To use the REST API, each call must be authenticated. For Control Center-managed firewalls, create a dedicated CC admin user and administrative role to allow REST API access. In the administrative role, you can differentiate between the internal and external interface and even grant write permissions to the REST API. Some actions, such as VPN access, may require additional permissions.
Step 1. Create a Custom Administrative Role
- Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Administrative Roles.
- Click Lock.
- In the Roles section, click + to create a new role.
Enter a number for the role in the Name field and click OK. The Roles configuration window opens.
- Enter a Role Name .
- (Optional) Enter a Description.
Scroll down to add the REST API access rights to the administrative role:
In the REST API section, select the Access to REST API check box.
Click Set/ Edit to configure detailed permissions.
Configure the access rights:
Write Access – Provides write access on the selected interface.
- Click OK.
- Click Send Changes and Activate.
Step 2. Create an Admin Account
Add an administrator account, configure authentication settings, and assign the administrative role to the account.
- Click the ADMINS tab.
- Click New Entry.
- Enter a Name for the account. This is the user login name.
- From the Range list, select which ranges the admin should be able to access.
- From the Cluster list, select which clusters that the admin can access.
- Click OK. The Administrator configuration window opens.
- For local authentication, configure username and password:
- Login Name – Enter the username for the REST API CC admin.
- Full Name – Enter the full name.
- Password – Enter the password.
- External Authentication – Select Local (No external Authentication).
- Assign the administrative role:
- Roles – Select the role created in Step 1 and click Add.
- Shell Level – Select No Access.
- (optional) Change Login Event to a less verbose setting.
- Click OK.
- Click Activate.
The CC admin user you just created can now access the REST API interface for the ranges and clusters assigned to the user.