The Barracuda CloudGen Firewall REST API provides remote administration and configuration of the Barracuda CloudGen Firewall. This article gives a brief description of REST API and the API methods you can use to access your Barracuda CloudGen Firewall. The API framework provides get or set variables inside a JSON-RPC request corresponding to field values in the configuration database of the firewall.
Enable the REST API for HTTP
Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.
Click Lock.
In the HTTP interface window, select Enable HTTP interface.
In the HTTP Port field, enter the desired port for API calls.
Click Send Changes and Activate.
Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > Firewall > Forwarding Rules.
Communication via HTTP is intended to be done from within the internal network and is thus only available on the loop-back interface 127.0.0.1:<HTTP Port>. Thus, it is required to create an App Redirect access rule that redirects API calls to the loop-back interface.
Enable the REST API for HTTPS
Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.
Click Lock.
In the HTTP interface window, select Enable HTTPS interface.
In the HTTPS Port field, enter the desired port for API calls.
(Optional) To enable API calls via management IP addresses instead of the loop-back interface, select Bind to Management IPs.
Click New Key to create a private key of the desired length, or import your personal private key.
Click Ex/import to create a self-signed certificate, or import an existing one.
Authentication
The Barracuda CloudGen Firewall supports basic authentication by using either the basic authorization header or the X-API-Token header. While using the authorization header is the same as traditional username:password authentication, the X-API-Token allows you to create a token to be used for all REST calls. Note that basic authentication uses base64 encoded credentials.
Create an Administrator Account for REST API Authentication
For authentication against the REST API, a user with the respective permissions must be present either on the Control Center for centrally managed firewalls or on the firewall itself for stand-alone firewalls. In both cases, the user must have the Manager role assigned.
For more information on how to configure Administrators accounts on a Control Center, see How to Create a CC Admin to Access the REST API.
For more information on how to configure Administrators accounts on a stand-alone firewall, see How to Create a New Administrator Account.
Create an X-API Token for Authentication
Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > REST API Service.
Click Lock.
In the left menu, click Access Tokens.
Click + in the Access tokens section.
Enter a Name for the token and click OK. The Access tokens window opens.
Click Generate new token.
Enter the Admin name for the user used for authentication.
In the Time to live field, enter the number of days the token should be valid for.
Click OK.
Rest API for the CloudGen Firewall
Follow the link below for a list of the REST API for the CloudGen Firewall. Authentication is done using HTTP basic authentication with the username and password of the administrators with the appropriate permission set.
For more information, see Developer Documentation for the CloudGen Firewall REST API.