SonicOS API: Adding different types of Address objects to an Address group - Postman and cURL
12/20/2022 13 People found this article helpful 298,909 Views
Description
SonicOS API provides an alternative to the SonicOS Command Line Interface (CLI) for configuring selected functions.
This article only explains how to add an Address group and add address objects to it. Please follow these articles for additional assistance: Introduction to SonicOS API
You are free to choose Swagger, Postman, Git bash, or any application that allows API calls, if you are using a Linux-based operating system you can execute cURL from the terminal.
Please refer to https://sonicos-api.sonicwall.com for the entire list.
Only the first part of this article would change, depending on the SonicWall model you use. Commands are the same for both Gen6 and Gen7 SonicWall devices.
For this article, I'm using Postman App and will be showing the commands to run on cURL for each step.
Resolution
SonicOS API is disabled by default in SonicOS. Any attempt to access SonicOS API while it is disabled results in an HTTP 403 Forbidden error
. To use the SonicOS API, you must enable it, either through the SonicOS Management Interface or from the CLI.
Please enable the SonicOS API module in the SonicWall UI.
Gen 7: Enable SonicOS API Gen7
Gen 6: Enable SonicOS API Gen6
The above KB also has the steps on how to log in using API Applications.
-
Login using SonicOS API
-
Create Address objects
-
Create Address group
-
Commit the changes
-
Adding a new address object to the existing Address group
-
Committing all the above changes made with APIs
-
Logout
CAUTION: My SonicWall IP address is 192.168.168.168 with user credentials as admin/password. This has to be kept in mind while running the commands from screenshots.
Step 1: Login using SonicOS API
The following 3 steps need to be performed for every API request.
NOTE: https://IP-address:port/-- Replace this with your SonicWall's Public or private IP address with the right management port number (If the management port is 443, you can directly use https:// followed by the IP address without the port number too).
a) The HTTP method should be POST and we need to use the URL: https://192.168.168.168/api/sonicos/auth
Under the authorization tab, select Basic Auth and mention the correct admin credentials.
b) Under the settings tab, turn OFF the Enable SSL certificate verification if the firewall is using a self-signed certificate for management.
c) Under the headers tab, include application/JSON as the value for keys Accept and Content-type.
d) The Gen 7 devices are token-driven. Use the {"override" : true} under the body to override any older tokens. This is used only during login.
After this, click on the Send button and then you can see the response on the section below. The response should contain a message: "success".
e) After this, click on the Send button and then you can see the response on the section below. The response should contain a message: "success".
cURL code:
curl --location --request POST 'https://192.168.168.168/api/sonicos/auth' \
--header 'Accept: application/Json' \
--header 'Content-Type: application/Json' \
--header 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=
--data-raw '{"override" : true}'
Step 2: Create Address objects
This example will create all different types of address objects.
- Host
Name: "Host-AddressObject"
IPv4 address: 192.168.10.4
In Postman:
In cURL:
curl -L -X POST 'https://192.168.168.168/api/sonicos/address-objects/ipv4' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_objects": [
{
"ipv4": {
"name": "Host-AddressObject",
"zone": "LAN",
"host": {
"ip": "192.168.168.10"
}
}
}
]
}'
- Network
Network object: 192.168.1.0
Subnet mask: /24
Name: Network-AddressObject
In Postman
In cURL
curl -L -X POST 'https://192.168.168.168/api/sonicos/address-objects/ipv4' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_objects":[
{
"ipv4":{
"name":"NetworkObject",
"zone":"LAN",
"network":{
"subnet":"192.168.1.0",
"mask":"/24"
}
}
}
]
}
'
- FQDN
Name: FQDN-AddressObject
Zone: WAN
Domain name: fqdn.com
In Postman
In cURL
curl -L -X POST 'https://192.168.168.168/api/sonicos/address-objects/fqdn' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_objects": [
{
"fqdn": {
"name": "FQDN-AddressObject",
"zone": "WAN",
"domain": "fqdn.com"
}
}
]
}'
- MAC
Name: MAC-AddressObject
MAC address: 00:11:22:33:44:55
In Postman:
In cURL:
curl -L -X POST 'https://192.168.168.168/api/sonicos/address-objects/mac' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_objects": [
{
"mac": {
"name": "MAC-AddressObject",
"address": "001122334455",
"zone": "WAN",
"multi_homed": true
}
}
]
}'
- Range
Name: Range-AddressObject
IP Range: 10.10.10.10 to 10.10.10.20
In Postman:
In cURL:
curl -L -X POST 'https://192.168.168.168/api/sonicos/address-objects/ipv4' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_objects": [
{
"ipv4": {
"name": "Range-AddressObject",
"zone": "LAN",
"range": {
"begin": "10.10.10.10",
"end": "10.10.10.20"
}
}
}
]
}'
Step 3: Create an Address group
Now that all objects are created, the next step would be to create an Address group. When a group is created, it is important that there is at least one object added to it. Otherwise, the API call would return an error. Understanding how to add a new address object to the existing Address group in the future, the Network address object will be used later (Step 5) in this article.
Name: AddressGroup
Objects: Host, Range, FQDN and MAC
In Postman:
In cURL:
curl -L -X POST 'https://192.168.168.168/api/sonicos/address-groups/ipv4' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_group": {
"ipv4": {
"name": "AddressGroup",
"address_object": {
"ipv4": [
{
"name": "Host-AddressObject"
},
{
"name": "Range-AddressObject"
}
],
"mac": {
"name": "MAC-AddressObject"
},
"fqdn": {
"name": "FQDN-AddressObject"
}
}
}
}
}'
Step 4: Committing all the above changes made with APIs:
This step is important to save your changes. Usually, this would be the last step. Step 5: is a demonstration to understand adding a new address object to an existing group.
In Postman:
cURL code:
curl -k -X POST "https://192.168.188.200/api/sonicos/config/pending" -H "accept: application/Json"
Step 5: Adding a new address object to the existing Address group
After step 3, if you check the GUI of the SonicWall, you will notice that the Address group now created is in a mixed type. And that is because there are different types (Host, Range, FQDN and MAC) of objects in it. Because of the same reason, the next time the address group is called, it should be in IPv6. Notice the URL in the PUT call.
In Postman:
In cURL:
curl -L -X PUT 'https://192.168.168.168/api/sonicos/address-groups/ipv6/name/AddressGroup' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \
--data-raw '{
"address_group": {
"ipv6": {
"name": "AddressGroup",
"address_object": {
"ipv4":{
"name":"NetworkObject"
}
}
}
}
}'
Step 6: Committing all the above changes made with APIs:
Save all the changes.
In Postman:
cURL code:
curl -k -X POST "https://192.168.188.200/api/sonicos/config/pending" -H "accept: application/Json"
CAUTION: If you miss performing the action and log out, you will lose all the configuration changes made in the current session.
Step 7: Log out the SonicWall with API:
It is recommended to log out from the SonicWall via API once the desired configuration is committed.
In Postman:
cURL code
curl -k -i -u "admin:password" -X DELETE https://192.168.168.168:443/api/sonicos/auth
“admin:password” – needs to be replaced with the actual admin username and password for your SonicWall.
Related Articles
Categories