Liebe Sophos Community,
ich möchte aktuell die Konfiguration meiner Sophos XG SFVH (SFOS 19.0.1 MR-1-Build365) über Ansible automatisieren.
Vor allem möchte ich automatisiert VLANs zur XG hinzufügen können.
Da ich für die XG erst gar keine Ansible Module gefunden habe und für die UTM auch nur sehr wenige Module existieren wollte ich es über das uri Modul machen, spricht über die REST API.
Leider bekomme ich in der Response folgende Fehler:
code=\"501\">Configuration parameters validation failed.
REST API URI:
<Request>
<Login>
<Username>{{ api_username }}</Username>
<Password>{{ api_password }}</Password>
</Login>
<Set>
<VLAN>
<Name>{{ vlan_name }}</Name>
<GatewayName />
<GatewayAddress />
<Interface>Port4</Interface>
<Zone>LAN</Zone>
<VLANID>{{ vlan_id }}</VLANID>
<IPv4Configuration>Enable</IPv4Configuration>
<IPv4Assignment>Static</IPv4Assignment>
<IPAddress>192.168.300.1</IPAddress>
<DHCPRapidCommit />
<Netmask>255.255.255.0</Netmask>
<LocalIP>192.168.300.1</LocalIP>
<IPv6Address />
<IPv6Assignment />
<Status />
<IPv6Prefix />
<IPv6GatewayName />
<IPv6GatewayAddress />
<Hardware />
<IPv6Configuration>Disable</IPv6Configuration>
</VLAN>
</Set>
</Request>
Ausgabe von apiparser.log:
INFO Apr 14 19:31:45Z [19601]: Start Login Handler,Component : Login ERROR Apr 14 19:31:45Z [19601]: Key:ISCrEntity is not found in RequestMap File for Login. INFO Apr 14 19:31:45Z [19601]: Mapping file for Login component is /_conf/csc/IOMappingFiles//1900.1/Login/Login.xml ERROR Apr 14 19:31:45Z [19601]: Flag setting for this opcode is 18. INFO Apr 14 19:31:47Z [19601]: Opcode response: status:200 INFO Apr 14 19:31:47Z [19601]: Authentication Successful INFO Apr 14 19:31:47Z [19601]: Start Set Handler,Component : VLAN ERROR Apr 14 19:31:47Z [19601]: Key:ISCrEntity is not found in RequestMap File for VLAN. WARNING Apr 14 19:31:47Z [19601]: Transaction id is missing of for the component : <VLAN>. WARNING Apr 14 19:31:47Z [19601]: Can't get the <Add/Update> element from map file, So Mode value is 'Add'. ERROR Apr 14 19:31:47Z [19601]: type != const in logicaloperator.So string comparision is done. ERROR Apr 14 19:31:47Z [19601]: type != const in logicaloperator.So string comparision is done. ERROR Apr 14 19:31:47Z [19601]: type != const in logicaloperator.So string comparision is done. ERROR Apr 14 19:31:47Z [19601]: Flag setting for this opcode is 18. INFO Apr 14 19:31:49Z [19601]: Opcode response: status:500 WARNING Apr 14 19:31:49Z [19601]: Opcode failed with 'Add' operation. So call opcode with 'Update'. ERROR Apr 14 19:31:49Z [19601]: type != const in logicaloperator.So string comparision is done. ERROR Apr 14 19:31:49Z [19601]: type != const in logicaloperator.So string comparision is done. ERROR Apr 14 19:31:49Z [19601]: type != const in logicaloperator.So string comparision is done. ERROR Apr 14 19:31:49Z [19601]: Flag setting for this opcode is 18. INFO Apr 14 19:31:51Z [19601]: Opcode response: status:500 INFO Apr 14 19:31:51Z [19601]: End SET Handler, Status : Success, Component : VLAN, Transaction : NONE, Operation : NONE. MESSAGE Apr 14 19:31:51Z [19601]: ENTITY 'VLAN' IMPORT Success INFO Apr 14 19:31:51Z [19601]: Command:/scripts/apiparser_generate_tar.sh /sdisk/api-1681500705100822.txt /sdisk/API-1681500705100822 /sdisk/APIXMLOutput/1681500704240.xml /sdisk/API-1681500705100822.tar /sdisk/API-1681500705100822.log 0 status:3 INFO Apr 14 19:31:51Z [19601]: No need to create Tar file. Response file is /sdisk/APIXMLOutput/1681500704240.xmlSFVH_SO01_SF
PS: Muss man eigentlich wirklich jedes XML-Tag des <VLAN>-Tags aus der Doku hinzufügen? Das sind ja viel zu viele Einstellungen die ich nicht brauche
This thread was automatically locked due to age.
