Jaime

SonicWall Employee
Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Jaime SonicWall Employee

Badges (14)

25 Answers4 Year Anniversary3 Year Anniversary2 Year Anniversary5 Helpfuls5 Answers10 Comments1 Year AnniversaryName Dropper5 LikesFirst AnswerFirst CommentEarly AdopterPhotogenic

Comments

  • Hi @Veraniti, the API response "message": "Login as a user." suggests you just need to send a POST to the /start-management endpoint. The user is logged in, but "as a user" rather than an admin. Alternatively, enabling the "go straight to management" option on the SonicWall Administrators group should log you right in…
  • Hi @HKI, Please take a look at the 6.5.4.x SonicOS API YAML document here: https://sonicos-api.sonicwall.com/sonicos_files/6.5.4.8-89n/TZ-400W/sonicos_openapi.yml According to the document, /reporting/interfaces/ipv4/ is there, but /reporting/interfaces/ipv4/status is not. You may be able to find a suitable endpoint using…
  • After authenticating, you can send a POST to /start-management to begin a management session.
  • I've only attempted the more advanced auth settings with the requests library.
  • Please give this a try. import urllib.request from base64 import b64encode from collections import OrderedDict import ssl # Replace these with your SonicOS API endpoint and credentials sonicos_api_url = "https://xxx.xxx.xxx.xxx/api/sonicos/" username = "admin-user" password = "admin-password" # Encode the username and…
  • Please verify that Basic Authentication is enabled in your SonicOS API settings. I believe Basic HTTP authentication is disabled by default. Also, why not 'pip install requests'?
  • Is it possible to get the interface X1 status from the router without logging in from a system connected on the LAN side? Or I always have to login with a username and password? As ARKWRIGHT mentioned, yes, you will always need to log in to get information from the firewall. How you login depends on the method you use to…
  • I think there are probably better methods of determining WAN connectivity or link status that may be more reliable or polished as a product. Some examples are: Using the built-in logs and email alerting (if you have an internal email server that can alert you to a down interface). Using SNMP or NetFlow/IPFIX collectors.…
  • Try using "-SkipHttpErrorCheck" in your Invoke-Restmethod call. It indeed seems to be a behavior of that cmdlet in PS. "-SkipHttpErrorCheck" ignores the "error statuses" non-200 response codes. Not sure exactly which codes it ignores. Maybe 4xx/5xx. I found these that might be helpful.…
  • If I'm understanding what you've described, I would think the failure from PowerShell would not have been an API response or maybe the value of $Result needs to be converted to plaintext or JSON. I could be wrong. I'm also not very familiar with requests from PS. You should get back a readable error in JSON as you've noted…
  • There should still be a message/response of some sort from the API even in the case of a failed request. Perhaps try checking the response information for a 'success' key with a true or false value in the response body and using that as the confirmation of a successful call.
  • Hi, Please take a look at the Python example script "sonicosapi-public-key-auth.py". There's an example you can reference for uploading firmware via the API. https://github.com/jaimeesc/sonicos-api-examples Hope that helps!
  • Hi, Please take a look at a couple of example scripts in Bash and Python here: https://github.com/jaimeesc/sonicos-api-examples Make sure you enable "PKCS#1 v2.0 OAEP" padding type and SHA256 hash/mask. Hope that helps!
  • I uploaded a couple of example scripts (Bash and Python) here:
  • Hello, I may have a solution for you. Try this: 'Authorization: SNWL-PK-AUTH user="'$USER'", data="'$CIPHER'"' instead. Line from your post: curl -k -i -s -H "Authorization: SNWL-PK-AUTH user="'$USER'", data='$CIPHER'" -X POST https://$ADDR/api/sonicos/auth I modified the line to this: curl -k -i -s -H 'Authorization:…