Using the SonicOS API to get the list of SSL VPN Users

Recently I needed to pull a list of all SSL VPN users on our SonicWall NSA 2600 running SonicOS Enhanced 6.5.4.4-44n. Normally, I'd use SNMP to get this sort of information. However, this version does not include SSL-VPN information in the OIDs.

I found out that 6.5.4 has a RESTful API that accepts and returns JSON.

Here's how to get the list of users via the API:

1. Enable SonicOS API: Manage -> System -> Appliance -> Base Settings -> Enable SonicOS API
2. Enable the "RFC-7616 HTTP Digest Access authentication" with default values.
3. Disable all other auth methods (optional)
4. Open up a terminal that has curl installed (I used WSL with Ubuntu 18.04) and run this shell script:

USER=admin
PASSWORD=password

# IP Addr and HTTPS Web management port of the SonicWall.
URL=192.168.1.1:8443

# Login using Digest Auth
curl -k -i -u $USER:$PASSWORD --digest -X HEAD https://$URL/api/sonicos/auth
# If you're using basic auth, use this instead:
# curl -k -i -u $USER:$PASSWORD -X POST https://$URL/api/sonicos/auth

# Query the SSL VPN Sessions
curl -k -i -X GET "https://$URL/api/sonicos/reporting/ssl-vpn/sessions" -H  "accept: application/json"

# "Logout" by deleting the auth info.
curl -k -i -X DELETE "https://$URL/api/sonicos/auth"

Notes:

• The user that you connect with must be the Administrator user (Eg: the one defined in Manage -> System Setup -> Appliance -> Base Settings). I don't know why this is, but I wasn't able to get things to work for any other user (my hope was to use a read-only account...)
• Logging in with the API preempts any web-based session, so keep that in mind.
• If you use a custom port for HTTPS web management, make sure to include that in the API calls. That took me far longer to figure out than I would have liked...
• I did not need to adjust any firewall or management settings.
• The code above has a bunch of -i options included for debugging purposes. They can be removed.