Networks Created via UTM API Don't work

Question

So recently to quickly deploy some network definitions to my UTM for Zoom, I leveraged the Sophos UTM API to get the job done. As per https://support.zoom.us/hc/en-us/articles/201362683-Network-Firewall-or-Proxy-Server-Settings-for-Zoom, they have a lot of networks to create definitions for. I used PowerShell to just quickly create the network definitions.

$Uri = "pbnesutm201.internal.local/.../"
$ContentType = "application/json"
$Method = "Post"
$Header = @{
   Authorization = "Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX="
}

ForEach ($Subnet in $Subnets){
   $Body = @{
       address = $Subnet.Address
       address6 = $null
       comment = $Subnet.Comment
       interface = $null
       name = "net_$($Subnet.Application) IP4 $($Subnet.Number)"
       netmask = $Subnet.Mask
       netmask6 = 128
       resolved = $false
       resolved6 = $false
   } | ConvertTo-Json

   Invoke-RestMethod -Method $Method -Header $Header -Uri $Uri -ContentType $ContentType -Body $Body
   Start-Sleep -Seconds 1
}

A really basic iteration through an array of string objects containing a list of subnets from the Zoom support page. The input file was just a CSV containing: 
 
 Subnet Address (e.g. 3.25.41.128) 
 Subnet Comment (e.g. link to Zoom article) 
 Subnet Row Number (e.g. 1,2,3,4,5) 
 Subnet Mask (e.g. /25) 
 
 This is consumed into a JSON object which is passed to the Sophos UTM API. It appeared to work beautifully. The only problem, the network definitions don't work. If I create a rule, and add one of these network definitions as the destination, the rule doesn't match. I can fix it just by doing the following, exact steps: 
 
 Open network definitions. 
 Search for the network definition (e.g. net_Zoom IP4 01). 
 Edit. 
 Make 0 changes. 
 Save. 
 
 Instantly the network definition starts working as soon as I hit save. Has anybody else come across something similar? I cannot for the life of me figure out what it does not like about what has been created via the API. Analysing the strings, there are no stray characters (e.g. no white space at the front or back, no special characters, etc.). I've spat out a list of subnets in CIDR format and by address and mask. It all looks fine to me. 
 
 Any ideas? :)

BAlfson · Accepted Answer

I don't work with the RESTful API, but maybe it would help you to see what changes in the network object when you save it manually. To see the 'net_Zoom IP4 01' object, do the following as root at the command line: 
 cc get_object_by_name network network 'net_Zoom IP4 01' 
 It would be interesting to see the before and after. 
 Cheers - Bob

icemonkey · Answer

BAlfson said: 
 cc get_object_by_name network network 'net_Zoom IP4 01' 
 
 Never even thought to check the object more closely like that, I just assume it didn't like the subnet. The command showed me what was different, which I probably should have picked up on via the API itself. I'm not sure exactly what this means, I can't really find it documented anywhere. But the Resolved flag was set to false, setting it true fixes everything. My guess is its probably more related to DNS objects or something along those lines and for static objects like IP or subnet, it should always be set true. 
 Change from

ForEach ($Subnet in $Subnets){ $Body = @{ address = $Subnet.Address address6 = $null comment = $Subnet.Comment interface = $null name = "net_$($Subnet.Application) IP4 $($Subnet.Number)" netmask = $Subnet.Mask netmask6 = 128 resolved = $false resolved6 = $false } | ConvertTo-Json

To

ForEach ($Subnet in $Subnets){ $Body = @{ address = $Subnet.Address address6 = $null comment = $Subnet.Comment interface = $null name = "net_$($Subnet.Application) IP4 $($Subnet.Number)" netmask = $Subnet.Mask netmask6 = 128 resolved = $true resolved6 = $false } | ConvertTo-Json

Fixed it. Thanks for you help, it put me in the right direction. Sometimes you just need to look from a slightly different perspective to see the solution :)