SonicOS API for adding Address group in Postman and cURL
Description
SonicOS API provides an alternative to the SonicOS Command Line Interface (CLI) for configuring selected functions.
SonicOS API is disabled by default in SonicOS. Any attempt to access SonicOS API while it is disabled results in an HTTP 403 Forbidden error. To use the SonicOS API, you must enable it, either through the SonicOS Management Interface or from the CLI.
This article only explains how to add an Address group and add address objects to it. Please follow these articles for additional assistance:
- Introduction to SonicOS API
- Creating Address Object and Address Group Object using SonicOS API cURL
- Adding Multiple Address Objects Using SonicOS API
You are free to choose Swagger, Postman, Git bash, or any application that allows API calls, if you are using a Linux-based operating system you can execute cURL from the terminal.
Please refer to https://sonicos-api.sonicwall.com for the entire list.
Only the first part of this article would change, depending on the SonicWall model you use. Commands are the same for both Gen6 and Gen7 SonicWall devices.
For this article, I'm using Postman App and will be showing the commands to run on cURL for each step.
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
- Enabling the API Module on the firewall UI.
Login to the SonicWall management UI. Navigate to Device | Settings | Administration | Audit/SonicOS API section. Enable the option 'Enable SonicOS API' and 'Enable RFC-2617 HTTP Basic Access authentication' options.
- List of applicable APIs:
Navigate to MANAGE | API and click on the link https://SonicOS-api.sonicwall.com. Swagger will prepopulate your SonicWalls’s IP, MGMT Port, Firmware so it can give you a list of applicable APIs.
- Login to the Firewall using Postman. The following 3 steps need to be performed for every API request.
NOTE: https://IP-address:port/-- Replace this with your SonicWall's Public or private IP address with the right management port number (If the management port is 443, you can directly use https:// followed by the IP address without the port number too).
a) The HTTP method should be POST and we need to use the URL: https://192.168.168.168/api/sonicos/auth
Under the authorization tab, select Basic Auth and mention the correct admin credentials.
b) Under the settings tab, turn OFF the Enable SSL certificate verification if the firewall is using a self-signed certificate for management.
c) Under the headers tab, include application/Json as the value for keys Accept and Content-type.
d) The Gen 7 devices are token-driven. Use the {"override" : true} under the body to override any older tokens. This is used only during login.
After this, click on the Send button and then you can see the response on the section below. The response should contain a message: "success".
e) After this, click on the Send button and then you can see the response on the section below. The response should contain a message: "success".
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/auth' \--header 'Accept: application/Json' \--header 'Content-Type: application/Json' \--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=
--data-raw '{"override" : true}' - Now, create an Address group and call the objects which are already created, with their right name.
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/address-groups/ipv4' \--header 'Content-Type: application/Json' \--header 'Accept: application/Json' \--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \--data-raw '{"address_group": {"ipv4": {"name": "AddressGroupName","address_object": {"ipv4": {"name": "ExistingAddressObject1"},"mac": {"name": "ExistingAddressObject2"},"fqdn": {"name": "ExistingAddressObject3"}}}}}' - Committing all the configurational changes made with APIs:
CAUTION: This is an important step. If you miss this step, all the configuration changes made in the current session will be lost.
The HTTP method should be POST and we need to use the URL: https://192.168.188.50/api/sonicos/config/pending
The other fields can be left the same as before and click on Send. The response should contain a message: "success".
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/config/pending' \--header 'Content-Type: application/Json' \--header 'Accept: application/Json' \--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \--data-raw ''
Testing: Log in to the GUI of the SonicWall firewall to check the changes made. Navigate to OBJECT | Match Objects | Addresses to check for the changes.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
- Enabling the API Module on the firewall UI.
Login to the SonicWall management UI. Navigate to MANAGE | Appliance | Base Settings and scroll down to SonicOS API section. Enable the option 'Enable SonicOS API' and 'Enable RFC-2617 HTTP Basic Access authentication' options.
- List of applicable APIs:
Navigate to MANAGE | API and click on the link https://SonicOS-api.sonicwall.com. Swagger will prepopulate your SonicWalls’s IP, MGMT Port, Firmware so it can give you a list of applicable APIs.
- Login to the Firewall using Postman. The following 3 steps need to be performed for every API request. NOTE: https://IP-address:port/-- Replace this with your SonicWall's Public or private IP address with the right management port number (If the management port is 443, you can directly use https:// followed by the IP address without the port number too).
a) The HTTP method should be POST and we need to use the URL: https://192.168.168.168/api/sonicos/auth
Under the authorization tab, select Basic Auth and mention the correct admin credentials.
b) Under the settings tab, turn OFF the Enable SSL certificate verification if the firewall is using a self-signed certificate for management.
c) Under the headers tab, include application/Json as the value for keys Accept and Content-type.
d) After this, click on the Send button and then you can see the response on the section below. The response should contain a message: "success".
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/auth' \--header 'Accept: application/Json' \--header 'Content-Type: application/Json' \--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' - Now, create an Address group and call the objects which are already created, with their right name.
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/address-groups/ipv4' \--header 'Content-Type: application/Json' \--header 'Accept: application/Json' \--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \--data-raw '{"address_group": {"ipv4": {"name": "AddressGroupName","address_object": {"ipv4": {"name": "ExistingAddressObject1"},"mac": {"name": "ExistingAddressObject2"},"fqdn": {"name": "ExistingAddressObject3"}}}}}' - Committing all the configurational changes made with APIs: CAUTION: This is an important step. If you miss this step, all the configuration changes made in the current session will be lost.
The HTTP method should be POST and we need to use the URL: https://192.168.188.50/api/sonicos/config/pending
The other fields can be left the same as before and click on Send. The response should contain a message: "success".
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/config/pending' \--header 'Content-Type: application/Json' \--header 'Accept: application/Json' \--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \--data-raw ''
Testing: Log in to the GUI of the SonicWall firewall to check the changes made. Navigate to OBJECT | Match Objects | Addresses to check for the changes.
