Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicOS-API 6.5 Geo-IP

CTaylorCTaylor Newbie ✭
edited October 2021 in Developer Hub

Is there an issue with the /geo-ip endpoint?

I am able to get this endpoint to work as documented for 7.0 devices but cant seem to get it to work in 6.5 with documentation.

Using a TZ300 on SonicOS Enhanced 6.5.4.8-89n for testing but have looked at other models/firmware and seems to be the same.

If I try to follow the links to API documentation it takes me to 7.0 documentation but that doesn't work.

If I use an older firmware version in the URL I get the 6.5 documentation but the endpoint is not working as expected.


GET is not returning all fields listed.

Example of missing data:

  • geo_ip/block/connections
  • geo_ip/block/database_not_downloaded

PUT unable to set with body documented


{
    "geo_ip":  {
                   "logging":  true,
                   "block":  {
                                 "connections":  {
                                                     "all":  true
                                                 },
                                 "countries":  {
                                                   "unknown":  false
                                               },
                                 "country":  [
                                                 {
                                                     "name":  "Anonymous Proxy/Private IP"
                                                 },
                                                 {
                                                     "name":  "Satellite Provider"
                                                 }
                                             ]
                             },
                   "custom_list":  {
                                       "enable":  true,
                                       "override_countries":  true
                                   }
               }
}


Am I just doing something wrong or is there an issue with this endpoint/documentation on 6.5 or this firmware version?

Category: Developer Hub
Reply

Answers

  • JaimeJaime SonicWall Employee
    edited October 2021

    Hi @CTaylor,

    I’ll take a deeper look tomorrow, but from a quick test on my end using a TZ 400 running 6.5.4.8, I am seeing those items you noted were missing in your firewall’s response data. That was the case until I disabled Geo-IP. From then on, I am missing some of the expected data in the response—even after re-enabling Geo-IP.

  • JaimeJaime SonicWall Employee

    Hello @CTaylor,

    Even after working with the firewall for a while and subsequently rebooting it, I couldn't get the API response to include the missing details. I was very confident I saw the details previously in the API response as I mentioned yesterday, but now I'm questioning my sanity 😃. I reported the behavior to our Engineering team.

    Thanks!

  • CTaylorCTaylor Newbie ✭

    Thank you for looking into this issue @Jaime. I anxiously await a resolution.

  • JaimeJaime SonicWall Employee

    Hi @CTaylor,

    Engineering addressed the issue and targeted the fix for an upcoming 6.5.4.x Maintenance Release.

    Thanks.

    Jaime

  • CTaylorCTaylor Newbie ✭

    After updating to the 6.5.4.13-105n firmware I am not able to get all expected fields with a GET to /geo-ip

    I am still having issues with PUT. I am unable to enable\configure geo-ip settings. Getting a (400) Bad Request error.

    Here is a sample of what I am PUT'n

    PUT https://<SONICWALL>/api/sonicos/geo-ip

    {
        "geo_ip":  {
                       "logging":  true,
                       "block":  {
                                     "connections":  {
                                                         "all":  true
                                                     },
                                     "countries":  {
                                                       "unknown":  false
                                                   },
                                     "country":  [
                                                     {
                                                         "name":  "Anonymous Proxy/Private IP"
                                                     },
                                                     {
                                                         "name":  "Satellite Provider"
                                                     }
                                                 ]
                                 },
                       "custom_list":  {
                                           "enable":  true,
                                           "override_countries":  true
                                       }
                   }
    }
    
  • CTaylorCTaylor Newbie ✭
    edited September 2023


    After updating to the 6.5.4.13-105n firmware I am not able to get all expected fields with a GET to /geo-ip

    Sorry I AM able to get information from GET endpoint /geo-ip. Things look to be fixed with the GET but still having issues modifying settings.

  • JaimeJaime SonicWall Employee

    Hi @CTaylor, can you confirm the JSON you received from the GET? I just want to make sure the JSON is complete. I'm not seeing any evidence that the fix made it into a release. I'm trying to get confirmation. Going with the assumption that the GET is incomplete, if you PUT back a modified version of what you GET, it would likely fail since the initial GET was incomplete. I'm booting 6.5.4.13 on my TZ 400 to try it out myself.

  • JaimeJaime SonicWall Employee

    Just got a confirmation the fix is not in 6.5.4.13.

  • CTaylorCTaylor Newbie ✭

    You are correct I was mistaken. Notes in code differed from what I posted.

    I am still missing the information referenced.

    Bellow is the info referenced.

    {
        "geo_ip":  {
                       "block":  {
                                     "countries":  "@{unknown=False}"
                                 },
                       "logging":  false,
                       "exclude":  {
                                       "group":  "Default Geo-IP and Botnet Exclusion Group"
                                   },
                       "include":  {
                                       "block_details":  true
                                   },
                       "alert_text":  "This site has been blocked by the network administrator.",
                       "logo_icon":  {
                                         "data":  "data:image/gif;base64,R0lGODlhlgAoALMAAPHw8Dw8PNLS06mqqpSVlvRvJvqaZfu2j3V1doSEhuHh4rm6uv3Uv8TFxWVmaP///yH5BAAAAAAALAAAAACWACgAAAT/8MlJKSAuo1XnRdoAdMLQSYojTAlxKgToIIQiLbNbJeBINbkfgnZ68BLFGMI3GSwGuqLUk1k0FhhkBecgDAaJzIoicHA6qcbEoaUMMolv2PxIZZj1DJ0iO0vmDngTIAhFc4ICV1FTUkMVCiZuDiIUCmFqE3ZjlQ6YDwhtEhiUFBh/VZJwFnqcepEVIKGldx2CjEWdjGWvO4GZejacnqAUOH6PI1yhgL43GYtveoUdYbITGM232hSTjI5SXb8NYXhpg6FstwB6PnZ6fnObn2zY8hKxSbTb+w8Y9sJTTKFwYCMDwHttyvw7ge0Mlxjp8swgg+oZtYgdsNniF/BZA0FA/4IVCTmQQ4o25u5FebOxA5CIhzQ+4MJL5iFYGCvI5LhPADY2InG0lEAyD6YyOlJ+avNmH6sHFrlwmCMSasSXx4zknJWN5z4AC0AEK1pE6EBPQEwoJeZsqE4xZXLZIbBu4gSsAADYkYWPoT6vPL+t43VRnKQVuRD+yiolboKbWmlkiATgQIHLmDMbMMDg3tZrfwHzw8HCQeM9Rt/iGLYIxD4ZFp3p8WUgs+3aRAZ9FmVQ9BTGWqlMe5RTaWkV5zgtKoYnmhgqepBYtl2As4SnpxAo0KtAJLbu27f75oZ8wupWHyUAeLPkIM5NbO/OkCfAdavex3NRP1Ah2rDZemDy0/9shIlmCRx91MJMbJwAt44fdpEhwxAaVOVZOMWw80BtmNlS13AAvnNKiMuNBwkBXlhYCRZObATJQg8IsIkTRZSA4gAwljCAhevR+AADmHV2whOkEEnkF2N94YSSMI7n5JNQdsChW1FWaeWV49VmAJZcduklT5bx9+WYZJb5YwFimqnmmlEeICSbcMYp55x01mnnnXjmqeeefPbp55+ABirooGvmReg2VHq1wDENNDleGEWAlaKTF6jIyAKWMhJHP45+hUAAwxQIZQy4EFDCcL516lIA1tyyqQCJarNOAgH4gICoDzQQgG88nKArlxto81itHG1apQq9fhKJTzjm+mn/DZE0esMIzGLSKI6mQCKSAAHsWAkUaHmxwgIjrFdHAw2IsCN7OGKiQFYK7IqhAuh6Ue6OKAbjxUw2nEhurunWoB4U/56oxjqw0nHrA28kEgCsAwTQHbEBLJECwyoAwQEIH/EQL2ERB+BLCgvs0g9BAywx8q661gCAxLvQ64uxa7igazLdllBrvAkk0s2mCn+EolU+53WrAAlgasYuCOcqMdAffeD0dYveAcYDD0vArbKiiJzjHQQkkBcQ64hUdh21/iqBxJ9wgPDZmUg8QrczNcPGyz6UYYQJdJQRQMWfuFA2adeIDQDZ5c0hwgw8DK32ArQymwvbaLfdNWon1EoA4augJJACE59X3sA0L9sQbD8EjL4DKJ2bFhYL2u2qtWn7ghrvCkBYDtWppXD+2O6D0J1sAmqo/bJp3MqeLDEICLgE3fKNgAEAZYzwBVSFQAKVGpuDNRzbe8SLOdwPlK4rB9wKEK8OxEAdb0GFnK5CvGqUXD3DfG/yciSbB6DDOqDiGlT+1z8tEE8UhdifB2jFqmAs4G/NYKALkre5XLWBbbqSnQOI1QTTUKAFXPjbCtb3Nx3sKxchS5kRMIGAEUKwfhCM1aFcVaKyoKpyM/wT3rahukrILod82hyufCWLeI0pAgA7"
                                     },
                       "custom_list":  {
                                           "enable":  false,
                                           "override_countries":  false
                                       }
                   }
    }
    


    We are almost a year from the original post should I assume a these 6.5 API issues are never making it to a maintenance release?

    I still have hundreds of these 6.5 devices that I have to manage and they are all still under Software and Firmware support.

    Do I just need to rely on cli commands to do a lot of these functions? I don't want to go back to cli hell ;(

  • JaimeJaime SonicWall Employee

    Unfortunately, since the Gen6 API is technically not complete, the CLI is sometimes the only way to accomplish the task. The /direct/cli endpoint provides an entry for CLI commands over the API. I understand it isn't ideal, but it is a potential workaround that could help you accomplish the task in the short term. I've shared your comments and this thread for visibility.

Sign In or Register to comment.