Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 2 answers
  • Subscribers 41 subscribers
  • Views 6601 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG API

Dragos Avram1

As per this article:https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/APIUsingAPI/index.html

is seems i can get the ip host objects if i can do something like:

1.1.1.1:4444/.../APIController admin</Username><Password>abcd</Password></Login><Get><IPHost><Name></Name><IPFamily></IPFamily><HostType></HostType><IPAddress></IPAddress></IPHost></Get></Request>

Those articles are note very helpful:

https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/BackupAndFirmware/API/APIUsingAPI/index.html#get-add-update-or-delete-an-ip-host

This provides a very useful way of doing some things in an programable/automated way.

https://docs.sophos.com/nsg/sophos-firewall/18.5/API/index.html 

But i need to start with the basics:

How do i get the objects and how do i know where they are located?

for example the following should retrive the firmware version:

<Request> <Get> <System> <FirmwareVersion/> </System> </Get> </Request> </Request>

however i get: 

<Response>
<Status code">529">Input request file is Invalid</Status>
</Response>
I would very much like the documentation for this. I Need to know how to get all the objects form the firewall: firmware version, firewall rules, a single firewall rule(eg: rule 79), web exceptions, a single web exception, live users, pretty much anything that i can click on GUI.
Can anyone help?
Thanks,
Dragos


This thread was automatically locked due to age.
  • 0

    What do you want to do with the API? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi,

    in the first instance, i would like to retrieve data, for firewall audits in an automated way.

    To export the config as xml is not quite what i want.

    Secondly. i would like to push config to the firewalls, as an example i can create a python script that can push an web exception to all the firewalls.

    hope this make sense.

    Thanks,

    Dragos

  • 0 in reply to Dragos Avram1

    You could give Factory a try to check the predefined SFOS modules there: www.sophos.com/.../free-trial

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi Lucar,

    thanks for your replay. i have a case opened with sophos regarding this matter and i will see how it goes.

  • 0 in reply to Dragos Avram1

    Hey  can you please provide us the service request number?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi,

    At the moment my request for documentation is with the account manager and sales team.

    Will catch up with this one after their answers.

    Thanks,

    Dragos

  • 0 in reply to Vivek Jagad

    hi  

    i got the postman collection for sophs and for the start looks promising.

    My main issue is how do i get the firmware version from n firewalls?

    If i can get it from one i can go a python script that loops through all of them and retrieve it.

    Also exporting the config as xml, i am trying to corelate various objects, as an example:

    <AuthCTA transactionid="">
<EnableDisable>
<ACTION>Enable</ACTION>
</EnableDisable>
<Collector>
<CollectorIp>10.1.10.1</CollectorIp>
<CollectorPort>6677</CollectorPort>
<CollectorGroup>1</CollectorGroup>
</Collector>
<Settings>
<IdentityProbeTimeout>3</IdentityProbeTimeout>
<RestrictClientTraffic>No</RestrictClientTraffic>
<UserInactivity>Disable</UserInactivity>
</Settings>
</AuthCTA>

    tryomng to get the same with a postman call 

    <Request>
    <Login>
        <Username>{{username}}</Username>
        <Password>{{password}}</Password>
    </Login>
    <Set operation="get">
        <AuthCTA transactionid="">
            <Collector>
                <CollectorIp>
                </CollectorIp
            </Collector>
        </AuthCTA>
    </Set>
</Request>

    it does not seem to work. mainly i am after documentation of those objects and where i can find them.

    it seems to work only with whats in this documentation:https://docs.sophos.com/nsg/sophos-firewall/18.0/API/index.html

    It will be really handy if i could retrieve firmware, licences, serial numbers etc.

    This postman collection allows me to build a library of things(firewall rules, web exceptions, set the same ntp server, etc) 

    and deploy to more firewalls. So its a good start. 

  • +1 in reply to Dragos Avram1

    Hello  ,

    To retrieve the device info:

    XML Request

    <Request APIVersion="X.X">
                    <Authentication>
                            <UserName>XXXXX</UserName>
                           <Password>XXXXX</Password>
                   </Authentication>
                  <DeviceInfo></DeviceInfo>
    </Request>

    Request Parameter Description
    > APIVersion – Specify API version. Only valid API versions will get an appropriate response.
    > UserName – Specify SFM administrator user name. Default administrator user name is
    ‘admin’.
    > Password – Specify SFM admin user password. Default administrator password is ‘admin’

    XML Response
    <CentralManagement>
    <DeviceInfo>
    <ApplianceKey>XXXXXXXXXXXXXXXXX</ApplianceKey>
    <Model>XXX</Model>
    <OSVersion>XX.XX.X build XXX</OSVersion>
    <UpTime>XX day(s), XX hour(s), XX minutes</UpTime>
    <ManagedApplianceCount>X</ManagedApplianceCount>
    <Gateway>
    <IP>X.X.X.X</IP>
    <Status>True</Status>
    </Gateway>
    </DeviceInfo>
    </CentralManagement>

    Response Parameter Description
    > ApplianceKey – Unique serial number
    > Model – SFM device model name
    > OSVersion – SFM firmware version
    > UpTime – Time since the SFM device is up
    > ManagedApplianceCount – Number of devices managed by SFM
    > Gateway – Gateway details
    o IP address of gateway
    o Status – Status of gateway
    > Connected
    > Disconnected

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi, 

    Thank you very much  

    I am very grateful for this.

    Regards,

    Dragos

  • 0 in reply to Dragos Avram1

    https://docs.sophos.com/nsg/sophos-firewall/19.5/API/index.html

    For configuration I find the easiest way to get the list of objects is to go to Import/Export and then Export Selective Configuration.  You'll get the list of all the objects there that are used in configuration.  Those same ones you can use in <GET> in the API.

Unfiltered HTML