SonicOS API on creating ACL
Nat
Newbie
Hi,
I am testing the SonicOS API with curl.
I can create objects without problem. However, the ACL API seems broken.
I got "No matching command found" on API return.
curl -k -i -X POST "https://192.168.12.244/api/sonicos/access-rules/ipv4" -H "accept: application/Json" -H "Content-Type: application/Json" -d @test.json
HTTP/1.0 400 Bad Request
Server: SonicWALL
Expires: -1
Cache-Control: no-cache
Content-type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
{
"status": {
"success": false
,"cli": {
"mode": "config_mode"
,"depth": 1
,"command": "access-rule ipv4 from LAN to SSLVPN action allow source address any port any service name API\ Service1 destination address name API\ Group1"
,"configuring": true
,"pending_config": true
,"restart_required": "FALSE"
}
,"info": [
{
"level": "error"
,"code": "E_NO_MATCH"
,"message": "No matching command found."
}
]
}
}
What have I missed?
@Json
{
"access_rules": [
{
"ipv4": {
"name": "API ACL1",
"enable": true,
"from": "LAN",
"to": "SSLVPN",
"action": "allow",
"source": {
"address": {
"any": true
},
"port": {
"any": true
}
},
"service": {
"name": "API Service1"
},
"destination": {
"address": {
"name": "API Group1"
}
}
}
}
]
}
Best Answer
-
CORRECT ANSWER
shiprasahu93
Moderator
Hello @Nat,
I tested this on a TZ 500W and it worked as expected for me.
There is a small mistake in the JSON. Please use "group" instead of "name" in the destination address field.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
5
Answers
@shiprasahu93
thanks, I have fix it.
Perfect! Have a good one!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi,
I am testing the SonicOS API with curl.
I can create objects without problem. However, the routing_policy API seems broken.
I got "No matching command found" on API return.
curl -k -i -X POST "https://192.168.3.1:58000/api/sonicos/route-policies/ipv4" -H "accept: application/Json" -H "Content-Type: application/Json" -d @kk.Json
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 919 0 592 100 327 5147 2843 --:--:-- --:--:-- --:--:-- 8061HTTP/1.0 400 Bad Request
Server: SonicWALL
Expires: -1
Cache-Control: no-cache
Content-type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
{
"status": {
"success": false
,"cli": {
"mode": "config_mode"
,"depth": 1
,"command": "route-policy interface x7 metric 20 source name Kushal_api2 destination group CHN_LAN service any gateway name SVN_Public"
,"configuring": true
,"pending_config": false
,"restart_required": "FALSE"
}
,"info": [
{
"level": "error"
,"code": "E_NO_MATCH"
,"message": "No matching command found."
}
]
}
}
What have I missed?
@json?
{
"route_policy": {
"ipv4": {
"interface": "x7",
"metric": 20,
"source": {
"name": "Kushal_api2"
},
"destination": {
"group":"CHN_LAN"
},
"service": {
"any": true
},
"gateway": {
"name": "SVN_Public"
},
"name": "Vidya",
"disable_on_interface_down": true,
"vpn_precedence": true,
"probe": "",
"tcp_acceleration":false
}
}
}
Hi,
i am also facing same problem with this
@json?
{
"route_policy": {
"ipv4": {
"interface": "x7",
"metric": 20,
"source": {
"name": "Kushal_api2"
},
"destination": {
"group":"CHN_LAN"
},
"service": {
"any": true
},
"gateway": {
"name": "SVN_Public"
},
"name": "Vidya",
"disable_on_interface_down": true,
"vpn_precedence": true,
"probe": "",
"tcp_acceleration":false
}
}
}
The API is definitely busted - at least the access-rules/ipv4 endpoint is. On a NSA2600 running 6.5.4.7-83n the endpoint is outputting JSON that cannot be POSTed back in without fixing things like ipv4->source->port->name to be ipv4->source->port->group. I'm guessing whatever code is generating the output doesn't understand the difference between an address object group and an address object.
EDIT: Also, it would be great if the error message would indicate where the problem actually is - as opposed to the generic "No matching command found."