How to Add an Address Object to a Group
Best Answer
-
CORRECT ANSWER
Jaime
SonicWall Employee
Hi @maximtech,
Please try using PATCH to add member objects to existing groups.1
Answers
@maximtech Have you seen this KB article?
Wouldn't that work for you?
Hi Larry,
Thanks for the url, I did read thru that earlier. That's a little different - simply creating address objects.
I'm wanting to add an address object to an existing group. The only thing I can find so far is have to replace the entire group contents. Don't see anything about simply adding one to a group.
Duane
What happens when you try to simply add one Address Object to the Group? Does it effectively replace the contents or does it actually add it?
I'm not one to use the API because I don't have the patience to wiggle through this stuff...
When I tested it out the entire group contents was replaced with the one address object.
Jamie,
Wow, that worked, who knew! How did you come about that undocumented option?
Best, Duane
I'm happy to hear that helped you. This method is listed as an available method in the Swagger UI docs for Gen7 firmware. I found out about the difference while working on a project and noticed the behavioral difference. In Gen6, PUT can be used to add members, but in Gen7, PATCH should be used instead. PUT will do as you've observed on Gen7. To see the Gen7-specific Swagger, log into your firewall and go to HOME | API. Click on the link to sonicos-api.sonicwall.com. You'll get the docs specific to your firmware. Here's a quick link for you for SonicOS 7.0.1 on an NSA appliance.
https://sonicos-api.sonicwall.com/index.html?sonicwallIp=192.168.168.168&sonicwallPort=443&model=NSA&version=7.0.1
could i also use this for exporting (get) all zones - objects and groups and to import it to another sonicwall?
Each endpoint has its supported methods, but yes, you can export from one appliance and push the configuration to another. Just make sure you are looking at the API docs for your firmware version as there are differences in the Gen6 and Gen7 APIs.
ah its from one gen 6 to antoher gen6 same line. We want to avoid using config export and import because we beleieve there is a config issue...so its currently checking one by one alle entries.
maybe you have a good idea how to to this and not forget anything and without doing all the address objects manually (my guess is that this will lead to volatility errors)
You might want to look at using the serial console/SSH CLI method in combination with the API. The KB below should get you set up. You can issue commands to get specific pieces of the configuration as needed. Pushing that configuration back via the CLI will take longer as you want to avoid flooding the CLI session. The same applies to the API. I recommend committing bulk changes across multiple commits.
On the CLI you can send a command such as "show address-objects custom" to only return the custom objects. If you get the data over API, the response includes all the default objects as well.
Make sure the dependencies are covered before you push objects to the firewall. If you use custom zones, those need to be configured in order to successfully import the objects.