I am trying to update firewall rule with api to change the certificate.
It is usefull for let's encrypt certificate update.
I have followed the community suggestion to read the rule and set the values read in the update statement (obviously changing the certificate name).
I was able to Load certificate into sophos XG 19 via api, to delete certificate, to get the rule values so I am sure the login OK .
I post the update from vb.net (but the call are the same as c#) with the following command:
Risposta = Await myHttpClient.GetAsync(New Uri(Comando))
RispostaXML = Await Risposta.Content.ReadAsStringAsync()
The response is:
<?xml version="1.0" encoding="UTF-8"?>
<Response>
<Status code="529">Input request file is Invalid</Status>
</Response>
The value of command is reported below with changed sensitive information in red.
Any idea where the error is?
server.domain.it:4444/.../APIController
<Request>
<Login>
<Username>UserName</Username>
<Password passwordform="encrypt">zzzzzzzzzz</Password>
</Login>
<Set operation="update">
<FirewallRule>
<Name>xxxxxxxxx.eu</Name>
<Description></Description>
<IPFamily>IPv4</IPFamily>
<Status>Enable</Status>
<Position>After</Position>
<PolicyType>HTTPBased</PolicyType>
<After><Name>rulename</Name></After>
<HTTPBasedPolicy>
<HostedAddress>#Port2</HostedAddress>
<HTTPS>Enable</HTTPS>
<ListenPort>443</ListenPort>
<Domains>
<Domain>xxxxxxx.eu</Domain>
<Domain>yyyyyyy.eu</Domain>
<Domain>zzzzzzz.eu</Domain>
</Domains>
<AccessPaths>
<AccessPath>
<allowed_networks>Any IPv4</allowed_networks>
<auth_profile></auth_profile>
<backend>SerEstWebStudioWS</backend>
<be_path></be_path>
<hot_standby>0</hot_standby>
<path>/</path>
<stickysession_status>0</stickysession_status>
<websocket_passthrough>0</websocket_passthrough>
</AccessPath>
</AccessPaths>
<Exceptions></Exceptions>
<ProtocolSecurity></ProtocolSecurity>
<CompressionSupport>Disable</CompressionSupport>
<RewriteHTML>0</RewriteHTML>
<PassHostHeader>Enable</PassHostHeader>
<RewriteCookies>Enable</RewriteCookies>
<IntrusionPrevention>WAN TO DMZ</IntrusionPrevention>
<TrafficShapingPolicy>None</TrafficShapingPolicy>
<Certificate>New certficate name</Certificate>
<RedirectHTTP>Enable</RedirectHTTP>
</HTTPBasedPolicy>
</FirewallRule>
</Set>
</Request>
This thread was automatically locked due to age.