Edit rule with API

https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/APIUsingAPI/index.html
https://docs.sophos.com/nsg/sophos-firewall/18.5/API/index.html

I already followed the steps and I can do many things, but what I can't do is modify an already created rule to add more devices, I have this code and it doesn't work.

<Request>
   <Login>
      <Username>API Admin</Username>
      <Password>xxxxxxxxx</Password>
   </Login>
   <Set operation="update">
      <FirewallRule>
         <Name>Clone_MacTracsa</Name>
         <Description />
         <IPFamily>IPv4</IPFamily>
         <Status>Disable</Status>
         <Position>bottom</Position>
         <PolicyType>Network</PolicyType>
         <NetworkPolicy>
            <Action>accept</Action>
            <LogTraffic>Disable</LogTraffic>
            <SkipLocalDestined>Enable</SkipLocalDestined>
            <WebFilter>none</WebFilter>
            <SourceZones>
               <Zone>LAN</Zone>
            </SourceZones>
            <DestinationZones>
               <Zone>EdsonDell</Zone>
            </DestinationZones>
            <SourceNetworks>
               <Network>WAN</Network>
            </SourceNetworks>
            <DestinationNetworks>
               <Network>Any</Network>
            </DestinationNetworks>
         </NetworkPolicy>
      </FirewallRule>
   </Set>
</Request>

The error it shows me is the following.

<ResponseAPIVersion="1702.1"IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<FirewallRuletransactionid="">
<Statuscode="501">Configuration parameters validation failed.</Status>
<InvalidParams>
<Params>/FirewallRule/SourceZone</Params>
</InvalidParams>
</FirewallRule>
</Response>

Can you do GET on the object and then take that object XML and SET it with no changes?

Can you use WebAdmin to export FirewallRule ?  You should be able to open the tarball and see the XML inside.  Again you should be able to import it back.

you look to be missing some parameters, api requires them to be all present regardless of if your changing it or not. - I'd capture the current rule with a get and then modify either manually or via code using variables.

nplm85 is correct, you have to get the entire policy, then edit just the section you want to change, and then run the update with the entire policy you captured, but now with your changes...here is a code snippet of something I wrote in php, of how I updated the source networks via the api of an existing rule.   Hopefully this will help point you, or someone else, in the right direction...

        $getprofiles = "<Get><FirewallRule><Filter><key name=\"Name\" criteria=\"like\">Timeout</key></Filter></FirewallRule></Get>";
        $xmlstring = xml_curl($xg_ip,$username,$password,$getprofiles,$cert_uploads);


        $xml = new SimpleXMLElement($xmlstring);

        $timeoutRule = $xml->FirewallRule;

        //print $xml->asXML();

        unset($timeoutRule->NetworkPolicy->SourceNetworks->Network);

        //update_hosts is an array of each host that I want added into the source networks section of the policy
        foreach($update_hosts as $key => $host)
                $timeoutRule->NetworkPolicy->SourceNetworks->Network[] = $host;

        //print $timeoutRule->asXML();


        $update_policy = '<Set operation="update">';
        $update_policy .= $timeoutRule->asXML();
        $update_policy .= '</Set>';
        $xmlstring = xml_curl($xg_ip,$username,$password,$update_policy,$cert_uploads);
        $xml = new SimpleXMLElement($xmlstring);