Using the SonicOS API to get the list of SSL VPN Users
Recently I needed to pull a list of all SSL VPN users on our SonicWall NSA 2600 running SonicOS Enhanced 126.96.36.199-44n. Normally, I'd use SNMP to get this sort of information. However, this version does not include SSL-VPN information in the OIDs.
I found out that 6.5.4 has a RESTful API that accepts and returns JSON.
Here's how to get the list of users via the API:
- Enable SonicOS API: Manage -> System -> Appliance -> Base Settings -> Enable SonicOS API
- Enable the "RFC-7616 HTTP Digest Access authentication" with default values.
- Disable all other auth methods (optional)
- Open up a terminal that has curl installed (I used WSL with Ubuntu 18.04) and run this shell script:
USER=admin PASSWORD=password # IP Addr and HTTPS Web management port of the SonicWall. URL=192.168.1.1:8443 # Login using Digest Auth curl -k -i -u $USER:$PASSWORD --digest -X HEAD https://$URL/api/sonicos/auth # If you're using basic auth, use this instead: # curl -k -i -u $USER:$PASSWORD -X POST https://$URL/api/sonicos/auth # Query the SSL VPN Sessions curl -k -i -X GET "https://$URL/api/sonicos/reporting/ssl-vpn/sessions" -H "accept: application/json" # "Logout" by deleting the auth info. curl -k -i -X DELETE "https://$URL/api/sonicos/auth"
- The user that you connect with must be the Administrator user (Eg: the one defined in Manage -> System Setup -> Appliance -> Base Settings). I don't know why this is, but I wasn't able to get things to work for any other user (my hope was to use a read-only account...)
- Logging in with the API preempts any web-based session, so keep that in mind.
- If you use a custom port for HTTPS web management, make sure to include that in the API calls. That took me far longer to figure out than I would have liked...
- I did not need to adjust any firewall or management settings.
- The code above has a bunch of
-ioptions included for debugging purposes. They can be removed.