Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Sophos XGS firewall API to get guest user details?

I've enabled the API on our Sophos XGS firewall and am able to submit requests to it, but when I try to submit a request to get details of guest users, I get a "You do not have permission for the requested entity" error? But the account I am using to test with is a full Administrator account with access to everything?

My XML looks like this:

<Request APIVersion="2000.1">
<Login>
<Username>REDACTED</Username>
<Password>REDACTED</Password>
</Login>
<Get>
<GuestUser></GuestUser>
</Get>
</Request>

Can anyone suggest what the issue might be?



This thread was automatically locked due to age.
Parents
  • Hi  Thank you for reaching out to the Sophos community team, I have tested it on my LAB device, and looks like it is working fine for me.

    Added gust user manually to perform API test you mentioned in this thread:



    API:

    https:/.../APIController APIVersion="2000.1">
    <Login>
    <Username>AAAAAAA</Username>
    <Password>BBBBBBB</Password>
    </Login>
    <Get>
    <GuestUser></GuestUser>
    </Get>
    </Request>

    API Output:



    Please ensure that the source IP from where you are performing the API operation is added in the "API configuration" under the "Allowed IP address" in the web admin UI settings.



    If the above is fine then please re-validate the rights for your administrator profile and if it looks fine and the issue is still there then give it a try by using and submitting the default admin user login in API to see how it goes with the default admin.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • It turns out that I need to use the fully qualified username e.g. adminuser@my.domain and this allows it to work correctly.

Reply Children