This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RESTful API and PowerShell Scripting

Anybody have some experiences with that?

I'd like to have a Powershell-Script that enables/disables Firewall or NAT Rules -> that means for example do this curl:

 

curl -X PATCH --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'Authorization: Basic dG9rZW46WmZqblZtZkd0bVppZ3lYRURLZkJRZWl1dnpqRUlTTFM=' -d '{"auto_pf_in":"","auto_pfrule":false,"comment":"","destination":"","destination_nat_address":"","destination_nat_service":"","group":"","ipsec":false,"log":false,"mode":"none","name":"","service":"","source":"","source_nat_address":"","source_nat_service":"","status":true}' 'https://utm.local:4444/api/objects/packetfilter/nat/REF_PacNatHttpsFromAny'


I did already search a little bit and I found out that I have to use the Invoke-RestMethod with Powershell. I'm able to do GET things with powershell now but I don't know how to do PATCH or POST Things with Powershell...

Anybody can help?


regards


This thread was automatically locked due to age.
Parents
  • You might find this post helpful: https://community.sophos.com/products/unified-threat-management/f/management-networking-logging-and-reporting/98167/how-can-i-make-network-definition-a-member-of-network-group-using-restful-api

    I just started down this path myself and I am still having issues, but I have basic connectivity working:

    #The base API URL and then the plan was to add variable for more nodes.
    $apiURL = 'https://sophos:4444/api'
    $networkURI = $apiURL + '/objects/network/network/'
     
    #Recommended you setup a token for scripting instead of using username/password. Either way it has to be converted to Base64
    $token = 'tokenFromAPIScreen'
    $tokenBase64 = [Convert]::ToBase64String([System.Text.Encoding]::Default.GetBytes("token:" + $token))
     
    #One recommended method for building headers, you can just create an array with all the values
    $headers = @{}
    $headers.add("Authorization",'Basic ' + $tokenBase64)
     
    #This sets the TLS levels. By default I think it tries ssl which is disabled on our UTM
    $AllProtocols = [System.Net.SecurityProtocolType]'Tls,Tls11,Tls12'
    [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
     
    #This should return a list of network objects, with their Name / IP Address / Network Mask
    Invoke-RestMethod -Uri $networkURI -Method Get -Headers $headers | ft name,address,netmask
  • It's no problem using powershell and RESTful API for GET commands but do you have any luck with patch, put or post?

    Maybe anybody have a sample for that (e.g. activating Firewall Rule or WLAN Network)

     

    regards

  • Here is a script I wrote to modify network definitions,

    It covers creating new objects and modifying existing objects.

  • Thanks, we found out that it simple was a syntax mistake (missing $) with powershell...

    We're able to switch NAT-/Firewallrules, WLAN-Networks... on/off now with one Powershell Script (-> check and change the current status on<->off) :-)

     

    If anybody is interested ->pm or answer here

     

    regards

  • Hi,

    We are trying to use your script, but stuck at this point :

    Write-Host Need to create network object $ipNet.name on Sophos UTM
      $result = Invoke-RestMethod -Uri $networkURI -Method Post -Headers $headers -Body (ConvertTo-Json $ipNet)

     

    output :

    Need to create network object MS-104.146.128.0/17 on Sophos UTM

    Invoke-webrequest : null
    At C:\Scripts\Orig.ps1:98 char:13
    +         $result = Invoke-webrequest -Uri $networkURI -Method Post -Headers $headers -B ...
    +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
       eption
        + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

     

    Hope you can help us.

  • Meanwhile problem is solved. We used an old powershell version ....

Reply Children
No Data