Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
If you have multiple Sophos firewalls and want to update the SPX configuration, a better approach is to use the API.
What to do
To update the SPX configuration, please follow the steps mentioned below:
Step 1: Create a dummy IP host using the following query. I've created an IP host named ip1, and its value is 192.168.168.168.
Query 1:
https://<Firewall IP>:<Port>/webconsole/APIController?reqxml=
<Request>
<Login>
<Username>api</Username>
<Password passwordform="encrypt">Specify encrypted password here</Password>
</Login>
<Set>
<IPHost transactionid="">
<Name>ip1</Name>
<IPFamily>IPv4</IPFamily>
<HostType>IP</HostType>
<IPAddress>192.168.168.168</IPAddress>
</IPHost>
</Set>
</Request>
Sample Output of query 1:
<Response APIVersion="1800.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<IPHost transactionid="">
<Status code="200">Configuration applied successfully.</Status>
</IPHost>
</Response>
Step 2:
For Email Legacy Mode, use the following API query to update the SPX configuration:
Query 2:
https://<Firewall IP>:<Port>/webconsole/APIController?reqxml=
<Request APIVersion="1800.1">
<Login>
<Username>api</Username>
<Password passwordform="encrypt">Specify encrypted password here</Password>
</Login>
<Set operation="update">
<SPXConfiguration>
<SPSophoslobalTemplate>
<DefaultSPXTemplate>Default Template</DefaultSPXTemplate>
</SPSophoslobalTemplate>
<HostName>None</HostName>
<AllowedNetworks>
<Network>Specify Name of IP host created in Step 1 (i.e. ip1)</Network>
</AllowedNetworks>
<Port>8094</Port>
<KeepUnusedPassFor>30</KeepUnusedPassFor>
<AllowPassRegistrationFor>10</AllowPassRegistrationFor>
<SendNotifcationErrorTo>SenderOnly</SendNotifcationErrorTo>
</SPXConfiguration>
</Set>
</Request>
Sample Output of query 2:
<Response APIVersion="1800.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<SPXConfiguration transactionid="">
<Status code="200">Configuration applied successfully.</Status>
</SPXConfiguration>
</Response>
OR
For Email MTA Mode use the following API query to update the MTA SPX configuration
Query 3:
https://<Firewall IP>:<Port>/webconsole/APIController?reqxml=
<Request APIVersion="1800.1">
<Login>
<Username>api</Username>
<Password passwordform="encrypt">Specify encrypted passoword here</Password>
</Login>
<Set operation="update">
<MTASPXConfiguration>
<SPSophoslobalTemplate>
<DefaultSPXTemplate>Default Template</DefaultSPXTemplate>
</SPSophoslobalTemplate>
<HostName>None</HostName>
<AllowedNetworks>
<Network>Specify Name of IP host created in Step 1 (i.e. ip1)</Network>
</AllowedNetworks>
<Port>8094</Port>
<KeepUnusedPassFor>30</KeepUnusedPassFor>
<AllowPassRegistrationFor>10</AllowPassRegistrationFor>
<SendNotifcationErrorTo>SenderOnly</SendNotifcationErrorTo>
<AllowSecureReplyfor>30</AllowSecureReplyfor>
</MTASPXConfiguration>
</Set>
</Request>
Sample Output of query 3:
<Response APIVersion="1800.1" IPS_CAT_VER="1">
<Login>
<status>Authentication Successful</status>
</Login>
<MTASPXConfiguration transactionid="">
<Status code="200">Configuration applied successfully.</Status>
</MTASPXConfiguration>
</Response>
In case you're getting error <Status code="529">Input request file is Invalid</Status> refer KBA Sophos Sophos Firewall: How to solve <Status code="529">Input request file is Invalid</Status> while using API query with Sophos firewall
Related information
- Sophos Firewall: How to use API
- Sophos Firewall: How to solve <Status code="529">Input request file is Invalid</Status> while using API query with Sophos firewall
Revamped RR
[edited by: Raphael Alganes at 10:05 AM (GMT -8) on 14 Nov 2024]