Text only | Text with Images

OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: mhen79 on September 26, 2024, 02:39:25 AM

Title: opnsense + zenarmor restful api
Post by: mhen79 on September 26, 2024, 02:39:25 AM
Hi,

i got install, configure and run successfully the zenarmor plugin in opnsense.

Now i want to control a working policy via api request, simply to switch on or off the policy.

To get status and some information for all policies is simple done with:
Code Select
curl -sk -u "$key":"$secret" https://<ip>/api/zenarmor/policy

response:
Code Select
{
  "policies": [
    {
      "id": 1727212787,
      "local_id": 1727212787,
      "cloud_policyid": "",
      "name": "Allow_Services",
      "isCentralized": false,
      "isActive": true,
      "isDefault": false,
      "user": "0",
      "nodes": [
        {
          "id": "0"
        }
      ],
      "tags": [],
      "projects": [],
      "checksum": 1727212787
    },
    {
      "id": 0,
      "local_id": 0,
      "cloud_policyid": "",
      "name": "Default",
      "isCentralized": false,
      "isActive": true,
      "isDefault": true,
      "user": "0",
      "nodes": [
        {
          "id": "0"
        }
      ],
      "tags": [],
      "projects": [],
      "checksum": 0
    }
  ]
}


My question is, how could i modify the "isActive" status to false, of id:1727212787 ? I could'nt find any documentation regarding toggle on/off policies via api call.

Br,

Marco
Title: Re: opnsense + zenarmor restful api
Post by: IHK on September 26, 2024, 10:00:42 AM
You can browse the following in the Zenarmor documents.

https://www.zenarmor.com/docs/developers/zenarmor-restful-api#update-policy-status

If you need more help, you can open a ticket to create a case file.

https://www.zenarmor.com/docs/support/reporting-bug
Title: Re: opnsense + zenarmor restful api
Post by: mhen79 on September 26, 2024, 07:30:30 PM
Hi,

thank you for the hint to the documentation reference of zenarmor. There is all the stuff very good described, but unfortunately not useable for the zenarmor plugin of opnsense.

I have tried to find a way to enable the zenarmor api of this plugin, but in the settings is no link/button to configure the api module. Maybe you have an idea if or where i could enable the zenarmor api in the opnsense zenarmor plugin.

Have a look to attachment for a short view of the settings tree of the plugin:


Br,

Marco
Title: Re: opnsense + zenarmor restful api
Post by: IHK on September 27, 2024, 09:43:58 AM
The Zenarmor Cloud agent must be installed. Also, you cannot perform these operations with a Free license.
Title: Re: opnsense + zenarmor restful api
Post by: mhen79 on September 27, 2024, 07:56:24 PM
Hi,

for Restful API feature business subscription is needed, more then $100/mon. For private use to much.

Are you sure there is no possibility to control the policies via opnsense api ? I was able to create a new policy via:
Code Select

curl -sk -X POST -u "$key":"$secret" https://<ip>/api/zenarmor/policy \
-H "Content-Type: application/json" \
-d '{
    "isActive": "false",
    "policy_id": "1727212787"
}'

But, could also be just a bug.

Also the endpoint "https://<ip>/api/zenarmor/policy/set" reacts, but says "{"status":403,"message":"Forbidden"}". Maybe there is a hidden, non documented feature ?

Br,

Marco
Text only | Text with Images