
<Get>
<FirewallRuleGroup>
</FirewallRuleGroup>
</Get>
</Request>

This is the response I got:

<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1702.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<RuleGroup>
<Status code="529">Input request module is Invalid</Status>
</RuleGroup>
</Response>


Process finished with exit code 0



This thread was automatically locked due to age.
  • 0

    Which version of SFOS are you trying this on? I think you need the APIVersion in your request.

    <Request APIVersion="1800.1">

    <Login>

    <Username>admin</Username>

    <Password>secretsquirrel</Password>

    </Login>

    <Get>

    <FirewallRuleGroup>

    </FirewallRuleGroup>

    </Get>

    </Request>

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.1" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <FirewallRuleGroup transactionid="">
    <Status>No. of records Zero.</Status>
    </FirewallRuleGroup>
    </Response>
  • 0 in reply to PMStuart

    I am using SFOS 17_5_14_714

    Whenever I put quotation marks around the APIVersion number I get the following response:
    <?xml version="1.0" encoding="UTF-8"?>
    <Response>
    <Status code="529">There is no API Version</Status>
    </Response>

    Whenever I don't I get the following:
    <?xml version="1.0" encoding="UTF-8"?>
    <Response>
    <Status code="529">Input request file is Invalid</Status>
    </Response>


  • 0 in reply to PMStuart

    I've put 1702.1 as the API version as well (in quotes) and it gave me the same error from the start

  • 0 in reply to Lior Dahan

    Can you post this in a web browser and tell me what response you get. Obviously change IP and password for yours.

    192.168.0.1:4444/.../APIController APIVersion="1702.1"><Login><Username>admin</Username><Password>secretsquirrel</Password></Login><Get> <FirewallRuleGroup></FirewallRuleGroup> </Get></Request>

  • 0 in reply to PMStuart

    I actually just tried the request again without the API version and it also returns a response

    192.168.0.1:4444/.../APIController <FirewallRuleGroup></FirewallRuleGroup> </Get></Request>

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <FirewallRuleGroup transactionid="">
    <Status>No. of records Zero.</Status>
    </FirewallRuleGroup>
    </Response>
  • 0 in reply to PMStuart

    I put the following line into Chrome:

    172.16.16.16:4444/.../APIController APIVersion="1702.1"><Login><Username>admin</Username><Password>xxx!</Password></Login><Get><FirewallRuleGroup></FirewallRuleGroup></Get></Request>

    And got the same problem: 

    <Response APIVersion="1702.1" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <FirewallRuleGroup>
    <Status code="529">Input request module is Invalid</Status>
    </FirewallRuleGroup>
    </Response>
  • 0 in reply to Lior Dahan

    Let me do some digging internally... thanks for your patience.

  • +1

    Hi Lior,

    It looks like you're looking at the v18 documentation, but querying a 17.x firewall, and this specific API has changed between the two. you can find all published API help docs here: https://www.sophos.com/en-us/support/documentation/sophos-xg-firewall.aspx 

    According to the docs linked above, the firewall group call changed between 17.5 and 18. On v17.5, the call would look like this:

    hostname:4444//webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password>************</Password></Login><Get><SecurityPolicyGroup/></Get></Request>

    The difference is just the <get> parameter being "<SecurityPolicyGroup>", rather than "<FirewallGroup>", as it was changed to in v18

    The above example works for me on v17.5, and on v18 if I just change to FirewallGroup.

    It's generally not important to include the APIVersion in the query. Its more significant in the reply, to let you know if the version is different than you are expecting. Leaving it out of the request completely is normally fine. The main reason you would include it, would be to cause a failure when the firewall upgrades to a firmware with a newer API version, so you can review your calls to make sure no unexpected results occur. 

  • 0 in reply to AlanT

    Perfect, that solved my problem!

    Thanks!