Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 1267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Edit Firewall Rule with API

Jannik Karb

Hey Guys,

i need to change a Firewall Rule with the API.

I tried to many times and read the documentation, but i dont find the solution.

my XML:<Request APIVersion="1800.1">

<Login>

<Username>username</Username>

<Password passwordform="plain">password</Password>

</Login>
<Set operation="update">
<PolicyType>
<Name>test</Name>
<Description>test</Description>
<Status>Disable</Status>
<IPFamily>IPv4</IPFamily>
<Position>After</Position>
<After>
<Action>Drop</Action>
</After>
<Before>
<Action>Accept</Action>
</Before>
</PolicyType>
</Set>


</Request>

The Output is: 

<?xml version="1.0" encoding="UTF-8"?>\n<Response APIVersion="1800.1" IPS_CAT_VER="1">\n <Login>\n <status>Authentication Successful</status>\n </Login>\n <FirewallRule transactionid="">\n <Status code="501">Configuration parameters validation failed.</Status>\n <InvalidParams>\n <Params>/FirewallRule/PolicyType</Params>\n </InvalidParams>\n </FirewallRule>\n</Response>\n'

Can you help me?

Greetings

Jannik



This thread was automatically locked due to age.
  • 0
    Jannik Karb said:
    <PolicyType>

    I changed it to <FirewallRule> but it doesnt work.

  • 0

    Hello Jannik,

    I use this Request to update a firewall rule:  

    <Request>
    <Login>
     <Username>username</Username>
     <Password passwordform='encrypt'>encrypted-password</Password>
    </Login>
    <Set operation='update'>
     <FirewallRule>
     <Name>Out-Rule</Name>
     <Description></Description>
     <IPFamily>IPv4</IPFamily>
     <Status>Disable</Status>
     <Position>bottom</Position>
     <PolicyType>Network</PolicyType>
     <NetworkPolicy>
     <Action>accept</Action>
     <LogTraffic>Disable</LogTraffic>
     <SkipLocalDestined>Enable</SkipLocalDestined>
     <WebFilter>none</WebFilter>
     <SourceZones>
     <Zone>LAN</Zone>
     </SourceZones>
     <DestinationZones>
     <Zone>VPN</Zone>
     </DestinationZones>
     <SourceNetworks>
     <Network>myNet</Network>
     </SourceNetworks>
     <DestinationNetworks>
     <Network>MyHost</Network>
     </DestinationNetworks>
     </NetworkPolicy>
     </FirewallRule>
    </Set>
    </Request>

    A ggod trick is, first export the XML and use this for your script. 

    I use the encryted password for security reasons:
    API (sophos.com)

    Ben

    If a post solves your question please use the 'Verify Answer' button.

  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Just adding to what Ben@Network said,

    You can also refer to the below API help guide to get sample configuration for firewall rule/host/route etc.

    https://docs.sophos.com/nsg/sophos-firewall/18.0/API/index.html

Unfiltered HTML