Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicOS API on creating ACL

Hi,

I am testing the SonicOS API with curl.

I can create objects without problem. However, the ACL API seems broken.

I got "No matching command found" on API return.

curl -k -i -X POST "https://192.168.12.244/api/sonicos/access-rules/ipv4" -H "accept: application/Json" -H "Content-Type: application/Json" -d @test.json

HTTP/1.0 400 Bad Request

Server: SonicWALL

Expires: -1

Cache-Control: no-cache

Content-type: application/json; charset=UTF-8

X-Content-Type-Options: nosniff


{

   "status": {

     "success": false


    ,"cli": {

       "mode": "config_mode"

      ,"depth": 1

      ,"command": "access-rule ipv4 from LAN to SSLVPN action allow source address any port any service name API\ Service1 destination address name API\ Group1"

      ,"configuring": true

      ,"pending_config": true

      ,"restart_required": "FALSE"

     }


    ,"info": [

       {

         "level": "error"

        ,"code": "E_NO_MATCH"

        ,"message": "No matching command found."

       }

     ]

   }

}

What have I missed?

@Json

{

 "access_rules": [

  {

   "ipv4": {

    "name": "API ACL1",

    "enable": true,

    "from": "LAN",

    "to": "SSLVPN",

    "action": "allow",

    "source": {

     "address": {

      "any": true

     },

     "port": {

      "any": true

     }

    },

    "service": {

     "name": "API Service1"

    },

    "destination": {

     "address": {

      "name": "API Group1"

     }

    }

    }

  }

 ]

}

Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • NatNat Newbie

    @shiprasahu93

    thanks, I have fix it.

  • Perfect! Have a good one!

    Shipra Sahu

    Technical Support Advisor, Premier Services

  • Hi,

    I am testing the SonicOS API with curl.

    I can create objects without problem. However, the routing_policy API seems broken.

    I got "No matching command found" on API return.

    curl -k -i -X POST "https://192.168.3.1:58000/api/sonicos/route-policies/ipv4" -H "accept: application/Json" -H "Content-Type: application/Json" -d @kk.Json

     % Total   % Received % Xferd Average Speed  Time   Time    Time Current

                                    Dload Upload  Total  Spent   Left Speed

    100  919   0  592 100  327  5147  2843 --:--:-- --:--:-- --:--:-- 8061HTTP/1.0 400 Bad Request

    Server: SonicWALL

    Expires: -1

    Cache-Control: no-cache

    Content-type: application/json; charset=UTF-8

    X-Content-Type-Options: nosniff


    {

        "status": {

            "success": false


           ,"cli": {

                "mode": "config_mode"

               ,"depth": 1

               ,"command": "route-policy interface x7 metric 20 source name Kushal_api2 destination group CHN_LAN service any gateway name SVN_Public"

               ,"configuring": true

               ,"pending_config": false

               ,"restart_required": "FALSE"

            }


           ,"info": [

                {

                    "level": "error"

                   ,"code": "E_NO_MATCH"

                   ,"message": "No matching command found."

                }

            ]

        }

    }

    What have I missed?

    @json?

    {

    "route_policy": {

     "ipv4": {

     "interface": "x7",

     "metric": 20,

     "source": {

     "name": "Kushal_api2"

    },

     "destination": {

    "group":"CHN_LAN"

     },

     "service": {

     "any": true

     },

     "gateway": {

      "name": "SVN_Public"

     },

     "name": "Vidya",

     "disable_on_interface_down": true,

     "vpn_precedence": true,

     "probe": "",

     "tcp_acceleration":false

     }

     }

    }

  • Hi,

    i am also facing same problem with this

    @json?

    {

    "route_policy": {

     "ipv4": {

     "interface": "x7",

     "metric": 20,

     "source": {

     "name": "Kushal_api2"

    },

     "destination": {

    "group":"CHN_LAN"

     },

     "service": {

     "any": true

     },

     "gateway": {

      "name": "SVN_Public"

     },

     "name": "Vidya",

     "disable_on_interface_down": true,

     "vpn_precedence": true,

     "probe": "",

     "tcp_acceleration":false

     }

     }

    }

  • AllenAllen Newbie ✭
    edited November 18

    The API is definitely busted - at least the access-rules/ipv4 endpoint is. On a NSA2600 running 6.5.4.7-83n the endpoint is outputting JSON that cannot be POSTed back in without fixing things like ipv4->source->port->name to be ipv4->source->port->group. I'm guessing whatever code is generating the output doesn't understand the difference between an address object group and an address object.

    EDIT: Also, it would be great if the error message would indicate where the problem actually is - as opposed to the generic "No matching command found."

Sign In or Register to comment.