SonicOS/X API Reference Guide
- About SonicOS API
- API Authentication
- API: Config - Pending
- API: Restart
- API: Address Objects – IPv4
- Endpoint
- Schema Structure
- Object: Address Object
- Collection: Address Object
- Schema Attributes
- address_object:
- address_objects:
- address_object.ipv4:
- address_object.ipv4.name:
- address_object.ipv4.uuid:
- address_object.ipv4.host:
- address_object.ipv4.host.ip:
- address_object.ipv4.range:
- address_object.ipv4.range.begin:
- address_object.ipv4.range.end:
- address_object.ipv4.network:
- address_object.ipv4.network.subnet:
- address_object.ipv4.network.mask:
- address_object.ipv4.zone:
- API: Address Objects – IPv6
- Endpoint
- Schema Structure
- Object: Address Object
- Collection: Address Objects
- Schema Attributes
- address_object:
- address_objects:
- address_object.ipv6:
- address_object.ipv6.name:
- address_object.ipv6.uuid:
- address_object.ipv6.host:
- address_object.ipv6.host.ip:
- address_object.ipv6.range:
- address_object.ipv6.range.begin:
- address_object.ipv6.range.end:
- address_object.ipv6.network:
- address_object.ipv6.network.subnet:
- address_object.ipv6.network.mask:
- address_object.ipv6.zone:
- API: Address Objects – MAC
- API: Address Objects – FQDN
- API: Address Groups — IPv4
- Endpoint
- Schema Structure
- Object: Address Group
- Collection: Address Group
- Schema Attributes
- address_group:
- address_groups:
- address_group.ipv4:
- address_group.ipv4.name:
- address_group.ipv4.uuid:
- address_group.ipv4.address_group:
- address_group.ipv4.address_group.ipv4:
- address_group.ipv4.address_object.ipv4.name:
- address_group.ipv4.address_object.mac:
- address_group.ipv4.address_object.mac.name:
- address_group.ipv4.address_object.fqdn:
- address_group.ipv4.address_object.fqdn.name:
- API: Address Groups — IPv6
- Endpoint
- Schema Structure
- Object: Address Group
- Collection: Address Group
- Schema Attributes
- address_group:
- address_groups:
- address_group.ipv6:
- address_group.ipv6.name:
- address_group.ipv6.uuid:
- address_group.ipv6.address_group:
- address_group.ipv6.address_group.ipv4:
- address_group.ipv6.address_group.ipv4.name:
- address_group.ipv6.address_group.ipv6:
- address_group.ipv6.address_group.ipv6.name:
- address_group.ipv6.address_object.mac:
- address_group.ipv6.address_object.mac.name:
- address_group.ipv6.address_object.fqdn:
- address_group.ipv6.address_object.fqdn.name:
- API: Schedule Objects
- Endpoint
- Schema Structure
- Object: Schedule
- Collection: Schedule
- Schema Attributes
- schedule:
- schedules:
- schedule.name:
- schedule.uuid:
- schedule.occurs:
- schedule.occurs.once:
- schedule.occurs.once.event:
- schedule.occurs.once.event.start:
- schedule.occurs.once.event.end:
- schedule.occurs.recurring:
- schedule.occurs.recurring.recurring:
- schedule.occurs.recurring.recurring.start:
- schedule.occurs.recurring.recurring.end:
- schedule.occurs.recurring.recurring.sun:
- schedule.occurs.recurring.recurring.mon:
- schedule.occurs.recurring.recurring.tue:
- schedule.occurs.recurring.recurring.wed:
- schedule.occurs.recurring.recurring.thu:
- schedule.occurs.recurring.recurring.fri:
- schedule.occurs.recurring.recurring.sat:
- schedule.occurs.mixed:
- schedule.occurs.mixed.event:
- schedule.occurs.mixed.event.start:
- schedule.occurs.mixed.event.end:
- schedule.occurs.mixed.recurring:
- schedule.occurs.mixed.recurring.start:
- schedule.occurs.mixed.recurring.end:
- schedule.occurs.mixed.recurring.sun:
- schedule.occurs.mixed.recurring.mon:
- schedule.occurs.mixed.recurring.tue:
- schedule.occurs.mixed.recurring.wed:
- schedule.occurs.mixed.recurring.thu:
- schedule.occurs.mixed.recurring.fri:
- schedule.occurs.mixed.recurring.sat:
- API: Service Objects
- Endpoint
- Schema Structure
- Object: Service Object
- Collection: Service Object
- Schema Attributes
- service_object:
- service_objects:
- service_object.name:
- service_object.uuid:
- service_object.custom:
- service_object.icmp:
- service_object.igmp:
- service_object.tcp:
- service_object.tcp.begin:
- service_object.tcp.end:
- service_object.udp:
- service_object.udp.begin:
- service_object.udp.end:
- service_object.gre:
- service_object.esp:
- service_object.6over4:
- service_object.ah:
- service_object.icmpv6:
- service_object.eigrp:
- service_object.ospf:
- service_object.pim:
- service_object.l2tp:
- service_object.ipcomp:
- API: Service Groups
- API: Zones
- Endpoint
- Schema Structure
- Object: Zone
- Collection: Zone
- Schema Attributes
- zone:
- zones:
- zone.name:
- zone.uuid:
- zone.security_type:
- zone.interface_trust:
- zone.auto_generate_access_rules:
- zone.auto_generate_access_rules.allow_from_to_equal:
- zone.auto_generate_access_rules.allow_from_higher:
- zone.auto_generate_access_rules.allow_to_lower:
- zone.auto_generate_access_rules.deny_from_lower:
- zone.client.content_filtering:
- zone.client:
- zone.client.anti_virus:
- zone.gateway_anti_virus:
- zone.intrusion_prevention:
- zone.app_control:
- zone.anti_spyware:
- zone.create_group_vpn:
- zone.ssl_control:
- zone.wireless:
- zone.sslvpn_access:
- zone.wireless.sslvpn_enforcement:
- zone.wireless.sslvpn_enforcement.server:
- zone.wireless.sslvpn_enforcement.server.name:
- zone.wireless.sslvpn_enforcement.server.host:
- zone.wireless.sslvpn_enforcement.service:
- zone.wireless.sslvpn_enforcement.service.name:
- zone.wireless.sslvpn_enforcement.service.protocol:
- zone.wireless.sslvpn_enforcement.service.protocol.name:
- zone.wireless.sslvpn_enforcement.service.protocol.begin:
- zone.wireless.sslvpn_enforcement.service.protocol.end:
- zone.wireless.wifi_sec_enforcement:
- zone.wireless.wifi_sec_enforcement.exception_service:
- zone.wireless.wifi_sec_enforcement.exception_service.name:
- zone.wireless.wifi_sec_enforcement.exception_service.protocol:
- zone.wireless.wifi_sec_enforcement.exception_service.protocol.name:
- zone.wireless.wifi_sec_enforcement.exception_service.protocol.begin:
- zone.wireless.wifi_sec_enforcement.exception_service.protocol.end:
- zone.wireless.wifi_sec_for_site_to_site_vpn:
- zone.wireless.trust_wpa_traffic_as_wifi_sec:
- zone.wireless.only_sonicpoint_traffic:
- zone.guest_services:
- zone.guest_services.inter_guest:
- zone.guest_services.bypass:
- zone.guest_services.bypass.client:
- zone.guest_services.bypass.client.anti_virus:
- zone.guest_services.bypass.client.content_filtering:
- zone.guest_services.external_auth:
- zone.guest_services.external_auth.client_redirect:
- zone.guest_services.external_auth.web_server:
- zone.guest_services.external_auth.web_server.protocol:
- zone.guest_services.external_auth.web_server.name:
- zone.guest_services.external_auth.web_server.port:
- zone.guest_services.external_auth.web_server.timeout:
- zone.guest_services.external_auth.message_auth:
- zone.guest_services.external_auth.message_auth.method:
- zone.guest_services.external_auth.message_auth.shared_secret:
- zone.guest_services.external_auth.message_auth.confirm_secret:
- zone.guest_services.external_auth.social_network:
- zone.guest_services.external_auth.social_network.facebook:
- zone.guest_services.external_auth.social_network.google:
- zone.guest_services.external_auth.social_network.twitter:
- zone.guest_services.external_auth.auth_pages:
- zone.guest_services.external_auth.auth_pages.login:
- zone.guest_services.external_auth.auth_pages.expiration:
- zone.guest_services.external_auth.auth_pages.timeout:
- zone.guest_services.external_auth.auth_pages.max_sessions:
- zone.guest_services.external_auth.auth_pages.traffic_exceeded:
- zone.guest_services.external_auth.web_content:
- zone.guest_services.external_auth.web_content.redirect:
- zone.guest_services.external_auth.web_content.redirect.use_default:
- zone.guest_services.external_auth.web_content.redirect.custom:
- zone.guest_services.external_auth.web_content.server_down:
- zone.guest_services.external_auth.web_content.server_down.use_default:
- zone.guest_services.external_auth.web_content.server_down.custom:
- zone.guest_services.external_auth.logout_expired:
- zone.guest_services.external_auth.logout_expired.every:
- zone.guest_services.external_auth.logout_expired.cgi:
- zone.guest_services.external_auth.status_check:
- zone.guest_services.external_auth.status_check.every:
- zone.guest_services.external_auth.status_check.cgi:
- zone.guest_services.external_auth.session_sync:
- zone.guest_services.external_auth.session_sync.every:
- zone.guest_services.external_auth.session_sync.cgi:
- zone.guest_services.policy_page_non_authentication:
- zone.guest_services.policy_page_non_authentication.guest_usage_policy:
- zone.guest_services.custom_auth_page:
- zone.guest_services.custom_auth_page.header:
- zone.guest_services.custom_auth_page.header.text:
- zone.guest_services.custom_auth_page.header.url:
- zone.guest_services.custom_auth_page.footer:
- zone.guest_services.custom_auth_page.footer.text:
- zone.guest_services.custom_auth_page.footer.url:
- zone.guest_services.post_auth:
- zone.guest_services.bypass_guest_auth:
- zone.guest_services.bypass_guest_auth.all:
- zone.guest_services.bypass_guest_auth.name:
- zone.guest_services.bypass_guest_auth.group:
- zone.guest_services.bypass_guest_auth.mac:
- zone.guest_services.smtp_redirect:
- zone.guest_services.smtp_redirect.name:
- zone.guest_services.smtp_redirect.host:
- zone.guest_services.deny_networks:
- zone.guest_services.deny_networks.name:
- zone.guest_services.deny_networks.group:
- zone.guest_services.deny_networks.mac:
- zone.guest_services.deny_networks.fqdn:
- zone.guest_services.deny_networks.host:
- zone.guest_services.deny_networks.range:
- zone.guest_services.deny_networks.range.begin:
- zone.guest_services.deny_networks.range.end:
- zone.guest_services.deny_networks.network:
- zone.guest_services.deny_networks.network.subnet:
- zone.guest_services.deny_networks.network.mask:
- zone.guest_services.deny_networks.ipv6:
- zone.guest_services.deny_networks.ipv6.host:
- zone.guest_services.deny_networks.ipv6.range:
- zone.guest_services.deny_networks.ipv6.range.begin:
- zone.guest_services.deny_networks.ipv6.range.end:
- zone.guest_services.deny_networks.ipv6.network:
- zone.guest_services.deny_networks.ipv6.network.subnet:
- zone.guest_services.deny_networks.ipv6.network.mask:
- zone.guest_services.pass_networks:
- zone.guest_services.pass_networks.name:
- zone.guest_services.pass_networks.group:
- zone.guest_services.pass_networks.mac:
- zone.guest_services.pass_networks.fqdn:
- zone.guest_services.pass_networks.host:
- zone.guest_services.pass_networks.range:
- zone.guest_services.pass_networks.range.begin:
- zone.guest_services.pass_networks.range.end:
- zone.guest_services.pass_networks.network:
- zone.guest_services.pass_networks.network.subnet:
- zone.guest_services.pass_networks.network.mask:
- zone.guest_services.pass_networks.ipv6:
- zone.guest_services.pass_networks.ipv6.host:
- zone.guest_services.pass_networks.ipv6.range:
- zone.guest_services.pass_networks.ipv6.range.begin:
- zone.guest_services.pass_networks.ipv6.range.end:
- zone.guest_services.pass_networks.ipv6.network:
- zone.guest_services.pass_networks.ipv6.network.subnet:
- zone.guest_services.pass_networks.ipv6.network.mask:
- zone.guest_services.max_guests:
- zone.guest_services.dynamic_address_translation:
- API: DNS
- Endpoint
- Schema Structure
- Object: DNS
- Schema Attributes
- dns:
- dns.server:
- dns.server.inherit:
- dns.server.static:
- dns.server.static.primary:
- dns.server.static.secondary:
- dns.server.static.tertiary:
- dns.server.ipv6:
- dns.server.ipv6.preferred:
- dns.server.ipv6.inherit:
- dns.server.ipv6.static:
- dns.server.ipv6.static.primary:
- dns.server.ipv6.static.secondary:
- dns.server.ipv6.static.tertiary:
- dns.rebinding:
- dns.rebinding.action:
- dns.rebinding.allowed_domains:
- dns.rebinding.allowed_domains.name:
- dns.rebinding.allowed_domains.group:
- dns.fqdn_binding:
- API: Interfaces – IPv4
- Endpoint
- Schema Structure
- Object: Interface – IPv4
- Collection: Interface – IPv4
- Schema Attributes
- interface:
- interfaces:
- interface.ipv4:
- interface.ipv4.name:
- interface.ipv4.comment:
- interface.ipv4.ip_assignment:
- interface.ipv4.ip_assignment.zone:
- interface.ipv4.ip_assignment.mode:
- interface.ipv4.ip_assignment.mode.static:
- interface.ipv4.ip_assignment.mode.static.ip:
- interface.ipv4.ip_assignment.mode.static.netmask:
- interface.ipv4.ip_assignment.mode.static.gateway:
- interface.ipv4.ip_assignment.mode.static.dns:
- interface.ipv4.ip_assignment.mode.static.dns.primary:
- interface.ipv4.ip_assignment.mode.static.dns.secondary:
- interface.ipv4.ip_assignment.mode.static.dns.tertiary:
- interface.ipv4.ip_assignment.mode.static.backup_ip:
- interface.ipv4.ip_assignment.mode.dhcp:
- interface.ipv4.ip_assignment.mode.dhcp.hostname:
- interface.ipv4.ip_assignment.mode.dhcp.renew_on_startup:
- interface.ipv4.ip_assignment.mode.dhcp.renew_on_link_up:
- interface.ipv4.ip_assignment.mode.dhcp.initiate_renewals_with_discover:
- interface.ipv4.ip_assignment.mode.dhcp.force_discover_interval:
- interface.ipv4.mtu:
- interface.ipv4.mac:
- interface.ipv4.mac.default:
- interface.ipv4.mac.override:
- interface.ipv4.link_speed:
- interface.ipv4.link_speed.auto_negotiate:
- interface.ipv4.link_speed.half:
- interface.ipv4.link_speed.full:
- interface.ipv4.management:
- interface.ipv4.management.http:
- interface.ipv4.management.https:
- interface.ipv4.management.ping:
- interface.ipv4.management.snmp:
- interface.ipv4.management.ssh:
- interface.ipv4.user_login:
- interface.ipv4.user_login.http:
- interface.ipv4.user_login.https:
- interface.ipv4.https_redirect:
- interface.ipv4.send_icmp_fragmentation:
- interface.ipv4.fragment_packets:
- interface.ipv4.ignore_df_bit:
- interface.ipv4.flow_reporting:
- interface.ipv4.multicast:
- interface.ipv4.cos_8021p:
- interface.ipv4.exclude_route:
- interface.ipv4.asymmetric_route:
- interface.ipv4.shutdown_port:
- interface.ipv4.default_8021p_cos:
- interface.ipv4.policy:
- interface.ipv4.sonicpoint:
- interface.ipv4.sonicpoint.limit:
- interface.ipv4.sonicpoint.reserve_address:
- interface.ipv4.sonicpoint.reserve_address.dynamic:
- interface.ipv4.sonicpoint.reserve_address.manual:
- API: NAT Policies – IPv4
- Endpoint
- Schema Structure
- Object: NAT Policies – IPv4
- Collection: NAT Policies – IPv4
- Schema Attributes
- nat_policy:
- nat_policies:
- nat_policy.ipv4:
- nat_policy.ipv4.inbound:
- nat_policy.ipv4.outbound:
- nat_policy.ipv4.source:
- nat_policy.ipv4.source.any:
- nat_policy.ipv4.source.name:
- nat_policy.ipv4.source.group:
- nat_policy.ipv4.translated_source:
- nat_policy.ipv4.translated_source.original:
- nat_policy.ipv4.translated_source.name:
- nat_policy.ipv4.translated_source.group:
- nat_policy.ipv4.destination:
- nat_policy.ipv4.destination.any:
- nat_policy.ipv4.destination.name:
- nat_policy.ipv4.destination.group:
- nat_policy.ipv4.translated_destination:
- nat_policy.ipv4.translated_destination.original:
- nat_policy.ipv4.translated_destination.name:
- nat_policy.ipv4.translated_destination.group:
- nat_policy.ipv4.service:
- nat_policy.ipv4.service.any:
- nat_policy.ipv4.service.name:
- nat_policy.ipv4.service.group:
- nat_policy.ipv4.translated_service:
- nat_policy.ipv4.translated_service.original:
- nat_policy.ipv4.translated_service.name:
- nat_policy.ipv4.translated_service.group:
- nat_policy.ipv4.uuid:
- nat_policy.ipv4.name:
- nat_policy.ipv4.enable:
- nat_policy.ipv4.comment:
- nat_policy.ipv4.priority:
- nat_policy.ipv4.priority.auto:
- nat_policy.ipv4.priority.manual:
- nat_policy.ipv4.reflexive:
- nat_policy.ipv4.virtual_group:
- nat_policy.ipv4.virtual_group.any:
- nat_policy.ipv4.virtual_group.id:
- nat_policy.ipv4.nat_method:
- nat_policy.ipv4.source_port_remap:
- nat_policy.ipv4.high_availability:
- nat_policy.ipv4.high_availability.probing:
- nat_policy.ipv4.high_availability.probing.probe_every:
- nat_policy.ipv4.high_availability.probing.probe_type:
- nat_policy.ipv4.high_availability.probing.probe_type.icmp_ping:
- nat_policy.ipv4.high_availability.probing.probe_type.tcp:
- nat_policy.ipv4.high_availability.probing.reply_timeout:
- nat_policy.ipv4.high_availability.probing.deactivate_after:
- nat_policy.ipv4.high_availability.probing.reactivate_after:
- nat_policy.ipv4.high_availability.probing.port_probing:
- nat_policy.ipv4.high_availability.probing.rst_as_miss:
- API: NAT Policies – IPv6
- Endpoint
- Schema Structure
- Object: NAT Policies – IPv6
- Schema Attributes
- nat_policy:
- nat_policies:
- nat_policy.ipv6:
- nat_policy.ipv6.inbound:
- nat_policy.ipv6.outbound:
- nat_policy.ipv6.source:
- nat_policy.ipv6.source.any:
- nat_policy.ipv6.source.name:
- nat_policy.ipv6.source.group:
- nat_policy.ipv6.translated_source:
- nat_policy.ipv6.translated_source.original:
- nat_policy.ipv6.translated_source.name:
- nat_policy.ipv6.translated_source.group:
- nat_policy.ipv6.destination:
- nat_policy.ipv6.destination.any:
- nat_policy.ipv6.destination.name:
- nat_policy.ipv6.destination.group:
- nat_policy.ipv6.translated_destination:
- nat_policy.ipv6.translated_destination.original:
- nat_policy.ipv6.translated_destination.name:
- nat_policy.ipv6.translated_destination.group:
- nat_policy.ipv6.service.any:
- nat_policy.ipv6.service.name:
- nat_policy.ipv6.service.group:
- nat_policy.ipv6.translated_service:
- nat_policy.ipv6.translated_service.original:
- nat_policy.ipv6.translated_service.name:
- nat_policy.ipv6.translated_service.group:
- nat_policy.ipv6.uuid:
- nat_policy.ipv6.name:
- nat_policy.ipv6.enable:
- nat_policy.ipv6.comment:
- nat_policy.ipv6.priority:
- nat_policy.ipv6.priority.auto:
- nat_policy.ipv6.priority.manual:
- nat_policy.ipv6.reflexive:
- nat_policy.ipv6.virtual_group:
- nat_policy.ipv6.virtual_group.any:
- nat_policy.ipv6.virtual_group.id:
- API: NAT Policies – NAT64
- Endpoint
- Schema Structure
- Object: NAT Policies – NAT64
- Collection: NAT Policies – NAT64
- Schema Attributes
- nat_policy:
- nat_policies:
- nat_policy.nat64:
- nat_policy.nat64.inbound:
- nat_policy.nat64.outbound:
- nat_policy.nat64.source:
- nat_policy.nat64.source.any:
- nat_policy.nat64.source.name:
- nat_policy.nat64.source.group:
- nat_policy.nat64.translated_source:
- nat_policy.nat64.translated_source.original:
- nat_policy.nat64.translated_source.name:
- nat_policy.nat64.translated_source.group:
- nat_policy.nat64.pref64:
- nat_policy.nat64.pref64.any:
- nat_policy.nat64.pref64.name:
- nat_policy.nat64.pref64.group:
- nat_policy.nat64.translated_destination:
- nat_policy.nat64.translated_destination.embedded_ipv4_address:
- nat_policy.nat64.service:
- nat_policy.nat64.service.icmp_udp_tcp:
- nat_policy.nat64.translated_service:
- nat_policy.nat64.translated_service.original:
- nat_policy.nat64.uuid:
- nat_policy.nat64.name:
- nat_policy.nat64.enable:
- nat_policy.nat64.comment:
- API: Access Rules – IPv4
- Endpoint
- Schema Structure
- Object: Access Rules – IPv4
- Collection: Access Rules – IPv4
- Schema Attributes
- access_rule:
- access_rules:
- access_rule.ipv4:
- access_rule.ipv4.from:
- access_rule.ipv4.to:
- access_rule.ipv4.action:
- access_rule.ipv4.source:
- access_rule.ipv4.source.address:
- access_rule.ipv4.source.address.any:
- access_rule.ipv4.source.address.name:
- access_rule.ipv4.source.address.group:
- access_rule.ipv4.source.port:
- access_rule.ipv4.source.port.any:
- access_rule.ipv4.source.port.name:
- access_rule.ipv4.source.port.group:
- access_rule.ipv4.service:
- access_rule.ipv4.service.any:
- access_rule.ipv4.service.name:
- access_rule.ipv4.service.group:
- access_rule.ipv4.destination:
- access_rule.ipv4.destination.address:
- access_rule.ipv4.destination.address.any:
- access_rule.ipv4.destination.address.name:
- access_rule.ipv4.destination.address.group:
- access_rule.ipv4.schedule:
- access_rule.ipv4.schedule.always_on:
- access_rule.ipv4.schedule.name:
- access_rule.ipv4.users:
- access_rule.ipv4.users.included:
- access_rule.ipv4.users.included.all:
- access_rule.ipv4.users.included.guests:
- access_rule.ipv4.users.included.administrator:
- access_rule.ipv4.users.included.name:
- access_rule.ipv4.users.included.group:
- access_rule.ipv4.users.excluded:
- access_rule.ipv4.users.excluded.none:
- access_rule.ipv4.users.excluded.guests:
- access_rule.ipv4.users.excluded.administrator:
- access_rule.ipv4.users.excluded.name:
- access_rule.ipv4.users.excluded.group:
- access_rule.ipv4.uuid:
- access_rule.ipv4.name:
- access_rule.ipv4.comment:
- access_rule.ipv4.enable:
- access_rule.ipv4.reflexive:
- access_rule.ipv4.max_connections:
- access_rule.ipv4.logging:
- access_rule.ipv4.management:
- access_rule.ipv4.packet_monitoring:
- access_rule.ipv4.priority:
- access_rule.ipv4.priority.auto:
- access_rule.ipv4.priority.manual:
- access_rule.ipv4.tcp:
- access_rule.ipv4.tcp.timeout:
- access_rule.ipv4.udp:
- access_rule.ipv4.udp.timeout:
- access_rule.ipv4.fragments:
- access_rule.ipv4.botnet_filter:
- access_rule.ipv4.connection_limit:
- access_rule.ipv4.connection_limit.destination:
- access_rule.ipv4.connection_limit.destination.threshold:
- access_rule.ipv4.connection_limit.source:
- access_rule.ipv4.connection_limit.source.threshold:
- access_rule.ipv4.flow_reporting:
- access_rule.ipv4.geo_ip_filter:
- access_rule.ipv4.single_sign_on:
- access_rule.ipv4.cos_override:
- access_rule.ipv4.quality_of_service:
- access_rule.ipv4.quality_of_service.class_of_service:
- access_rule.ipv4.quality_of_service.class_of_service.explicit:
- access_rule.ipv4.quality_of_service.class_of_service.map:
- access_rule.ipv4.quality_of_service.class_of_service.preserve:
- access_rule.ipv4.quality_of_service.dscp:
- access_rule.ipv4.quality_of_service.dscp.explicit:
- access_rule.ipv4.quality_of_service.dscp.map:
- access_rule.ipv4.quality_of_service.dscp.preserve:
- API: Access Rules – IPv6
- Endpoint
- Schema Structure
- Object: Access Rules – IPv6
- Collection: Access Rules – IPv6
- Schema Attributes
- access_rule:
- access_rules:
- access_rule.ipv6:
- access_rule.ipv6.from:
- access_rule.ipv6.to:
- access_rule.ipv6.action:
- access_rule.ipv6.source:
- access_rule.ipv6.source.address:
- access_rule.ipv6.source.address.any:
- access_rule.ipv6.source.address.name:
- access_rule.ipv6.source.address.group:
- access_rule.ipv6.source.port:
- access_rule.ipv6.source.port.any:
- access_rule.ipv6.source.port.name:
- access_rule.ipv6.source.port.group:
- access_rule.ipv6.service:
- access_rule.ipv6.service.any:
- access_rule.ipv6.service.name:
- access_rule.ipv6.destination:
- access_rule.ipv6.destination.address:
- access_rule.ipv6.destination.address.any:
- access_rule.ipv6.destination.address.name:
- access_rule.ipv6.destination.address.group:
- access_rule.ipv6.schedule:
- access_rule.ipv6.schedule.always_on:
- access_rule.ipv6.schedule.name:
- access_rule.ipv6.users:
- access_rule.ipv6.users.included:
- access_rule.ipv4.users.included.all:
- access_rule.ipv6.users.included.guests:
- access_rule.ipv6.users.included.administrator:
- access_rule.ipv6.users.included.name:
- access_rule.ipv6.users.included.group:
- access_rule.ipv6.users.excluded:
- access_rule.ipv6.users.excluded.none:
- access_rule.ipv6.users.excluded.guests:
- access_rule.ipv6.users.excluded.administrator:
- access_rule.ipv6.users.excluded.name:
- access_rule.ipv6.users.excluded.group:
- access_rule.ipv6.uuid:
- access_rule.ipv6.name:
- access_rule.ipv6.comment:
- access_rule.ipv6.enable:
- access_rule.ipv6.reflexive:
- access_rule.ipv6.max_connections:
- access_rule.ipv6.logging:
- access_rule.ipv6.management:
- access_rule.ipv6.packet_monitoring:
- access_rule.ipv6.priority:
- access_rule.ipv6.priority.auto:
- access_rule.ipv6.priority.manual:
- access_rule.ipv6.tcp:
- access_rule.ipv6.tcp.timeout:
- access_rule.ipv6.udp:
- access_rule.ipv6.udp.timeout:
- access_rule.ipv6.fragments:
- access_rule.ipv6.botnet_filter:
- access_rule.ipv6.connection_limit:
- access_rule.ipv6.connection_limit.destination:
- access_rule.ipv6.connection_limit.destination.threshold:
- access_rule.ipv6.connection_limit.source:
- access_rule.ipv6.connection_limit.source.threshold:
- access_rule.ipv6.flow_reporting:
- access_rule.ipv6.geo_ip_filter:
- access_rule.ipv6.single_sign_on:
- access_rule.ipv6.cos_override:
- access_rule.ipv6.quality_of_service:
- access_rule.ipv6.quality_of_service.class_of_service:
- access_rule.ipv6.quality_of_service.class_of_service.explicit:
- access_rule.ipv6.quality_of_service.class_of_service.map:
- access_rule.ipv6.quality_of_service.class_of_service.preserve:
- access_rule.ipv6.quality_of_service.dscp:
- access_rule.ipv6.quality_of_service.dscp.explicit:
- access_rule.ipv6.quality_of_service.dscp.map:
- access_rule.ipv6.quality_of_service.dscp.preserve:
- API: Route Policies – IPv4
- Endpoint
- Schema Structure
- Object: Route Policies – IPv4
- Collection: Route Policies – IPv4
- Schema Attributes
- route_policy:
- route_policies:
- route_policy.ipv4:
- route_policy.ipv4.interface:
- route_policy.ipv4.metric:
- route_policy.ipv4.source:
- route_policy.ipv4.source.any:
- route_policy.ipv4.source.name:
- route_policy.ipv4.source.group:
- route_policy.ipv4.destination:
- route_policy.ipv4.destination.any:
- route_policy.ipv4.destination.name:
- route_policy.ipv4.destination.group:
- route_policy.ipv4.service:
- route_policy.ipv4.service.any:
- route_policy.ipv4.service.name:
- route_policy.ipv4.service.group:
- route_policy.ipv4.gateway:
- route_policy.ipv4.gateway.default:
- route_policy.ipv4.gateway.name:
- route_policy.ipv4.gateway.host:
- route_policy.ipv4.uuid:
- route_policy.ipv4.name:
- route_policy.ipv4.disable_on_interface_down:
- route_policy.ipv4.vpn_precedence:
- route_policy.ipv4.auto_add_access_rules:
- route_policy.ipv4.probe:
- route_policy.ipv4.disable_when_probes_succeed:
- route_policy.ipv4.default_probe_state_up:
- route_policy.ipv4.comment:
- route_policy.ipv4.tcp_acceleration:
- route_policy.ipv4.wxa_group:
- API: Route Policies – IPv6
- Endpoint
- Schema Structure
- Object: Route Policies – IPv6
- Collection: Route Policies – IPv6
- Schema Attributes
- route_policy:
- route_policies:
- route_policy.ipv6:
- route_policy.ipv6.interface:
- route_policy.ipv6.metric:
- route_policy.ipv6.source:
- route_policy.ipv6.source.any:
- route_policy.ipv6.destination.name:
- route_policy.ipv6.destination.group:
- route_policy.ipv6.service:
- route_policy.ipv6.service.any:
- route_policy.ipv6.service.name:
- route_policy.ipv6.service.group:
- route_policy.ipv6.gateway:
- route_policy.ipv6.gateway.default:
- route_policy.ipv6.gateway.name:
- route_policy.ipv6.gateway.host:
- route_policy.ipv6.uuid:
- route_policy.ipv6.name:
- route_policy.ipv6.disable_on_interface_down:
- route_policy.ipv6.vpn_precedence:
- route_policy.ipv6.auto_add_access_rules:
- route_policy.ipv6.probe:
- route_policy.ipv6.disable_when_probes_succeed:
- route_policy.ipv6.default_probe_state_up:
- SonicWall Support
Two-Factor Authentication
SonicOS API supports Two Factor Authentication (TFA) for administrators and users who want to enable the security feature from the Graphical User Interface (GUI) and API. This is an alternative to the other authentication mechanisms described here and cannot be used along with those. Bearer Token Authentication is an alternative method of securing the management requests sent after authentication, as per the Open API Specification, and as used by Swagger. When two-factor authentication is used to log in on the API, then Bearer Token Authentication must be used in all the requests that follow it.
To log in with TFA and use Bearer Token Authentication through the firewall
-
Enter your Username and Password in the SonicWall LOG IN page.
-
Navigate to MANAGE | System Setup | Appliance > Base Settings.
-
Under the Administrator Name & Password section, scroll down to One-time Passwords Method:
-
Choose TOTP from the drop-down menu.
-
Scroll down to the SonicOS API section.
-
Select Enable Two-Factor and Bearer Token Authentication (applies to built-in admin and local user with TOTP only, post sonicos/tfa directly instead of sonicos/auth).
-
Click ACCEPT.
A message displays under the ACCEPT and CANCEL buttons next to Status indicating the configuration has been updated.
To use TFA and Bearer Token Authentication
-
Enter your Username and Password in the SonicWall LOG IN page.
-
The SonicWall-proprietary bar code screen displays.
-
Install either the Google Authenticator or Duo apps on your phone to implement two-step verification using TOTP for your appliance.
-
Using the apps, scan the SonicWall bar code by positioning your phone lens window in front of the bar code.
-
The apps then generate a security code that you enter into the text field next to 2FA Code:
Remember to write down your eight-digit emergency scratch code somewhere for later access as it is the only way to log in if you lose your mobile phone.
-
Click OK.
-
Click the Click here to continue ... link in the next SonicWall bar code screen after you have succeeded to UNBIND the TOTP KEY.
-
Enter the code from the app in the 2FA Code field and click OK.
-
After your password has been verified you successfully land in the appliance’s Base Settings page.
Administrators and users can also enforce the TFA and Bearer Token Authentication feature by going to System Setup | Users > Settings page.
To log in with TFA and use Bearer Token Authentication through the API
-
Navigate to MANAGE | Logs & Reporting | API.
-
Click on the HTTPS://SONICOS-API.SONICWALL.COM link under the SonicWall SonicOS API Agreement section.
-
Click Logout to log out of the firewall.
-
The browser automatically links to the SWAGGER API open-source software user interface, which displays. You can also use other API tools such as Postman and Linux Command cURL.
The Swagger tool works slowly sometimes so it may take a few seconds for the UI to appear. Also, not all browsers have the same speed of connection to Swagger and the other API apps.
-
Post “tfa” with user name, password, and two-factor code to the firewall.
-
Click Execute.
-
Click Authorize when done.
-
The bearer token is returned in the “tfa” response message.
-
Click Authorize.
-
Click Authorize again under Available authorizations.
Was This Article Helpful?
Help us to improve our support portal