topic Create Securit policy with API in Automation/API Discussions

Create Securit policy with API

BPry — Wed, 16 Nov 2016 16:01:20 GMT

Okay so below is what I've been attempting to use for the creation of policies automatically though the API; however when I run it I simply get a Success output and the rule never actually completes. Can anybody tell me where this is missformated?

/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/[@name='$NewRule']&element=<source><member>$Source</member></source><destination><member>$Destination</member></destination><service><member>$Service</member></service><application><member>$Application</member></application><action>$Action</action><source-user><member>$srcuser</member></source-user><option><disable-server-response-inspection>no</disabled-server-response-inspection></option><negate-source>$negsource</negate-source><negate-destination>$negdest</negate-destination><disabled>$disabled</disabled><log-start>$logstart</log-start><log-end>$logend</log-end><description>$description</description><from><member>$srczone</member></from><to><member>$dstzone</member></to>

Re: Create Securit policy with API

cpainchaud — Wed, 16 Nov 2016 16:40:22 GMT

you should open a TAC case because this command should create an error message.

You need to fix the XPATH as you forget an 'entry' for the rule:

/api/?type=config&action=get&xpath=/config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/rulebase/security/rules/entry[@name...

Re: Create Securit policy with API

BPry — Wed, 16 Nov 2016 16:44:26 GMT

Glad it was something simple. I actually just realized a few minutes ago that I was also running get instead of set; when you run set you do actually get a malformed entry but when you run get it just says success regarless if there is a rule that matches the name or not even when I add the missing 'entry' statement.