Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

API or SSH for greatest longevity and compatibility for Gen6/7

Greetings,

I would like to manage my firewalls programmatically. I have a mix of Gen 6 and Gen 7 devices in the TZ / NSA line. What method would you recommend I use, the API or sending commands via SSH?

  • I want to write one set of instructions for any Sonicwall Firewall Gen 6 or Gen 7.
  • I want to make sure the code I write is supported for a long time.
  • If there is no difference with the above requirements, is one method faster than the other? Is one method less error prone?
Category: Developer Hub
Reply

Best Answer

Answers

  • MustafaAMustafaA SonicWall Employee

    Good day @Overflow2021

    My recommendation is to use SonicOS API. Documentation is available on SonicWall.com -> Support -> Technical Documentation.

    • Gen7 devices are fully API driven and you will be able to fully manage your device.
    • Gen6 devices, are not. Hence, you may not find some of the APIs on Gen6 which are available on Gen7.

    Based on your requirements I would suggest to check if the APIs you are intending to use, are available on the Gen6.

  • Overflow2021Overflow2021 Newbie ✭
    edited March 2023

    @MustafaA Can you tell me why I would use the API over CLI?

    Does the API provide management commands that are not found in CLI management? I was expecting you to say CLI because the same commands work on 6/7.

    Thanks for your feedback! I appreciate you.

  • MustafaAMustafaA SonicWall Employee

    @Overflow2021

    Does the API provide management commands that are not found in CLI management? I was expecting you to say CLI because the same commands work on 6/7.

    The SonicWall CLI options are very comprehensive and from the functional perspective you can fully manage the firewall via the CLI commands as you can do via the API calls.

    Can you tell me why I would use the API over CLI?

    REST APIs are the de-facto standard and there are many libraries available for all popular programming languages. You don't have to do the low level data parsing etc. and you can easily convert the data into JSON objects which gives you the ease of manipulating the data. My personal view is that the API data is more structured and easier to process.

  • Yes I understand your point. The question that still stands is how to write a single set of instructions for all firewalls. As I understand it, that is not the API.
  • MustafaAMustafaA SonicWall Employee
    edited March 2023

    You can do that with APIs for sure. If you write your code in a scalable way, it is just a repetition of the same calls to different firewalls in a loop. Let me give you an example. The following is a resent small utility that I wrote to ADD, DELETE, UPDATE Address Objects and Service Objects. If I want to deploy the same context to 100 firewalls, all I need is an array of firewall parameters and change the main method having a for loop, and that's all.

    In the end, it comes down to what you want to accomplish and which path you are feeling more comfortable that requires little or no learning curve.

Sign In or Register to comment.