This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Delete Unicast Route via API

Hello Community,

I trying to delete Unicast Route via API call without any success. This is my request:

<Request>
<Login>
<Username>user</Username>
<Password passwordform='encrypt'>my-pwhash</Password>
</Login>
<Remove>
<UnicastRoute>
<DestinationIP>192.168.42.0</DestinationIP>
<Netmask>255.255.255.0</Netmask>
</UnicastRoute>
</Remove>
</Request>

This request results in this error Message:

<?xml version="1.0" encoding="UTF-8"?>
<Response APIVersion="1800.2" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<UnicastRoute transactionid="">
<Status code="500">Operation could not be performed on Entity.</Status>
</UnicastRoute>
</Response>

When I look into the API Documention DestinationIP and Netmask are the only required paramters:
API Documentation (sophos.com)

Has anybody a hint for me?

Thanks,

Ben



This thread was automatically locked due to age.
  • Hello Ben.

    You could try <Netmask>24</Netmask> in CIDR-notation instead of common network mask because according to the documentation Netmask is a scalar of type INTEGER with range from 0 to 128 (see https://docs.sophos.com/nsg/sophos-firewall/18.0/API/CONFIGURE/Routing/UnicastRoute/operations/Delete%20Unicast%20Route.html )


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Hello Thom,

    when I try to delete the Unicast Route with CIDR notation it will also result with error "500":  

    <Remove>  
    <UnicastRoute>
    <DestinationIP>192.168.42.0</DestinationIP>
    <Netmask>24</Netmask>
    </UnicastRoute>
    </Remove>

    <Status code="500">Operation could not be performed on Entity.</Status>

    Ben

    If a post solves your question please use the 'Verify Answer' button.

  • Hi!

    Just did a quick test:

    Created random route with 20.20.20.0/24 with interface and nothing else. Exported the config for the route and gave me this:

    <UnicastRoute transactionid="">
    <IPFamily>IPv4</IPFamily>
    <DestinationIP>20.20.20.0</DestinationIP>
    <Netmask>255.255.255.0</Netmask>
    <Gateway/>
    <Interface>Port2</Interface>
    <Distance>0</Distance>
    </UnicastRoute>

    Tried removing the route with ALL the data the export gave me and it worked:

    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <UnicastRoute transactionid="">
    <Status code="200">Configuration applied successfully.</Status>
    </UnicastRoute>
    </Response>
    Then, created the route again and trying removing some parameters from the "Remove" API query and failed
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <UnicastRoute transactionid="">
    <Status code="500">Operation could not be performed on Entity.</Status>
    </UnicastRoute>
    </Response>

    Even tried removing only not used parameters like gateway and still fails. 

    My recomendation? Dont trust too much the documentation and guide you with what an export looks like.



    sdf
    [edited by: Antonio Cienfuegos at 1:10 PM (GMT -7) on 25 May 2021]
  • I have no luck. I've exported the Unicast Route and tried to delete the route as you described it and get still the error 500. If I look into the applog.log I see this message:    

    May 26 16:49:10 Info:: Transaction will not be rolled back for opcode unicast_sroutes_del. If any operation fails, request is part of multiple request : 
    May 26 16:49:10 ID Data Found ARRAY(0xa76c3d0) And ID =
    May 26 16:49:10 unicast_sroutes_del(ERR): id not given.
    May 26 16:49:10 API-Parser /sdisk/api-1622040547136507.txt found.
    May 26 16:49:10 API-Parser /sdisk/api-1622040547136507.txt size = 0 && script is invoked by api_parser

    I don't know which id is missing.

    Ben

    If a post solves your question please use the 'Verify Answer' button.

  • Can you put the XML code you're using? Dont be worry about privacy, they are (I suppose) private RFC1819 ip addresses.

  • Hello Antonio,

    this is the object that I try to delete: 

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <UnicastRoute transactionid="">
    <IPFamily>IPv4</IPFamily>
    <DestinationIP>192.168.42.0</DestinationIP>
    <Netmask>255.255.255.0</Netmask>
    <Gateway>192.168.41.1</Gateway>
    <Interface/>
    <Distance>0</Distance>
    </UnicastRoute>
    </Response>

    This is the Remove Query:

    <Remove> <UnicastRoute transactionid=''> 
    <IPFamily>IPv4</IPFamily>
    <DestinationIP>192.168.42.0</DestinationIP>
    <Netmask>255.255.255.0</Netmask>
    <Gateway>192.168.41.1</Gateway>
    <Interface/>
    <Distance>0</Distance>
    </UnicastRoute>
    </Remove>

    And this is the response:

    <?xml version="1.0" encoding="UTF-8"?>
    <Response APIVersion="1800.2" IPS_CAT_VER="1">
    <Login>
    <status>Authentication Successful</status>
    </Login>
    <UnicastRoute transactionid="">
    <Status code="500">Operation could not be performed on Entity.</Status>
    </UnicastRoute> </Response>

    Also the same if I use the Netmask in CDIR-Notation.

    Ben

    If a post solves your question please use the 'Verify Answer' button.

  • Well, create a new network interface with a 41.2 IP, and then the route. Tried removing the route through API and get same result, error 500.

    So basically its a bug Slight smile

    Sorry its not good news Disappointed

  • FormerMember
    0 FormerMember in reply to Antonio Cienfuegos S

    Hi Ben@Network, ,

    I'm in a discussion with the internal team regards with the reported query. I'll also try to replicate the issue in a lab environment and will update this thread soon.

  • Hello  .

    I tried as well now and would agree, that it looks like a bug.


    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • FormerMember
    0 FormerMember in reply to ThomW

    Here is a sample API to remove static route,

    =======================================

    <Request>
    <Login>
    <Username>apiadmin</Username>
    <Password>*******</Password>
    </Login>
    <remove>
    <UnicastRoute transactionid="">
    <IPFamily>IPv4</IPFamily>
    <DestinationIP>192.168.2.0</DestinationIP>
    <Netmask>255.255.255.0</Netmask>
    <Gateway>192.168.0.1</Gateway>
    <Interface>Port1</Interface>
    <Distance>0</Distance>
    </UnicastRoute>
    </remove>
    </Request>

    API string: xx.xx.xx.xx:4444/.../APIController transactionid=""><IPFamily>IPv4</IPFamily><DestinationIP>192.168.2.0</DestinationIP><Netmask>255.255.255.0</Netmask><Gateway>192.168.0.1</Gateway><Interface>Port1</Interface><Distance>0</Distance></UnicastRoute></remove></Request>

    =======================================