AstaroOS: Remote Configuration / Scripting Configuration API
Add the ability to Remotely Configure some of the dynamic settings in the Astaro Gateway.
For instance a dynamic setting would be SMTP allowed domains.
We as a hosting organization have automatic signup to email, and the customers SMTP domain and MX records are moved to our servers. our internal mail servers have the ability to be configured by scripting remotely. But the Astaro must always be configured manually to accept the customers SMTP domain.
implement a SOAP/XML webservice or something like it. That would allow Remote Configuration. Would be cool to be able to request logfile data and retrive it in XML aswell.
Russell Glaue commented
I also recommend a REST API to SOPHOS. A JSON formatted structure for data exchange would be nice (XML is also okay). With Software Defined Networking (SDN), and Application Defined Networking (ADN) becoming the norm, this is a necessity if Sophos wants to have a place in today's network.
I need to be able to deploy a network and application policy in one bundle, and that should include policy snippets that configure the Sophos UTM.
All that is needed right now is a way to manage firewall rules through an API. Or at least provide a _supported_ command-line method so we can script it out ourselves.
Paolo Venturini commented
A REST API to configure firewall rules would be really useful and would allow to script tasks that actually requires boring and error prone manual intervention on Web GUI.
Use the standard Open Management Interface (kinf of CIM). Microsoft powershell can then be used to write config modules to automate the config of the firewall. This can ALSO be done on Linux.
You can already do that with the cc / cc RAW (commandline / CLI) but would loose warranty!
It's 2014 already? Everything (but Sophos UTM) has a restful API! Get with the times Sophos. :)
Michael Cassaniti commented
I'd suggest doing both a configuration API and additionally a command line interface.
One facet of the company I work for is hosting services. We currently host a multi-context Cisco ASA for customers, but are looking towards a virtual firewall per customer.
At present we have a manual change control process. An engineer submits a full configuration change as a set of commands with appropriate detail, and a senior engineer approves the change.
We have two products that are applicable for virtual firewalls. One is the Sophos UTM, and the other is Palo Alto. Unfortunately the Palo Alto is the likely contender mainly because of the scripting capability.
I see us in the future moving to an automated process that could leverage a configuration API rather than a CLI. Again I would suggest implementing both.
dominic gingras commented
I wonder how many people have to request this before its implemented...
Ludovic Peny commented
Open the API, this is a must have for the MSP integration !
Stever Marshall commented
PLEASE give us an API
dominic gingras commented
Same here. vyatta have an API. Or even command line tools (a documented one)
Astaro Admins commented
Provide API to add, change and remove web filtering rules
Ahmad Obay commented
Provide API to add/remove RED devices as well as firewall & NAT rules
Rogier van den Berg commented
We are also a hosting company, now we have after each order add a new domain by the domains and routering > domains list.
Provide API to display/change firewall policy and configuration, automated provision of appliances, this will enable massive deployment of virutal appliances in a cloud provider.