API - Manage Users for VPN access

Reply
Highlighted
L1 Bithead

API - Manage Users for VPN access

Hello Community,

 

i'm currently planing a project which should be able to control the VPN user access via the API.

It should be a simple tool where you just need to click a single button. The tool then activates or deactivates the user for that VPN via the API.

How do i activate/deactivate local user on the PA with the API?

I've already searched through the /api on our 850 but haven't found what i want.

What would be your approach?

 

Thank you in advance.

 

Kind regards,

JustAGuy

 

Tags (1)

Accepted Solutions
Highlighted
L1 Bithead

Re: API - Manage Users for VPN access

I've finally managed to get the right API command for enabling/disabling local users.

All capitalized words between these chars "<>" need to be adjusted!

 

First you need to get the apikey with the following request:

https://<FIREWALL IP>/api/?type=keygen&user=<USERNAME>&password=<PASSWORD>

 

Then you can disable the user via the following:

https://<FIREWALL IP>/api/?type=config&action=set&key=<API KEY>&xpath=/config/shared/local-user-database/user/entry[@name='<LOCAL USERNAME>']&element=<disabled>yes</disabled>

 

or enable it via this:

https://<FIREWALL IP>/api/?type=config&action=set&key=<API KEY>&xpath=/config/shared/local-user-database/user/entry[@name='<LOCAL USERNAME>']&element=<disabled>no</disabled>

 

Lastly you need to commit your changes:

https://<FIREWALL IP>/api/?type=commit&key=<APIKEY>&cmd=<commit><description><YOUR DESCRIPTION></description></commit>

View solution in original post


All Replies
Highlighted
L1 Bithead

Re: API - Manage Users for VPN access

That's a great project.

I am just curious. Why wouldn't you use GlobalProtect for VPN?

Highlighted
L1 Bithead

Re: API - Manage Users for VPN access

The tool should work with different firewall vendors.

One of it is Palo Alto NGFW.

Is there a difference between controlling the global protect users vs. f.e ipsec?

Highlighted
L1 Bithead

Re: API - Manage Users for VPN access

I've finally managed to get the right API command for enabling/disabling local users.

All capitalized words between these chars "<>" need to be adjusted!

 

First you need to get the apikey with the following request:

https://<FIREWALL IP>/api/?type=keygen&user=<USERNAME>&password=<PASSWORD>

 

Then you can disable the user via the following:

https://<FIREWALL IP>/api/?type=config&action=set&key=<API KEY>&xpath=/config/shared/local-user-database/user/entry[@name='<LOCAL USERNAME>']&element=<disabled>yes</disabled>

 

or enable it via this:

https://<FIREWALL IP>/api/?type=config&action=set&key=<API KEY>&xpath=/config/shared/local-user-database/user/entry[@name='<LOCAL USERNAME>']&element=<disabled>no</disabled>

 

Lastly you need to commit your changes:

https://<FIREWALL IP>/api/?type=commit&key=<APIKEY>&cmd=<commit><description><YOUR DESCRIPTION></description></commit>

View solution in original post

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!