Creating Address Object and Address Group Object using API cURL

This article demonstrates how to create address object and address group object using API cURL

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

The following steps should be completed first to be able to use the API.

1. SonicOS API enabled on Device| Settings | Admnistration| Audit/SonicOS API
2. "Enable RFC-2617 HTTP Basic Access authentication" option selected on the same page
   
3. A user created that is part of "SonicWall Administrators" group
4. HTTPS "User Login" option enabled on the respective interface, which will be used for API calls
   

In this use case we will create Address Objects and add them to a Address Group Object named "Blacklist". A typical scenario could be to populate and Address Group Object that is associated to an Access Rule to deny network traffic. The following API calls can be utilized with cURL tool. Please replace the IP address and username/password per your config.

1. Authentication
   
   curl -k -i -u myuser:mypassword -digest -X HEAD https://192.168.168.168/api/sonicos/auth  
   
   
2. Starting the firewall management
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/start-management"  
   
   
3. Changing the firewall to Config Mode
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/config-mode" 
   
   
4. Creating Address Object named "AO-100.100.100.100" with IP address 100.100.100.100
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/address-objects/ipv4" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"address_objects\":[{\"ipv4\":{\"name\":\"AO-100.100.100.100\",\"zone\":\"WAN\",\"host\":{\"ip\":\"100.100.100.100\"}}}]}"
   
   
5. Creating Address Group Object named "Blacklist" and adding "AO-100.100.100.100" as a member
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/address-groups/ipv4" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"address_groups\": [{ \"ipv4\": { \"name\": \"Blacklist\", \"address_object\": { \"ipv4\": [ { \"name\": \"AO-100.100.100.100\" } ] } } }]}"
   
   
6. Committing the change
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/config/pending" -H "accept: application/json" -H "Content-Type: application/json" -d "{}" 

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

The following steps should be completed first to be able to use the API.

1. SonicOS API enabled on Manage | Appliance | Base Settings
2. "Enable RFC-2617 HTTP Basic Access authentication" option selected on the same page
   
3. A user created that is part of "SonicWall Administrators" group
4. HTTPS "User Login" option enabled on the respective interface, which will be used for API calls
   

In this use case we will create Address Objects and add them to a Address Group Object named "Blacklist". A typical scenario could be to populate and Address Group Object that is associated to an Access Rule to deny network traffic. The following API calls can be utilized with cURL tool. Please replace the IP address and username/password per your config.

1. Authentication
   
   curl -k -i -u myuser:mypassword -digest -X HEAD https://192.168.168.168/api/sonicos/auth  
   
   
2. Creating Address Object named "AO-100.100.100.100" with IP address 100.100.100.100
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/address-objects/ipv4" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"address_object\":{\"ipv4\":{\"name\":\"AO-100.100.100.100\",\"zone\":\"WAN\",\"host\":{\"ip\":\"100.100.100.100\"}}}}"
   
   
3. Creating Address Group Object named "Blacklist" and adding "AO-100.100.100.100" as a member
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/address-groups/ipv4" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"address_group\": { \"ipv4\": { \"name\": \"Blacklist\", \"address_object\": { \"ipv4\": [ { \"name\": \"AO-100.100.100.100\" } ] } } }}"
   
   
4. Committing the change
   
   curl --insecure -X POST "https://192.168.168.168/api/sonicos/config/pending" -H "accept: application/json" -H "Content-Type: application/json" -d "{}"