• About SonicOS API
  • SonicOS API Function
    • Enabling through the Management Interface
    • Enabling through the CLI
  • Supported Request Methods
    • Supported HTTP Headers
  • Supported HTTP MIME Types
    • Examples
      • Application/JSON
      • Text/Plain
        • Request 1
        • Request 2
  • Status and Error Representation
    • HTTP Status Codes
    • Application/JSON
      • Schema Structure
      • Schema Attributes
  • Client Authentication
  • Examples
    • Example - Commit Pending Configuration
    • Example - Address Object API Calls
• API Authentication
  • Authentication Methods
  • Two-Factor Authentication
  • RFC-2617 HTTP Basic Authentication
  • RFC-7616 HTTP Digest Access Authentication
    • MD5 Support
    • SHA-512/256 Support
    • Integrity Protection
    • Session Variant
  • Public Key Authentication
    • Public Key Challenge/Response
    • RSA Padding
    • Password Size Limits and RSA Key Sizes
  • Challenge-Handshake Authentication (CHAP)
    • Pros and Cons of the Different Schemes
  • Session Security
    • Challenge-Free and Challenge/Response Operation
    • Password and Password-Hash Saving
    • Operation After Non-Digest Authentication
    • Nonce Resetting
• API: Config - Pending
  • About Modifying Configuration API
  • Endpoint
    • Schema Structure
    • Schema Attributes
  • Examples
    • GET Pending Changes (Unchanged)
    • GET Pending Changes
    • POST Pending Changes
• API: Restart
  • About Restarting API
  • Endpoint
  • Schema Structure
  • Schema Attributes
  • Example
• API: Address Objects – IPv4
  • Endpoint
  • Schema Structure
    • Object: Address Object
    • Collection: Address Object
    • Schema Attributes
      • address_object:
      • address_objects:
      • address_object.ipv4:
      • address_object.ipv4.name:
      • address_object.ipv4.uuid:
      • address_object.ipv4.host:
      • address_object.ipv4.host.ip:
      • address_object.ipv4.range:
      • address_object.ipv4.range.begin:
      • address_object.ipv4.range.end:
      • address_object.ipv4.network:
      • address_object.ipv4.network.subnet:
      • address_object.ipv4.network.mask:
      • address_object.ipv4.zone:
• API: Address Objects – IPv6
  • Endpoint
  • Schema Structure
    • Object: Address Object
    • Collection: Address Objects
    • Schema Attributes
      • address_object:
      • address_objects:
      • address_object.ipv6:
      • address_object.ipv6.name:
      • address_object.ipv6.uuid:
      • address_object.ipv6.host:
      • address_object.ipv6.host.ip:
      • address_object.ipv6.range:
      • address_object.ipv6.range.begin:
      • address_object.ipv6.range.end:
      • address_object.ipv6.network:
      • address_object.ipv6.network.subnet:
      • address_object.ipv6.network.mask:
      • address_object.ipv6.zone:
• API: Address Objects – MAC
  • Endpoint
  • Schema Structure
    • Object: Address Object
    • Collection: Address Object
    • Schema Attributes
      • address_object:
      • address_objects:
      • address_object.mac.name:
      • address_object.mac.uuid:
      • address_object.mac.address
      • address_object.mac.zone:
      • address_object.mac.multi_homed:
• API: Address Objects – FQDN
  • Endpoint
  • Schema Structure
    • Object: Address Object
    • Collection: Address Object
    • Schema Attributes
      • address_object:
      • address_objects:
      • address_object.fqdn:
      • address_object.fqdn.name:
      • address_object.fqdn.uuid:
      • address_object.fqdn.domain:
      • address_object.fqdn.zone:
      • address_object.fqdn.dns_ttl:
• API: Address Groups — IPv4
  • Endpoint
  • Schema Structure
    • Object: Address Group
    • Collection: Address Group
    • Schema Attributes
      • address_group:
      • address_groups:
      • address_group.ipv4:
      • address_group.ipv4.name:
      • address_group.ipv4.uuid:
      • address_group.ipv4.address_group:
      • address_group.ipv4.address_group.ipv4:
      • address_group.ipv4.address_object.ipv4.name:
      • address_group.ipv4.address_object.mac:
      • address_group.ipv4.address_object.mac.name:
      • address_group.ipv4.address_object.fqdn:
      • address_group.ipv4.address_object.fqdn.name:
• API: Address Groups — IPv6
  • Endpoint
  • Schema Structure
    • Object: Address Group
    • Collection: Address Group
    • Schema Attributes
      • address_group:
      • address_groups:
      • address_group.ipv6:
      • address_group.ipv6.name:
      • address_group.ipv6.uuid:
      • address_group.ipv6.address_group:
      • address_group.ipv6.address_group.ipv4:
      • address_group.ipv6.address_group.ipv4.name:
      • address_group.ipv6.address_group.ipv6:
      • address_group.ipv6.address_group.ipv6.name:
      • address_group.ipv6.address_object.mac:
      • address_group.ipv6.address_object.mac.name:
      • address_group.ipv6.address_object.fqdn:
      • address_group.ipv6.address_object.fqdn.name:
• API: Schedule Objects
  • Endpoint
  • Schema Structure
    • Object: Schedule
    • Collection: Schedule
    • Schema Attributes
      • schedule:
      • schedules:
      • schedule.name:
      • schedule.uuid:
      • schedule.occurs:
      • schedule.occurs.once:
      • schedule.occurs.once.event:
      • schedule.occurs.once.event.start:
      • schedule.occurs.once.event.end:
      • schedule.occurs.recurring:
      • schedule.occurs.recurring.recurring:
      • schedule.occurs.recurring.recurring.start:
      • schedule.occurs.recurring.recurring.end:
      • schedule.occurs.recurring.recurring.sun:
      • schedule.occurs.recurring.recurring.mon:
      • schedule.occurs.recurring.recurring.tue:
      • schedule.occurs.recurring.recurring.wed:
      • schedule.occurs.recurring.recurring.thu:
      • schedule.occurs.recurring.recurring.fri:
      • schedule.occurs.recurring.recurring.sat:
      • schedule.occurs.mixed:
      • schedule.occurs.mixed.event:
      • schedule.occurs.mixed.event.start:
      • schedule.occurs.mixed.event.end:
      • schedule.occurs.mixed.recurring:
      • schedule.occurs.mixed.recurring.start:
      • schedule.occurs.mixed.recurring.end:
      • schedule.occurs.mixed.recurring.sun:
      • schedule.occurs.mixed.recurring.mon:
      • schedule.occurs.mixed.recurring.tue:
      • schedule.occurs.mixed.recurring.wed:
      • schedule.occurs.mixed.recurring.thu:
      • schedule.occurs.mixed.recurring.fri:
      • schedule.occurs.mixed.recurring.sat:
• API: Service Objects
  • Endpoint
  • Schema Structure
    • Object: Service Object
    • Collection: Service Object
    • Schema Attributes
      • service_object:
      • service_objects:
      • service_object.name:
      • service_object.uuid:
      • service_object.custom:
      • service_object.icmp:
      • service_object.igmp:
      • service_object.tcp:
      • service_object.tcp.begin:
      • service_object.tcp.end:
      • service_object.udp:
      • service_object.udp.begin:
      • service_object.udp.end:
      • service_object.gre:
      • service_object.esp:
      • service_object.6over4:
      • service_object.ah:
      • service_object.icmpv6:
      • service_object.eigrp:
      • service_object.ospf:
      • service_object.pim:
      • service_object.l2tp:
      • service_object.ipcomp:
• API: Service Groups
  • Endpoint
  • Schema Structure
    • Object: Service Group
    • Collection: Service Group
    • Schema Attributes
      • service_group:
      • service_groups:
      • service_group.name:
      • service_group.uuid:
      • service_group.service_object:
      • service_group.service_object.name:
      • service_group.service_group:
      • service_group.service_group.name:
• API: Zones
  • Endpoint
  • Schema Structure
    • Object: Zone
    • Collection: Zone
    • Schema Attributes
      • zone:
      • zones:
      • zone.name:
      • zone.uuid:
      • zone.security_type:
      • zone.interface_trust:
      • zone.auto_generate_access_rules:
      • zone.auto_generate_access_rules.allow_from_to_equal:
      • zone.auto_generate_access_rules.allow_from_higher:
      • zone.auto_generate_access_rules.allow_to_lower:
      • zone.auto_generate_access_rules.deny_from_lower:
      • zone.client.content_filtering:
      • zone.client:
      • zone.client.anti_virus:
      • zone.gateway_anti_virus:
      • zone.intrusion_prevention:
      • zone.app_control:
      • zone.anti_spyware:
      • zone.create_group_vpn:
      • zone.ssl_control:
      • zone.wireless:
      • zone.sslvpn_access:
      • zone.wireless.sslvpn_enforcement:
      • zone.wireless.sslvpn_enforcement.server:
      • zone.wireless.sslvpn_enforcement.server.name:
      • zone.wireless.sslvpn_enforcement.server.host:
      • zone.wireless.sslvpn_enforcement.service:
      • zone.wireless.sslvpn_enforcement.service.name:
      • zone.wireless.sslvpn_enforcement.service.protocol:
      • zone.wireless.sslvpn_enforcement.service.protocol.name:
      • zone.wireless.sslvpn_enforcement.service.protocol.begin:
      • zone.wireless.sslvpn_enforcement.service.protocol.end:
      • zone.wireless.wifi_sec_enforcement:
      • zone.wireless.wifi_sec_enforcement.exception_service:
      • zone.wireless.wifi_sec_enforcement.exception_service.name:
      • zone.wireless.wifi_sec_enforcement.exception_service.protocol:
      • zone.wireless.wifi_sec_enforcement.exception_service.protocol.name:
      • zone.wireless.wifi_sec_enforcement.exception_service.protocol.begin:
      • zone.wireless.wifi_sec_enforcement.exception_service.protocol.end:
      • zone.wireless.wifi_sec_for_site_to_site_vpn:
      • zone.wireless.trust_wpa_traffic_as_wifi_sec:
      • zone.wireless.only_sonicpoint_traffic:
      • zone.guest_services:
      • zone.guest_services.inter_guest:
      • zone.guest_services.bypass:
      • zone.guest_services.bypass.client:
      • zone.guest_services.bypass.client.anti_virus:
      • zone.guest_services.bypass.client.content_filtering:
      • zone.guest_services.external_auth:
      • zone.guest_services.external_auth.client_redirect:
      • zone.guest_services.external_auth.web_server:
      • zone.guest_services.external_auth.web_server.protocol:
      • zone.guest_services.external_auth.web_server.name:
      • zone.guest_services.external_auth.web_server.port:
      • zone.guest_services.external_auth.web_server.timeout:
      • zone.guest_services.external_auth.message_auth:
      • zone.guest_services.external_auth.message_auth.method:
      • zone.guest_services.external_auth.message_auth.shared_secret:
      • zone.guest_services.external_auth.message_auth.confirm_secret:
      • zone.guest_services.external_auth.social_network:
      • zone.guest_services.external_auth.social_network.facebook:
      • zone.guest_services.external_auth.social_network.google:
      • zone.guest_services.external_auth.social_network.twitter:
      • zone.guest_services.external_auth.auth_pages:
      • zone.guest_services.external_auth.auth_pages.login:
      • zone.guest_services.external_auth.auth_pages.expiration:
      • zone.guest_services.external_auth.auth_pages.timeout:
      • zone.guest_services.external_auth.auth_pages.max_sessions:
      • zone.guest_services.external_auth.auth_pages.traffic_exceeded:
      • zone.guest_services.external_auth.web_content:
      • zone.guest_services.external_auth.web_content.redirect:
      • zone.guest_services.external_auth.web_content.redirect.use_default:
      • zone.guest_services.external_auth.web_content.redirect.custom:
      • zone.guest_services.external_auth.web_content.server_down:
      • zone.guest_services.external_auth.web_content.server_down.use_default:
      • zone.guest_services.external_auth.web_content.server_down.custom:
      • zone.guest_services.external_auth.logout_expired:
      • zone.guest_services.external_auth.logout_expired.every:
      • zone.guest_services.external_auth.logout_expired.cgi:
      • zone.guest_services.external_auth.status_check:
      • zone.guest_services.external_auth.status_check.every:
      • zone.guest_services.external_auth.status_check.cgi:
      • zone.guest_services.external_auth.session_sync:
      • zone.guest_services.external_auth.session_sync.every:
      • zone.guest_services.external_auth.session_sync.cgi:
      • zone.guest_services.policy_page_non_authentication:
      • zone.guest_services.policy_page_non_authentication.guest_usage_policy:
      • zone.guest_services.custom_auth_page:
      • zone.guest_services.custom_auth_page.header:
      • zone.guest_services.custom_auth_page.header.text:
      • zone.guest_services.custom_auth_page.header.url:
      • zone.guest_services.custom_auth_page.footer:
      • zone.guest_services.custom_auth_page.footer.text:
      • zone.guest_services.custom_auth_page.footer.url:
      • zone.guest_services.post_auth:
      • zone.guest_services.bypass_guest_auth:
      • zone.guest_services.bypass_guest_auth.all:
      • zone.guest_services.bypass_guest_auth.name:
      • zone.guest_services.bypass_guest_auth.group:
      • zone.guest_services.bypass_guest_auth.mac:
      • zone.guest_services.smtp_redirect:
      • zone.guest_services.smtp_redirect.name:
      • zone.guest_services.smtp_redirect.host:
      • zone.guest_services.deny_networks:
      • zone.guest_services.deny_networks.name:
      • zone.guest_services.deny_networks.group:
      • zone.guest_services.deny_networks.mac:
      • zone.guest_services.deny_networks.fqdn:
      • zone.guest_services.deny_networks.host:
      • zone.guest_services.deny_networks.range:
      • zone.guest_services.deny_networks.range.begin:
      • zone.guest_services.deny_networks.range.end:
      • zone.guest_services.deny_networks.network:
      • zone.guest_services.deny_networks.network.subnet:
      • zone.guest_services.deny_networks.network.mask:
      • zone.guest_services.deny_networks.ipv6:
      • zone.guest_services.deny_networks.ipv6.host:
      • zone.guest_services.deny_networks.ipv6.range:
      • zone.guest_services.deny_networks.ipv6.range.begin:
      • zone.guest_services.deny_networks.ipv6.range.end:
      • zone.guest_services.deny_networks.ipv6.network:
      • zone.guest_services.deny_networks.ipv6.network.subnet:
      • zone.guest_services.deny_networks.ipv6.network.mask:
      • zone.guest_services.pass_networks:
      • zone.guest_services.pass_networks.name:
      • zone.guest_services.pass_networks.group:
      • zone.guest_services.pass_networks.mac:
      • zone.guest_services.pass_networks.fqdn:
      • zone.guest_services.pass_networks.host:
      • zone.guest_services.pass_networks.range:
      • zone.guest_services.pass_networks.range.begin:
      • zone.guest_services.pass_networks.range.end:
      • zone.guest_services.pass_networks.network:
      • zone.guest_services.pass_networks.network.subnet:
      • zone.guest_services.pass_networks.network.mask:
      • zone.guest_services.pass_networks.ipv6:
      • zone.guest_services.pass_networks.ipv6.host:
      • zone.guest_services.pass_networks.ipv6.range:
      • zone.guest_services.pass_networks.ipv6.range.begin:
      • zone.guest_services.pass_networks.ipv6.range.end:
      • zone.guest_services.pass_networks.ipv6.network:
      • zone.guest_services.pass_networks.ipv6.network.subnet:
      • zone.guest_services.pass_networks.ipv6.network.mask:
      • zone.guest_services.max_guests:
      • zone.guest_services.dynamic_address_translation:
• API: DNS
  • Endpoint
  • Schema Structure
    • Object: DNS
    • Schema Attributes
      • dns:
      • dns.server:
      • dns.server.inherit:
      • dns.server.static:
      • dns.server.static.primary:
      • dns.server.static.secondary:
      • dns.server.static.tertiary:
      • dns.server.ipv6:
      • dns.server.ipv6.preferred:
      • dns.server.ipv6.inherit:
      • dns.server.ipv6.static:
      • dns.server.ipv6.static.primary:
      • dns.server.ipv6.static.secondary:
      • dns.server.ipv6.static.tertiary:
      • dns.rebinding:
      • dns.rebinding.action:
      • dns.rebinding.allowed_domains:
      • dns.rebinding.allowed_domains.name:
      • dns.rebinding.allowed_domains.group:
      • dns.fqdn_binding:
• API: Interfaces – IPv4
  • Endpoint
  • Schema Structure
    • Object: Interface – IPv4
    • Collection: Interface – IPv4
    • Schema Attributes
      • interface:
      • interfaces:
      • interface.ipv4:
      • interface.ipv4.name:
      • interface.ipv4.comment:
      • interface.ipv4.ip_assignment:
      • interface.ipv4.ip_assignment.zone:
      • interface.ipv4.ip_assignment.mode:
      • interface.ipv4.ip_assignment.mode.static:
      • interface.ipv4.ip_assignment.mode.static.ip:
      • interface.ipv4.ip_assignment.mode.static.netmask:
      • interface.ipv4.ip_assignment.mode.static.gateway:
      • interface.ipv4.ip_assignment.mode.static.dns:
      • interface.ipv4.ip_assignment.mode.static.dns.primary:
      • interface.ipv4.ip_assignment.mode.static.dns.secondary:
      • interface.ipv4.ip_assignment.mode.static.dns.tertiary:
      • interface.ipv4.ip_assignment.mode.static.backup_ip:
      • interface.ipv4.ip_assignment.mode.dhcp:
      • interface.ipv4.ip_assignment.mode.dhcp.hostname:
      • interface.ipv4.ip_assignment.mode.dhcp.renew_on_startup:
      • interface.ipv4.ip_assignment.mode.dhcp.renew_on_link_up:
      • interface.ipv4.ip_assignment.mode.dhcp.initiate_renewals_with_discover:
      • interface.ipv4.ip_assignment.mode.dhcp.force_discover_interval:
      • interface.ipv4.mtu:
      • interface.ipv4.mac:
      • interface.ipv4.mac.default:
      • interface.ipv4.mac.override:
      • interface.ipv4.link_speed:
      • interface.ipv4.link_speed.auto_negotiate:
      • interface.ipv4.link_speed.half:
      • interface.ipv4.link_speed.full:
      • interface.ipv4.management:
      • interface.ipv4.management.http:
      • interface.ipv4.management.https:
      • interface.ipv4.management.ping:
      • interface.ipv4.management.snmp:
      • interface.ipv4.management.ssh:
      • interface.ipv4.user_login:
      • interface.ipv4.user_login.http:
      • interface.ipv4.user_login.https:
      • interface.ipv4.https_redirect:
      • interface.ipv4.send_icmp_fragmentation:
      • interface.ipv4.fragment_packets:
      • interface.ipv4.ignore_df_bit:
      • interface.ipv4.flow_reporting:
      • interface.ipv4.multicast:
      • interface.ipv4.cos_8021p:
      • interface.ipv4.exclude_route:
      • interface.ipv4.asymmetric_route:
      • interface.ipv4.shutdown_port:
      • interface.ipv4.default_8021p_cos:
      • interface.ipv4.policy:
      • interface.ipv4.sonicpoint:
      • interface.ipv4.sonicpoint.limit:
      • interface.ipv4.sonicpoint.reserve_address:
      • interface.ipv4.sonicpoint.reserve_address.dynamic:
      • interface.ipv4.sonicpoint.reserve_address.manual:
• API: NAT Policies – IPv4
  • Endpoint
  • Schema Structure
    • Object: NAT Policies – IPv4
    • Collection: NAT Policies – IPv4
    • Schema Attributes
      • nat_policy:
      • nat_policies:
      • nat_policy.ipv4:
      • nat_policy.ipv4.inbound:
      • nat_policy.ipv4.outbound:
      • nat_policy.ipv4.source:
      • nat_policy.ipv4.source.any:
      • nat_policy.ipv4.source.name:
      • nat_policy.ipv4.source.group:
      • nat_policy.ipv4.translated_source:
      • nat_policy.ipv4.translated_source.original:
      • nat_policy.ipv4.translated_source.name:
      • nat_policy.ipv4.translated_source.group:
      • nat_policy.ipv4.destination:
      • nat_policy.ipv4.destination.any:
      • nat_policy.ipv4.destination.name:
      • nat_policy.ipv4.destination.group:
      • nat_policy.ipv4.translated_destination:
      • nat_policy.ipv4.translated_destination.original:
      • nat_policy.ipv4.translated_destination.name:
      • nat_policy.ipv4.translated_destination.group:
      • nat_policy.ipv4.service:
      • nat_policy.ipv4.service.any:
      • nat_policy.ipv4.service.name:
      • nat_policy.ipv4.service.group:
      • nat_policy.ipv4.translated_service:
      • nat_policy.ipv4.translated_service.original:
      • nat_policy.ipv4.translated_service.name:
      • nat_policy.ipv4.translated_service.group:
      • nat_policy.ipv4.uuid:
      • nat_policy.ipv4.name:
      • nat_policy.ipv4.enable:
      • nat_policy.ipv4.comment:
      • nat_policy.ipv4.priority:
      • nat_policy.ipv4.priority.auto:
      • nat_policy.ipv4.priority.manual:
      • nat_policy.ipv4.reflexive:
      • nat_policy.ipv4.virtual_group:
      • nat_policy.ipv4.virtual_group.any:
      • nat_policy.ipv4.virtual_group.id:
      • nat_policy.ipv4.nat_method:
      • nat_policy.ipv4.source_port_remap:
      • nat_policy.ipv4.high_availability:
      • nat_policy.ipv4.high_availability.probing:
      • nat_policy.ipv4.high_availability.probing.probe_every:
      • nat_policy.ipv4.high_availability.probing.probe_type:
      • nat_policy.ipv4.high_availability.probing.probe_type.icmp_ping:
      • nat_policy.ipv4.high_availability.probing.probe_type.tcp:
      • nat_policy.ipv4.high_availability.probing.reply_timeout:
      • nat_policy.ipv4.high_availability.probing.deactivate_after:
      • nat_policy.ipv4.high_availability.probing.reactivate_after:
      • nat_policy.ipv4.high_availability.probing.port_probing:
      • nat_policy.ipv4.high_availability.probing.rst_as_miss:
• API: NAT Policies – IPv6
  • Endpoint
  • Schema Structure
    • Object: NAT Policies – IPv6
    • Schema Attributes
      • nat_policy:
      • nat_policies:
      • nat_policy.ipv6:
      • nat_policy.ipv6.inbound:
      • nat_policy.ipv6.outbound:
      • nat_policy.ipv6.source:
      • nat_policy.ipv6.source.any:
      • nat_policy.ipv6.source.name:
      • nat_policy.ipv6.source.group:
      • nat_policy.ipv6.translated_source:
      • nat_policy.ipv6.translated_source.original:
      • nat_policy.ipv6.translated_source.name:
      • nat_policy.ipv6.translated_source.group:
      • nat_policy.ipv6.destination:
      • nat_policy.ipv6.destination.any:
      • nat_policy.ipv6.destination.name:
      • nat_policy.ipv6.destination.group:
      • nat_policy.ipv6.translated_destination:
      • nat_policy.ipv6.translated_destination.original:
      • nat_policy.ipv6.translated_destination.name:
      • nat_policy.ipv6.translated_destination.group:
      • nat_policy.ipv6.service.any:
      • nat_policy.ipv6.service.name:
      • nat_policy.ipv6.service.group:
      • nat_policy.ipv6.translated_service:
      • nat_policy.ipv6.translated_service.original:
      • nat_policy.ipv6.translated_service.name:
      • nat_policy.ipv6.translated_service.group:
      • nat_policy.ipv6.uuid:
      • nat_policy.ipv6.name:
      • nat_policy.ipv6.enable:
      • nat_policy.ipv6.comment:
      • nat_policy.ipv6.priority:
      • nat_policy.ipv6.priority.auto:
      • nat_policy.ipv6.priority.manual:
      • nat_policy.ipv6.reflexive:
      • nat_policy.ipv6.virtual_group:
      • nat_policy.ipv6.virtual_group.any:
      • nat_policy.ipv6.virtual_group.id:
• API: NAT Policies – NAT64
  • Endpoint
  • Schema Structure
    • Object: NAT Policies – NAT64
    • Collection: NAT Policies – NAT64
    • Schema Attributes
      • nat_policy:
      • nat_policies:
      • nat_policy.nat64:
      • nat_policy.nat64.inbound:
      • nat_policy.nat64.outbound:
      • nat_policy.nat64.source:
      • nat_policy.nat64.source.any:
      • nat_policy.nat64.source.name:
      • nat_policy.nat64.source.group:
      • nat_policy.nat64.translated_source:
      • nat_policy.nat64.translated_source.original:
      • nat_policy.nat64.translated_source.name:
      • nat_policy.nat64.translated_source.group:
      • nat_policy.nat64.pref64:
      • nat_policy.nat64.pref64.any:
      • nat_policy.nat64.pref64.name:
      • nat_policy.nat64.pref64.group:
      • nat_policy.nat64.translated_destination:
      • nat_policy.nat64.translated_destination.embedded_ipv4_address:
      • nat_policy.nat64.service:
      • nat_policy.nat64.service.icmp_udp_tcp:
      • nat_policy.nat64.translated_service:
      • nat_policy.nat64.translated_service.original:
      • nat_policy.nat64.uuid:
      • nat_policy.nat64.name:
      • nat_policy.nat64.enable:
      • nat_policy.nat64.comment:
• API: Access Rules – IPv4
  • Endpoint
  • Schema Structure
    • Object: Access Rules – IPv4
    • Collection: Access Rules – IPv4
    • Schema Attributes
      • access_rule:
      • access_rules:
      • access_rule.ipv4:
      • access_rule.ipv4.from:
      • access_rule.ipv4.to:
      • access_rule.ipv4.action:
      • access_rule.ipv4.source:
      • access_rule.ipv4.source.address:
      • access_rule.ipv4.source.address.any:
      • access_rule.ipv4.source.address.name:
      • access_rule.ipv4.source.address.group:
      • access_rule.ipv4.source.port:
      • access_rule.ipv4.source.port.any:
      • access_rule.ipv4.source.port.name:
      • access_rule.ipv4.source.port.group:
      • access_rule.ipv4.service:
      • access_rule.ipv4.service.any:
      • access_rule.ipv4.service.name:
      • access_rule.ipv4.service.group:
      • access_rule.ipv4.destination:
      • access_rule.ipv4.destination.address:
      • access_rule.ipv4.destination.address.any:
      • access_rule.ipv4.destination.address.name:
      • access_rule.ipv4.destination.address.group:
      • access_rule.ipv4.schedule:
      • access_rule.ipv4.schedule.always_on:
      • access_rule.ipv4.schedule.name:
      • access_rule.ipv4.users:
      • access_rule.ipv4.users.included:
      • access_rule.ipv4.users.included.all:
      • access_rule.ipv4.users.included.guests:
      • access_rule.ipv4.users.included.administrator:
      • access_rule.ipv4.users.included.name:
      • access_rule.ipv4.users.included.group:
      • access_rule.ipv4.users.excluded:
      • access_rule.ipv4.users.excluded.none:
      • access_rule.ipv4.users.excluded.guests:
      • access_rule.ipv4.users.excluded.administrator:
      • access_rule.ipv4.users.excluded.name:
      • access_rule.ipv4.users.excluded.group:
      • access_rule.ipv4.uuid:
      • access_rule.ipv4.name:
      • access_rule.ipv4.comment:
      • access_rule.ipv4.enable:
      • access_rule.ipv4.reflexive:
      • access_rule.ipv4.max_connections:
      • access_rule.ipv4.logging:
      • access_rule.ipv4.management:
      • access_rule.ipv4.packet_monitoring:
      • access_rule.ipv4.priority:
      • access_rule.ipv4.priority.auto:
      • access_rule.ipv4.priority.manual:
      • access_rule.ipv4.tcp:
      • access_rule.ipv4.tcp.timeout:
      • access_rule.ipv4.udp:
      • access_rule.ipv4.udp.timeout:
      • access_rule.ipv4.fragments:
      • access_rule.ipv4.botnet_filter:
      • access_rule.ipv4.connection_limit:
      • access_rule.ipv4.connection_limit.destination:
      • access_rule.ipv4.connection_limit.destination.threshold:
      • access_rule.ipv4.connection_limit.source:
      • access_rule.ipv4.connection_limit.source.threshold:
      • access_rule.ipv4.flow_reporting:
      • access_rule.ipv4.geo_ip_filter:
      • access_rule.ipv4.single_sign_on:
      • access_rule.ipv4.cos_override:
      • access_rule.ipv4.quality_of_service:
      • access_rule.ipv4.quality_of_service.class_of_service:
      • access_rule.ipv4.quality_of_service.class_of_service.explicit:
      • access_rule.ipv4.quality_of_service.class_of_service.map:
      • access_rule.ipv4.quality_of_service.class_of_service.preserve:
      • access_rule.ipv4.quality_of_service.dscp:
      • access_rule.ipv4.quality_of_service.dscp.explicit:
      • access_rule.ipv4.quality_of_service.dscp.map:
      • access_rule.ipv4.quality_of_service.dscp.preserve:
• API: Access Rules – IPv6
  • Endpoint
  • Schema Structure
    • Object: Access Rules – IPv6
    • Collection: Access Rules – IPv6
    • Schema Attributes
      • access_rule:
      • access_rules:
      • access_rule.ipv6:
      • access_rule.ipv6.from:
      • access_rule.ipv6.to:
      • access_rule.ipv6.action:
      • access_rule.ipv6.source:
      • access_rule.ipv6.source.address:
      • access_rule.ipv6.source.address.any:
      • access_rule.ipv6.source.address.name:
      • access_rule.ipv6.source.address.group:
      • access_rule.ipv6.source.port:
      • access_rule.ipv6.source.port.any:
      • access_rule.ipv6.source.port.name:
      • access_rule.ipv6.source.port.group:
      • access_rule.ipv6.service:
      • access_rule.ipv6.service.any:
      • access_rule.ipv6.service.name:
      • access_rule.ipv6.destination:
      • access_rule.ipv6.destination.address:
      • access_rule.ipv6.destination.address.any:
      • access_rule.ipv6.destination.address.name:
      • access_rule.ipv6.destination.address.group:
      • access_rule.ipv6.schedule:
      • access_rule.ipv6.schedule.always_on:
      • access_rule.ipv6.schedule.name:
      • access_rule.ipv6.users:
      • access_rule.ipv6.users.included:
      • access_rule.ipv4.users.included.all:
      • access_rule.ipv6.users.included.guests:
      • access_rule.ipv6.users.included.administrator:
      • access_rule.ipv6.users.included.name:
      • access_rule.ipv6.users.included.group:
      • access_rule.ipv6.users.excluded:
      • access_rule.ipv6.users.excluded.none:
      • access_rule.ipv6.users.excluded.guests:
      • access_rule.ipv6.users.excluded.administrator:
      • access_rule.ipv6.users.excluded.name:
      • access_rule.ipv6.users.excluded.group:
      • access_rule.ipv6.uuid:
      • access_rule.ipv6.name:
      • access_rule.ipv6.comment:
      • access_rule.ipv6.enable:
      • access_rule.ipv6.reflexive:
      • access_rule.ipv6.max_connections:
      • access_rule.ipv6.logging:
      • access_rule.ipv6.management:
      • access_rule.ipv6.packet_monitoring:
      • access_rule.ipv6.priority:
      • access_rule.ipv6.priority.auto:
      • access_rule.ipv6.priority.manual:
      • access_rule.ipv6.tcp:
      • access_rule.ipv6.tcp.timeout:
      • access_rule.ipv6.udp:
      • access_rule.ipv6.udp.timeout:
      • access_rule.ipv6.fragments:
      • access_rule.ipv6.botnet_filter:
      • access_rule.ipv6.connection_limit:
      • access_rule.ipv6.connection_limit.destination:
      • access_rule.ipv6.connection_limit.destination.threshold:
      • access_rule.ipv6.connection_limit.source:
      • access_rule.ipv6.connection_limit.source.threshold:
      • access_rule.ipv6.flow_reporting:
      • access_rule.ipv6.geo_ip_filter:
      • access_rule.ipv6.single_sign_on:
      • access_rule.ipv6.cos_override:
      • access_rule.ipv6.quality_of_service:
      • access_rule.ipv6.quality_of_service.class_of_service:
      • access_rule.ipv6.quality_of_service.class_of_service.explicit:
      • access_rule.ipv6.quality_of_service.class_of_service.map:
      • access_rule.ipv6.quality_of_service.class_of_service.preserve:
      • access_rule.ipv6.quality_of_service.dscp:
      • access_rule.ipv6.quality_of_service.dscp.explicit:
      • access_rule.ipv6.quality_of_service.dscp.map:
      • access_rule.ipv6.quality_of_service.dscp.preserve:
• API: Route Policies – IPv4
  • Endpoint
  • Schema Structure
    • Object: Route Policies – IPv4
    • Collection: Route Policies – IPv4
    • Schema Attributes
      • route_policy:
      • route_policies:
      • route_policy.ipv4:
      • route_policy.ipv4.interface:
      • route_policy.ipv4.metric:
      • route_policy.ipv4.source:
      • route_policy.ipv4.source.any:
      • route_policy.ipv4.source.name:
      • route_policy.ipv4.source.group:
      • route_policy.ipv4.destination:
      • route_policy.ipv4.destination.any:
      • route_policy.ipv4.destination.name:
      • route_policy.ipv4.destination.group:
      • route_policy.ipv4.service:
      • route_policy.ipv4.service.any:
      • route_policy.ipv4.service.name:
      • route_policy.ipv4.service.group:
      • route_policy.ipv4.gateway:
      • route_policy.ipv4.gateway.default:
      • route_policy.ipv4.gateway.name:
      • route_policy.ipv4.gateway.host:
      • route_policy.ipv4.uuid:
      • route_policy.ipv4.name:
      • route_policy.ipv4.disable_on_interface_down:
      • route_policy.ipv4.vpn_precedence:
      • route_policy.ipv4.auto_add_access_rules:
      • route_policy.ipv4.probe:
      • route_policy.ipv4.disable_when_probes_succeed:
      • route_policy.ipv4.default_probe_state_up:
      • route_policy.ipv4.comment:
      • route_policy.ipv4.tcp_acceleration:
      • route_policy.ipv4.wxa_group:
• API: Route Policies – IPv6
  • Endpoint
  • Schema Structure
    • Object: Route Policies – IPv6
    • Collection: Route Policies – IPv6
    • Schema Attributes
      • route_policy:
      • route_policies:
      • route_policy.ipv6:
      • route_policy.ipv6.interface:
      • route_policy.ipv6.metric:
      • route_policy.ipv6.source:
      • route_policy.ipv6.source.any:
      • route_policy.ipv6.destination.name:
      • route_policy.ipv6.destination.group:
      • route_policy.ipv6.service:
      • route_policy.ipv6.service.any:
      • route_policy.ipv6.service.name:
      • route_policy.ipv6.service.group:
      • route_policy.ipv6.gateway:
      • route_policy.ipv6.gateway.default:
      • route_policy.ipv6.gateway.name:
      • route_policy.ipv6.gateway.host:
      • route_policy.ipv6.uuid:
      • route_policy.ipv6.name:
      • route_policy.ipv6.disable_on_interface_down:
      • route_policy.ipv6.vpn_precedence:
      • route_policy.ipv6.auto_add_access_rules:
      • route_policy.ipv6.probe:
      • route_policy.ipv6.disable_when_probes_succeed:
      • route_policy.ipv6.default_probe_state_up:
• SonicWall Support
  • About This Document

Session Security

Session Security means validating every request that is sent throughout the session after the initial authentication (i.e. those sent to a management, rather than authentication, endpoint). This is to avoid vulnerability to attacks such as injection of malicious requests from malware that can spoof the client’s IP address (e.g. cross-site request forgery - CSRF) or a man-in-the-middle attack that could try to alter the content of a request. SonicOS API supports this enforcement which is enabled by default.

For this the RFC-7617 HTTP Digest Access Authentication mechanism is used, which provides for very good session security, including source authentication, replay detection and optional content integrity validation. If session security is enabled on the API then every subsequent management request sent after authentication will need to include an Authorization header generated as per RFC-7617, with an incrementing nc (nonce-count) field.

Session security will be possible after initial authentication by any of the supported schemes, with the one exception that it will not be supported after CHAP authentication with a remote user account authenticated by RADIUS.