Friday, August 31, 2018

forcepoint API

In my day job I have support cases for host of issues. Here's is a short blog of some  basic  Forcepoint NGFW   API information.  1st the API interface is simple to enable on the SMC MgtServer under the server "properties" settings.


Here, I've have selected the port 8080 from the default 8082 and enabled the API
You do NOT need to reboot the MgtServer



You will need a API  client-user define ( the standard admin_users  are not API users ). After you  have crafted  a API client a authenticationkey will be display ( it's critical that you record that key , you will not see it again ).

To login,  the  API needs the  key and provided via a http.request.method POST in a simple call


curl -k -v -d '{"authenticationkey":"n7d3hj3k39l@se3ydieke"}' -H "Content-Type: application/json" -X POST https://mysmcserver.socpuppets.com:8080/login



If the key was correct, you should receive a status. response 200 and the SMC console will show the user logged on as a status "online"



The logout is similar but uses the http.request.method PUT

curl -k -v -d '{"authenticationkey":"n7d3hj3k39l@se3ydieke"}' -H "Content-Type: application/json" -X PUT https://mysmcserver.socpuppets.com:8080/login


To discovery entry points you  can use the API discovery at or whatever services port you have enabled

https://x.x.x.x:8080/api

example
As you can clearly see we have  5.10, 6.2, 6.3    support for this SMC v 6.3.8 . You can call these  versions up to see what entries are allowed


{output truncated }


You can request  various  entry points by issuance of a  http.request.method GET

examples to follow below.


When constructing POST I prefer json  structure of a KEY and  Attribute Value

e.g


{ "name":"the_name_here", "address":"1.1.1.1"}


NOTE: ensure you set the application type as json if your using json, xml is also supported.


Keep in mind the  API client access is controlled by the role you define for the account





When initial login, you need to be aware that the JSESSSIONID cookie value is used for admin.session tracking with HTTP. With  HTTPS you can use the cookie or  SSLsession for tracking





Here's a few basic   API  examples









and yes the API supports IPv6













NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o

        /  \




No comments:

Post a Comment