cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Dan28
Level 7
Report Inappropriate Content
Message 1 of 4

REST API POST appliance configuration

Jump to solution

Hello,

I’m trying to figure out if I can use the REST API to easily configure various McAfee Appliances and VMs, especially the Appliances parameters (including Network Interfaces, static routes, SNMP etc…), basically everything after the startup wizard.

With the documentation below, I figure out how I can GET all those information for each appliances, it’s working smoothly. But I see no mention of the possibility to POST those configurations.

https://docs.mcafee.com/bundle/web-gateway-10.2.x-product-guide/page/GUID-700C5586-59F2-4994-A7F1-B9...

Does someone has experience in deploying appliances and doing the network configuration with REST API and could share some tips ?

Thank you.

Regards,

1 Solution

Accepted Solutions
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: REST API POST appliance configuration

Jump to solution

Hi,

the REST API in general is pretty simple. It allows you to download a piece of the configuration as an XML file, for example for the DNS settings:

GET https://mwg:4712/Konfigurator/REST/appliances/<UUID>/configuration/com.scur.engine.appliance.dns.configuration

This will give you the complete DNS configuration as an XML output. You will store this locally and manipulate it, for example by running sed to search/replace or use some script code to modify the pieces that need to be changed.

After the XML is modified locally you can upload it again:

PUT https://mwg:4712/Konfigurator/REST/appliances/<UUID>/configuration/com.scur.engine.appliance.dns.configuration

When doing the PUT the modified XML is added as the body to be uploaded.

In case the uploaded XML is OK MWG will return a 200 OK. After you commit the changes via REST the modified configuration becomes active.

I have used this previously to update and streamline static routes, but this works for every setting that is available in the storage. The setting you might be looking for is

com.scur.engine.appliance.network.configuration

for confguration of network cards. When looking at the XML you will notice that the NIC configuration is an inline list (an XML within an XML...) which is ugly to maintain. Ugly, but possible.

I usually use DHCP with fixed IP addresses usually to make the network configuration. I bind the MAC address to the desired IP addresses, which has the benefit that I don't need to manually make the network configuration before being able to login via REST API.

Best,
Andre

View solution in original post

3 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: REST API POST appliance configuration

Jump to solution

Hi,

the REST API in general is pretty simple. It allows you to download a piece of the configuration as an XML file, for example for the DNS settings:

GET https://mwg:4712/Konfigurator/REST/appliances/<UUID>/configuration/com.scur.engine.appliance.dns.configuration

This will give you the complete DNS configuration as an XML output. You will store this locally and manipulate it, for example by running sed to search/replace or use some script code to modify the pieces that need to be changed.

After the XML is modified locally you can upload it again:

PUT https://mwg:4712/Konfigurator/REST/appliances/<UUID>/configuration/com.scur.engine.appliance.dns.configuration

When doing the PUT the modified XML is added as the body to be uploaded.

In case the uploaded XML is OK MWG will return a 200 OK. After you commit the changes via REST the modified configuration becomes active.

I have used this previously to update and streamline static routes, but this works for every setting that is available in the storage. The setting you might be looking for is

com.scur.engine.appliance.network.configuration

for confguration of network cards. When looking at the XML you will notice that the NIC configuration is an inline list (an XML within an XML...) which is ugly to maintain. Ugly, but possible.

I usually use DHCP with fixed IP addresses usually to make the network configuration. I bind the MAC address to the desired IP addresses, which has the benefit that I don't need to manually make the network configuration before being able to login via REST API.

Best,
Andre

Dan28
Level 7
Report Inappropriate Content
Message 3 of 4

Re: REST API POST appliance configuration

Jump to solution

Hi,

Sorry for the delay in the response, I’ve just started working on the matter again...

I manage to work with the GET and some POST action (restart, backup etc…). But so far, I had no luck putting XML configuration files (static routes, NTP, interfaces etc…) using the rest API.

The strangest thing is, whenever I push a file, I receive a 200 OK response from the proxy, and on the UI I see the configuration menu locked by the API user (Object “” is already locked bu user X) like it’s trying to configure it but nothing is changed at the end on the configuration. I have nothing on the audit logs indicating that something was done or failed. I’ve tried it on a few VM (version 10.2.7 or 10.2.8) but they all have the same behavior.

Do you have an idea of what could cause this behavior ?

Thanks for your help.

Dan28
Level 7
Report Inappropriate Content
Message 4 of 4

Re: REST API POST appliance configuration

Jump to solution

Oh my bad, I just forgot the commit at the end for the changes to be effective 😁 It’s working as you’ve explained now, I’m able to push static routes, NTP configuration etc…

Thank you very much for your help.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community