Synchronize multiple firewalls from NSM (On-Prem) using API

12/02/2022 2 People found this article helpful 303,941 Views

Description

Currently NSM allows to Sync firewall individually from NSM. At times, its needed to sync multiple firewalls with NSM at once. To synchronize multiple firewalls from NSM using API, follow below steps:

Get the list of firewalls from NSM
Prepare API tool (postman)
Get Auth token from NSM to run the API
Run the API from tool (postman)

Resolution

Step 1. Get the firewall list: (NSM On-Prem)

1.1 Log into NSM and go to Firewalls| Inventory page and click on tenant name (in screenshot it is "Global Default Tenant"), select All Tenants. That will load up the list of devices under all Tenants:

1.2 Go to "More Options" to "Download Add Device CSV" to get device inventory list from NSM:

1.3 Open the CSV file in Excel and will look like below:

1.4 Filter out the firewalls which need to synced and remove all columns except SerialNumber and save it to a separate file like "device-inventory-serialNumber.csv":

Note: Make sure to change “Serial Number” to “serialNumber” to match variable in API URL.

Note: This list can be filter out and modified by removing those serial numbers that you don't want to do firewall synchronization

Step 2. Prepare Postman:

2.1 Click on "+" to create new collection:

2.2 Then right click on "New Collection" to rename it something like "NSM On-Prem":

2.3 After rename, Click "Add New Request" and rename it to something like "Sync FW":

2.4 Now click on "GET" button and select "PUT" from dropdown list:

2.5 Enter URL after "PUT" box (replace the IP/port with your own NSM):

https://168.167.120:8443/api/manager/devices/{{serialNumber}}?acquire=true

Note: the serialNumber is the variable (file) saved in Step 1.4

2.6 Go to Headers, enter following in KEY/VALUE and it will look like this:

x-gms-mode/True

x-snwl-timer/no-reset

2.7 After entering, click on "Save":

Step 3. Find out Authentication Bearer Token for NSM

3.1 Login to NSM and open ‘Developer Tools’ and go to NSM| Firewalls| Inventory, click on tenant name (in screenshot it is "Global Default Tenant"):

Note: If want to do it for multiple Tenants then select "All Tenants"

3.2 Once logged in NSM, scroll on the left panel in ‘Developer Tools’ and find "data" and copy the "authorization: Bearer", starting with ‘ey’:

3.3 Depending on NSM firmware version, you may find "cookie: AUTH_ID" in "data":

Step 4: Run API to sync firewalls

4.1 Open API tool (Postman) and select Sync FW API (setup in step 2) and click on Authentication tab and under Type select "Bearer Token" and paste the token from Step 3.2 and save it: