Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Using the SonicOS API to get the list of SSL VPN Users

dougthor42dougthor42 Newbie ✭
edited March 2020 in Developer Hub

Recently I needed to pull a list of all SSL VPN users on our SonicWall NSA 2600 running SonicOS Enhanced Normally, I'd use SNMP to get this sort of information. However, this version does not include SSL-VPN information in the OIDs.

I found out that 6.5.4 has a RESTful API that accepts and returns JSON.

Here's how to get the list of users via the API:

  1. Enable SonicOS API: Manage -> System -> Appliance -> Base Settings -> Enable SonicOS API
  2. Enable the "RFC-7616 HTTP Digest Access authentication" with default values.
  3. Disable all other auth methods (optional)
  4. Open up a terminal that has curl installed (I used WSL with Ubuntu 18.04) and run this shell script:

# IP Addr and HTTPS Web management port of the SonicWall.

# Login using Digest Auth
curl -k -i -u $USER:$PASSWORD --digest -X HEAD https://$URL/api/sonicos/auth
# If you're using basic auth, use this instead:
# curl -k -i -u $USER:$PASSWORD -X POST https://$URL/api/sonicos/auth

# Query the SSL VPN Sessions
curl -k -i -X GET "https://$URL/api/sonicos/reporting/ssl-vpn/sessions" -H  "accept: application/json"

# "Logout" by deleting the auth info.
curl -k -i -X DELETE "https://$URL/api/sonicos/auth"


  • The user that you connect with must be the Administrator user (Eg: the one defined in Manage -> System Setup -> Appliance -> Base Settings). I don't know why this is, but I wasn't able to get things to work for any other user (my hope was to use a read-only account...)
  • Logging in with the API preempts any web-based session, so keep that in mind.
  • If you use a custom port for HTTPS web management, make sure to include that in the API calls. That took me far longer to figure out than I would have liked...
  • I did not need to adjust any firewall or management settings.
  • The code above has a bunch of -i options included for debugging purposes. They can be removed.
Category: Developer Hub


Sign In or Register to comment.