Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.

Bulk Isolation API call

I've searched everywhere, but have not found the answer to exactly how to structure the data array for the API for isolation of multiple systems.

When I use the structure documented on the developer site, I can't get anything other than "error": "UnsupportedMediaType", Here is my latest error report:

{
"error": "UnsupportedMediaType",
"correlationId": "a389e2ce-5848-4830-a688-c33a4c868224",
"requestId": "21fc7364-7692-478f-9378-2b705eca5435"
}

The data section I'm using is like this:

--data '{"enabled":true,"ids":["<sophos_id>","<sophos_id>","<sophos_id>"]}'

where "<sophos_id>" can be replaced with the unique endpoint id strings I already retrieved from an endpoints api call. The request section looks like this:

--request POST "">api-<region>.central.sophos.com/.../isolation"

I've also tried using PATCH with the same result. The error I'm getting indicates that the --data request is incorrectly formatted, but no matter what adjustments I make to the array, I get the same error.

What am I missing?

  • The good news is that I have been able to successfully isolate multiple devices using Postman with a "raw" body format. Postman uses the --data-raw payload designator which works. However, taking the code from Postman and submitting it directly with curl fails but now it returns "Bad Request" rather than UnsupporterMediaType.

  • It appears the API call for "lastSeenBefore=" cannot retrieve any items prior to the beginning of the year. "lastSeenBefore=2020-12-31" returns no errors but also no items. An API call using "lastSeenBefore=-P90D" successfully retrieves items but none with last activity prior to 1/1/21