Adding Multiple Address Objects Using SonicOS API

09/28/2020 14 4042

DESCRIPTION:

SonicOS API provides an alternative to the SonicOS Command Line Interface (CLI) for configuring selected functions. SonicOS API is disabled by default in SonicOS. Any attempt to access SonicOS API while it is disabled results in an HTTP 403 Forbidden error. To use the SonicOS API, you must enable it, either through the SonicOS Management Interface or from the CLI.
SonicOS API is supported on all platforms running SonicOS 6.5.4 and higher.

RESOLUTION:

You would need to follow the below steps to add multiple address objects at once using SonicOS APIs.

NOTE: All the address objects need to be of the same type Eg: IPv4, IPv6, MAC, FQDN etc. The commands vary based on the type of the objects that you are adding.

EXAMPLE: Let us go through the steps for adding three IPv4 host address objects on zone LAN with IP addresses 192.168.168.10, 192.168.168.20 and 192.168.168.30.

You would need to follow the below steps to add multiple address objects at once using SonicOS APIs.

1.  Enabling the API Module on the firewall UI
   Login to the SonicWall management UI. Navigate to MANAGE | Appliance | Base Settings and scroll down to SonicOS API section. Enable the option 'Enable SonicOS API' and 'Enable RFC-2617 HTTP Basic Access authentication' option.
   
2. List of applicable APIs
   Navigate to MANAGE | API and click on the link https://SonicOS-api.sonicwall.com. Swagger will prepopulate your SonicWalls’s IP, MGMT Port, Firmware so it can give you a list of applicable APIs.
   TIP: You are free to choose Swagger, Postman, Git bash, or any application that allows API calls, if you are using a Linux based operating system you can execute cURL from the terminal. For this article I am using Git bash on Windows.
   
   
   
3. Creating the JSON file listing all the address objects to be added.
   You can use a notepad and add all the address objects as below and save is as a .JSON file. I am using the name add.JSON for this example.
   {
   "address_objects": [
   {
   "ipv4": {
   "name": "Test 1",
   "zone": "LAN",
   "host": {
   "ip": "192.168.168.10"
   }
   }
   },
   {
   "ipv4": {
   "name": "Test 2",
   "zone": "LAN",
   "host": {
   "ip": "192.168.168.20"
   }
   }
   },
   {
   "ipv4": {
   "name": "Test 3",
   "zone": "LAN",
   "host": {
   "ip": "192.168.168.30"
   }
   }
   }
   ]
   }
4. Login to the Firewall using Git bash. 
   curl -k -i -u "admin:password" -X POST https://192.168.188.200:443/api/SonicOS/auth
   “admin:password” – Replace this with your SonicWall's username : password
   https://192.168.188.200:443/-- Replace this with your SonicWalls Public or private IP address with the right management port number (If the management port is 443, you can directly use https:// followed by the IP address without the port number too)
   
   Command Output should contain a string: "success": true
   
5. Adding all the address objects in the add.JSON file.
   

   NOTE: I have the add.Json file saved on to my desktop and hence I was able to call it into the command, if you have created the Json the file in a different location then make sure you are executing the command from that location.

   
   
   curl -k -i -X POST "https://192.168.188.200/api/SonicOS/address-objects/ipv4" -H "accept: application/Json" -H "Content-Type: application/Json" -d @add.Json
   Command Output should have success as the message in the info section as below
   
   NOTE: Commands for adding IPv6, MAC and FQDN address objects and their supported schema can be found in the SonicOS API 6.5.4 Reference Guide
   
6. Committing all the configurational changes made with APIs:
   curl -k -X POST "https://192.168.188.200/api/SonicOS/config/pending" -H "accept: application/Json"
   https://192.168.188.200/-- Replace this with your SonicWall's Public or private IP address
   
   We have Only used the POST method in most of the API calls for this Article because we are only Adding things into the configuration, there are other methods Like GET, DELETE, PUT and etc. I recommend that you go through https://SonicOS-api.sonicwall.com for more API commands.
   
7. Log out the SonicWall with API
   It is recommended to log out from the SonicWall via API once the desired configuration is committed.
   curl -k -i -u "admin:password" -X DELETE https://192.168.188.200/api/SonicOS/auth
   
   
8. You can manually log in to the firewall to check the changes made
   Navigate to MANAGE | Objects | Address objects to check for the changes.
   
   CAUTION: If you miss to perform the action in Step 6 and Execute the command in Step 7 you will lose all the configuration changes made in the current session.