Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 3 answers
  • Subscribers 27 subscribers
  • Views 1452 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Delete Unicast Route via API

Ben@Network

Hello Community,

I trying to delete Unicast Route via API call without any success. This is my request:

<Request>
<Login>
 <Username>user</Username>
 <Password passwordform='encrypt'>my-pwhash</Password>
</Login> 
 <Remove> 
   <UnicastRoute> 
      <DestinationIP>192.168.42.0</DestinationIP> 
      <Netmask>255.255.255.0</Netmask>
   </UnicastRoute>
  </Remove>
</Request>

This request results in this error Message:

<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1800.2" IPS_CAT_VER="1">
 <Login>
 <status>Authentication Successful</status>
 </Login>
 <UnicastRoute transactionid="">
 <Status code="500">Operation could not be performed on Entity.</Status>
 </UnicastRoute>
</Response>

When I look into the API Documention DestinationIP and Netmask are the only required paramters:
API Documentation (sophos.com)

Has anybody a hint for me?

Thanks,

Ben



This thread was automatically locked due to age.
Parents
  • 0

    Hi!

    Just did a quick test:

    Created random route with 20.20.20.0/24 with interface and nothing else. Exported the config for the route and gave me this:

    <UnicastRoute transactionid="">
    <IPFamily>IPv4</IPFamily>
    <DestinationIP>20.20.20.0</DestinationIP>
    <Netmask>255.255.255.0</Netmask>
    <Gateway/>
    <Interface>Port2</Interface>
    <Distance>0</Distance>
    </UnicastRoute>

    Tried removing the route with ALL the data the export gave me and it worked:

    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <UnicastRoute transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
    </UnicastRoute>
    </Response>
    Then, created the route again and trying removing some parameters from the "Remove" API query and failed
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <UnicastRoute transactionid="">
    <Status code="500">Operation could not be performed on Entity.</Status>
    </UnicastRoute>
    </Response>

    Even tried removing only not used parameters like gateway and still fails. 

    My recomendation? Dont trust too much the documentation and guide you with what an export looks like.



    sdf
    [edited by: Antonio Cienfuegos at 1:10 PM (GMT -7) on 25 May 2021]
  • 0 in reply to Antonio Cienfuegos S

    I have no luck. I've exported the Unicast Route and tried to delete the route as you described it and get still the error 500. If I look into the applog.log I see this message:    

    May 26 16:49:10 Info:: Transaction will not be rolled back for opcode unicast_sroutes_del. If any operation fails, request is part of multiple request : 
    May 26 16:49:10 ID Data Found ARRAY(0xa76c3d0) And ID = 
    May 26 16:49:10 unicast_sroutes_del(ERR): id not given.
    May 26 16:49:10 API-Parser /sdisk/api-1622040547136507.txt found. 
    May 26 16:49:10 API-Parser /sdisk/api-1622040547136507.txt size = 0 && script is invoked by api_parser

    I don't know which id is missing.

    Ben

  • 0 in reply to Ben@Network

    Can you put the XML code you're using? Dont be worry about privacy, they are (I suppose) private RFC1819 ip addresses.

  • 0 in reply to Antonio Cienfuegos S

    Hello Antonio,

    this is the object that I try to delete: 

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
     <Login>
     <status>Authentication Successful</status>
     </Login>
     <UnicastRoute transactionid="">
     <IPFamily>IPv4</IPFamily>
     <DestinationIP>192.168.42.0</DestinationIP>
     <Netmask>255.255.255.0</Netmask>
     <Gateway>192.168.41.1</Gateway>
     <Interface/>
     <Distance>0</Distance>
     </UnicastRoute>
    </Response>

    This is the Remove Query:

    <Remove> <UnicastRoute transactionid=''> 
    <IPFamily>IPv4</IPFamily> 
    <DestinationIP>192.168.42.0</DestinationIP> 
    <Netmask>255.255.255.0</Netmask>
    <Gateway>192.168.41.1</Gateway>
    <Interface/>
    <Distance>0</Distance>
    </UnicastRoute>
    </Remove>

    And this is the response:

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
     <Login>
     <status>Authentication Successful</status>
     </Login>
     <UnicastRoute transactionid="">
     <Status code="500">Operation could not be performed on Entity.</Status>
     </UnicastRoute> </Response>

    Also the same if I use the Netmask in CDIR-Notation.

    Ben

  • 0 in reply to Ben@Network

    Well, create a new network interface with a 41.2 IP, and then the route. Tried removing the route through API and get same result, error 500.

    So basically its a bug Slight smile

    Sorry its not good news Disappointed

  • FormerMember
    0 FormerMember in reply to Antonio Cienfuegos S

    Hi Ben@Network, ,

    I'm in a discussion with the internal team regards with the reported query. I'll also try to replicate the issue in a lab environment and will update this thread soon.

  • 0 in reply to Antonio Cienfuegos S

    Hello  .

    I tried as well now and would agree, that it looks like a bug.

  • FormerMember
    0 FormerMember in reply to ThomW

    Here is a sample API to remove static route,

    =======================================

    <Request>
    <Login>
    <Username>apiadmin</Username>
    <Password>*******</Password>
    </Login>
    <remove>
    <UnicastRoute transactionid="">
    <IPFamily>IPv4</IPFamily>
    <DestinationIP>192.168.2.0</DestinationIP>
    <Netmask>255.255.255.0</Netmask>
    <Gateway>192.168.0.1</Gateway>
    <Interface>Port1</Interface>
    <Distance>0</Distance>
    </UnicastRoute>
    </remove>
    </Request>

    API string: xx.xx.xx.xx:4444/.../APIController transactionid=""><IPFamily>IPv4</IPFamily><DestinationIP>192.168.2.0</DestinationIP><Netmask>255.255.255.0</Netmask><Gateway>192.168.0.1</Gateway><Interface>Port1</Interface><Distance>0</Distance></UnicastRoute></remove></Request>

    =======================================

  • 0 in reply to FormerMember

    Hello . 

    Well   already mentioned that this works.

    The bug is when you create a unicast route without providing an interface which is possible. Then it is not possible to delete it using the API.

  • FormerMember
    0 FormerMember in reply to ThomW

    Hi ThomW,

    I'm already in a discussion with the concerned team for the static routes which are added only with the gateway. I'll update this thread as soon as the new information on this is available.

Reply
  • FormerMember
    0 FormerMember in reply to ThomW

    Hi ThomW,

    I'm already in a discussion with the concerned team for the static routes which are added only with the gateway. I'll update this thread as soon as the new information on this is available.

Children