Sophos XG API

What do you want to do with the API? 

Hi,

in the first instance, i would like to retrieve data, for firewall audits in an automated way.

To export the config as xml is not quite what i want.

Secondly. i would like to push config to the firewalls, as an example i can create a python script that can push an web exception to all the firewalls.

hope this make sense.

Thanks,

Dragos

You could give Factory a try to check the predefined SFOS modules there: www.sophos.com/.../free-trial

Hi Lucar,

thanks for your replay. i have a case opened with sophos regarding this matter and i will see how it goes.

Hey Dragos Avram1 can you please provide us the service request number?

Hi,

At the moment my request for documentation is with the account manager and sales team.

Will catch up with this one after their answers.

Thanks,

Dragos

hi Vivek Jagad 

i got the postman collection for sophs and for the start looks promising.

My main issue is how do i get the firmware version from n firewalls?

If i can get it from one i can go a python script that loops through all of them and retrieve it.

Also exporting the config as xml, i am trying to corelate various objects, as an example:

<AuthCTA transactionid="">
<EnableDisable>
<ACTION>Enable</ACTION>
</EnableDisable>
<Collector>
<CollectorIp>10.1.10.1</CollectorIp>
<CollectorPort>6677</CollectorPort>
<CollectorGroup>1</CollectorGroup>
</Collector>
<Settings>
<IdentityProbeTimeout>3</IdentityProbeTimeout>
<RestrictClientTraffic>No</RestrictClientTraffic>
<UserInactivity>Disable</UserInactivity>
</Settings>
</AuthCTA>

tryomng to get the same with a postman call 

<Request>
    <Login>
        <Username>{{username}}</Username>
        <Password>{{password}}</Password>
    </Login>
    <Set operation="get">
        <AuthCTA transactionid="">
            <Collector>
                <CollectorIp>
                </CollectorIp
            </Collector>
        </AuthCTA>
    </Set>
</Request>

it does not seem to work. mainly i am after documentation of those objects and where i can find them.

it seems to work only with whats in this documentation:https://docs.sophos.com/nsg/sophos-firewall/18.0/API/index.html

It will be really handy if i could retrieve firmware, licences, serial numbers etc.

This postman collection allows me to build a library of things(firewall rules, web exceptions, set the same ntp server, etc) 

and deploy to more firewalls. So its a good start. 

Hello Dragos Avram1 ,

To retrieve the device info:

XML Request

<Request APIVersion="X.X">
                <Authentication>
                        <UserName>XXXXX</UserName>
                       <Password>XXXXX</Password>
               </Authentication>
              <DeviceInfo></DeviceInfo>
</Request>

Request Parameter Description
> APIVersion – Specify API version. Only valid API versions will get an appropriate response.
> UserName – Specify SFM administrator user name. Default administrator user name is
‘admin’.
> Password – Specify SFM admin user password. Default administrator password is ‘admin’

XML Response
<CentralManagement>
<DeviceInfo>
<ApplianceKey>XXXXXXXXXXXXXXXXX</ApplianceKey>
<Model>XXX</Model>
<OSVersion>XX.XX.X build XXX</OSVersion>
<UpTime>XX day(s), XX hour(s), XX minutes</UpTime>
<ManagedApplianceCount>X</ManagedApplianceCount>
<Gateway>
<IP>X.X.X.X</IP>
<Status>True</Status>
</Gateway>
</DeviceInfo>
</CentralManagement>

Response Parameter Description
> ApplianceKey – Unique serial number
> Model – SFM device model name
> OSVersion – SFM firmware version
> UpTime – Time since the SFM device is up
> ManagedApplianceCount – Number of devices managed by SFM
> Gateway – Gateway details
o IP address of gateway
o Status – Status of gateway
> Connected
> Disconnected

Hi, 

Thank you very much Vivek Jagad 

I am very grateful for this.

Regards,

Dragos

https://docs.sophos.com/nsg/sophos-firewall/19.5/API/index.html

For configuration I find the easiest way to get the list of objects is to go to Import/Export and then Export Selective Configuration.  You'll get the list of all the objects there that are used in configuration.  Those same ones you can use in <GET> in the API.