Hi Sophos Community, 

I'm pleased to announce the release of a Python SDK for the SFOS firewall APIs.This SDK wraps the XML API in an easy-to-use component, that removes the biggest challenges in using the firewall's API to automate configuration tasks.

Installation

The SDK has been published on PyPi, making installation and use as easy as:

pip install sophosfirewall-python

Examples

Once installed, it becomes incredibly easy to access a firewall via script:

from sophosfirewall_python.firewallapi import SophosFirewall

sfos = SophosFirewall(
    username = FIREWALL_USERNAME,
    password = FIREWALL_PASSWORD,
    hostname = FIREWALL_HOST_OR_IP,
    port = FIREWALL_PORT,
    verify = True
    ) 

From there, you can test if your stored credentials are valid:

try:
    response = sfos.login()
    print(f"Success! {response}")
except SophosFirewallAuthFailure as e:
    print(f"Authentication error: {e}")

Exploring and editing configuration

List firewall rules:
response = sfos.get_fw_rule()
rules = response["Response"]["FirewallRule"]
for rule in rules:
    print(f"{rule['Name']} Details: {rule}")
Create hosts:
response = sfos.create_ip_host(name="test-host", ip_address="10.0.0.1")

This is just to name just a few options. You can find more examples and documentation here:

Welcome to sophosfirewall-python’s documentation! — sophosfirewall-python 0.0.1 documentation

The SDK fully open-source, and you can find it published on Github here:

GitHub - sophos/sophos-firewall-sdk: Python module for working with Sophos Firewall API

How will you use this? what projects does this unlock for you? Let us know how you plan to use this tool!

Happy coding!

Parents
  • Would this allow any kind of automation to update certificates? For example I use certbot to make my certificate for stuff on my home lab, but i have to update the certificate on my XG home instance every 3 months. Be amazing if i could set up a cron job to update my certificate on the firewall.

Comment
  • Would this allow any kind of automation to update certificates? For example I use certbot to make my certificate for stuff on my home lab, but i have to update the certificate on my XG home instance every 3 months. Be amazing if i could set up a cron job to update my certificate on the firewall.

Children