Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Create FIrewall Policy - HTTPBased response 501

Hi All!

Im working with the Sophos XG 1700.1 API looking to create an HTTPBased Firewall policy.

I seem to be running into an issue when making the request. 
response from the request:
<?xml version="1.0" encoding="UTF-8"?>\n<Response APIVersion="1700.1">\n  <Login>\n    <status>Authentication Successful</status>\n  </Login>\n  <SecurityPolicy transactionid="">\n    <Status code="501">Configuration parameters validation failed.</Status>\n    <InvalidParams/>\n  </SecurityPolicy>\n</Response>\

request:
/webconsole/APIController?reqxml=<Request><Login><Username>admin</Username><Password>notpassword</Password></Login><Set operation="add"><SecurityPolicy><Name>HTTPBased Policy</Name><Position>top</Position><Description>HTTP Based Policy</Description><Status>Disable</Status><IPFamily>IPv4</IPFamily><PolicyType>HTTPBased</PolicyType><HTTPBasedPolicy><HostedAddress>10.0.0.10</HostedAddress><HTTPS>Disable</HTTPS><RedirectHTTP>Disable</RedirectHTTP><ListenPort>80</ListenPort><Domains><Domain>derp.com</Domain></Domains><AllowFrom><Address>Test Server</Address></AllowFrom><Exceptions><Exception><path>/</path><op>or</op><source>Any IPv4</source><skip_threats_filter_categories>protocol_violations</skip_threats_filter_categories><skip_threats_filter_categories>protocol_anomalies</skip_threats_filter_categories><skip_threats_filter_categories>request_limits</skip_threats_filter_categories><skipav>1</skipav><skipbadclients>1</skipbadclients><skipcookie>1</skipcookie><skipform>1</skipform><skipurl>1</skipurl></Exception></Exceptions><ProtocolSecurity /><CompressionSupport>Disable</CompressionSupport><RewriteHTML>Disable</RewriteHTML><RewriteCookies>Disable</RewriteCookies><PassHostHeader>Disable</PassHostHeader></HTTPBasedPolicy><IntrusionPrevention>None</IntrusionPrevention><TrafficShapingPolicy>None</TrafficShapingPolicy><SourceSecurityHeartbeat>Disable</SourceSecurityHeartbeat><MinimumSourceHBPermitted /><DestSecurityHeartbeat>Disable</DestSecurityHeartbeat><MinimumDestinationHBPermitted /></SecurityPolicy></Set></Request>

If anyone could help that would be awesome!

thanks,

Luke




This thread was automatically locked due to age.
Parents
  • Luke, 

    Were you able to get this to work? I recently started playing with the API and I have been able to successfully create firewall rules. If you want I can post the code here. 

  • Unknown said:

    Luke, 

    Were you able to get this to work? I recently started playing with the API and I have been able to successfully create firewall rules. If you want I can post the code here. 

     

    So I'm able to create firewall policies. The only issue I'm having is create a HTTPBased policy. In the API documentation you need to select a Policy type e.g User/Network/HTTPBased/NonHTTPBased/PublicNonHTTPPolicy. I can create all of these except for an HTTPBased. Just looking for minimum requirements or what I'm missing to make a valid request.

  • Luke,

    I understand now. That is strange. Are you passing all these parameters into the browser or through a separate xml file? 

  • Unknown said:

    Luke,

    I understand now. That is strange. Are you passing all these parameters into the browser or through a separate xml file? 

     

     

    Using Python to make the request. I have Python build the URL that will be passed in the request. The URL contains all the XML and is what I posted in the request section.

  • I would pass the XML as a separate file - If the XML request in the URL is too long it will fail out. Below is a function that I built in Python to do this - Give it a try with all the XML in a separate file:  Note to use this you only need to change the 'ip_address' variable and the 'xml_files' variable

     import requests
    
    xml_files = ['myFile1.xml', 'myFile2.xml']  # Add xml files here
    ip_address = '10.10.10.10'
    
    def api_call(api_ip, xml_doc):
        api_url = r'https://{}:4444/webconsole/APIController?'.format(api_ip)
        payload = {'reqxml' : (None, open(xml_doc, 'rb'))}
        r = requests.post(api_url, files=payload, verify=False)
        print(r.text)
    
    for file in xml_files:
        api_call(api_ip=ip_address, xml_doc=file)
  • Thanks, Ill give this a shot and see how it goes.

Reply Children
No Data