Query Regarding IAG Rest API for Blocking Malicious IP Address

Newbie886059 Lv1Posted 2023-Nov-30 21:12

I hope this message finds you well. We have identified an issue where one of our customers is pushing a malicious IP address in IAG. The path they follow to push the IP is outlined below:

-> Access Mgmt ->Web Authentication -> Authentication Policy -> Edit Policy -> Policy Name(xyz) -> Objects -> Push IP Addresss

I have thoroughly reviewed the IAG Rest API documentation, but unfortunately, I couldn't find any specific API for pushing IP addresses in this category. Can you please confirm whether there is a dedicated API for this purpose or if there are alternative methods we can explore?

Additionally, I am interested in knowing if there is any rest API for IAG that allows us to block an IP address on a specific instance. Your guidance on this matter would be greatly appreciated.

Thank you for your time and assistance.

Best regards,

jerome_itable has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Based on the information you provided, pushing IP addresses through the "Access Mgmt ->Web Authentication -> Authentication Policy -> Edit Policy -> Policy Name(xyz) -> Objects -> Push IP Addresss" path doesn't seem to have a dedicated REST API in Sangfor IAG. I reviewed the available documentation and found APIs for managing policies and objects, but none specifically for pushing IP addresses in this context.

However, there might be alternative approaches:

1. Scripting: You could explore scripting the manual steps using tools like Selenium or Puppeteer. This would involve simulating user interactions through the web interface to push the IP address. While not ideal, it could be a temporary solution if the volume of IP addresses is low.

2. Third-party tools: Check if any third-party security orchestration or SIEM tools you use integrate with Sangfor IAG. These tools might offer ways to push IP addresses through their own APIs or connectors.

3. Custom development: If your Sangfor IAG version allows custom development, you could potentially develop a custom REST API endpoint that interacts with the internal pushing mechanism. This would require in-depth knowledge of Sangfor IAG's internal workings and might not be feasible for all versions or environments.
Blocking IP addresses on specific instances

For blocking an IP address on a specific Sangfor IAG instance, there are better options:

1. REST API: Fortunately, Sangfor IAG does offer a REST API for managing IP address blocks. You can use the /security/policy/ipblacklist endpoint with appropriate permissions to add or remove IP addresses from the block list on specific instances.

2. CLI: If you prefer a command-line approach, Sangfor IAG also provides a CLI tool called sg_cli. This tool allows managing various configurations, including IP blocking, through commands.

3. Web interface: As a last resort, you can always use the web interface to manually add the IP address to the block list on the desired instance.

Remember, the best approach depends on your specific environment, technical expertise, and desired level of automation.

I recommend prioritizing the REST API or CLI for blocking IP addresses as they offer the most efficient and flexible methods. If pushing IP addresses is crucial, explore scripting or third-party tools as temporary workarounds while investigating potential custom development options.
Is this answer helpful?
Farina Ahmed Lv5Posted 2023-Dec-05 15:57
  

IAG, or Intelligent Access Gateway, doesn't have a dedicated REST API endpoint specifically designed for pushing or blocking IP addresses within the Web Authentication or Authentication Policy settings as per the path you've outlined. Typically, such granular manipulations within the authentication policy might not be directly exposed through an API. However, you might explore alternative methods leveraging broader security or network APIs that could indirectly affect access controls or firewall rules, depending on your infrastructure setup. Blocking an IP address on a specific instance might involve utilizing firewall APIs or security management tools that interact with IAG indirectly. Investigating broader security APIs or integrations with your network infrastructure could potentially offer solutions for IP blocking on a more specific level within your instance.
Enrico Vanzetto Lv4Posted 2023-Dec-05 22:21
  
HI, as i far as i know, i never see a rest api for IAM for this scenario.
Imran Tahir Lv4Posted 2023-Dec-06 00:06
  
We did not reset the API from iam
jerome_itable Lv3Posted 2023-Dec-06 08:29
  
Based on the information you provided, pushing IP addresses through the "Access Mgmt ->Web Authentication -> Authentication Policy -> Edit Policy -> Policy Name(xyz) -> Objects -> Push IP Addresss" path doesn't seem to have a dedicated REST API in Sangfor IAG. I reviewed the available documentation and found APIs for managing policies and objects, but none specifically for pushing IP addresses in this context.

However, there might be alternative approaches:

1. Scripting: You could explore scripting the manual steps using tools like Selenium or Puppeteer. This would involve simulating user interactions through the web interface to push the IP address. While not ideal, it could be a temporary solution if the volume of IP addresses is low.

2. Third-party tools: Check if any third-party security orchestration or SIEM tools you use integrate with Sangfor IAG. These tools might offer ways to push IP addresses through their own APIs or connectors.

3. Custom development: If your Sangfor IAG version allows custom development, you could potentially develop a custom REST API endpoint that interacts with the internal pushing mechanism. This would require in-depth knowledge of Sangfor IAG's internal workings and might not be feasible for all versions or environments.
Blocking IP addresses on specific instances

For blocking an IP address on a specific Sangfor IAG instance, there are better options:

1. REST API: Fortunately, Sangfor IAG does offer a REST API for managing IP address blocks. You can use the /security/policy/ipblacklist endpoint with appropriate permissions to add or remove IP addresses from the block list on specific instances.

2. CLI: If you prefer a command-line approach, Sangfor IAG also provides a CLI tool called sg_cli. This tool allows managing various configurations, including IP blocking, through commands.

3. Web interface: As a last resort, you can always use the web interface to manually add the IP address to the block list on the desired instance.

Remember, the best approach depends on your specific environment, technical expertise, and desired level of automation.

I recommend prioritizing the REST API or CLI for blocking IP addresses as they offer the most efficient and flexible methods. If pushing IP addresses is crucial, explore scripting or third-party tools as temporary workarounds while investigating potential custom development options.
mdamores Posted 2023-Dec-06 08:59
  
Based on the available documentation, there's no available REST API yet for pushing IP addresses. However, you may want to try to utilizing your existing firewall or security solution to block specific IP addresses.
Tayyab0101 Lv2Posted 2023-Dec-06 17:39
  
so far there is no rest api for this yet.
RegiBoy Lv5Posted 2023-Dec-10 16:45
  
There is no API yet
babeshuka Lv3Posted 2023-Dec-10 16:47
  
You may try using Selenium or Puppeteer to script the manual procedures. To push the IP address, this would include mimicking user behaviors via the web interface. Even while it's not ideal, if there aren't many IP addresses, it could work as a temporary fix.
LucyHeart Lv3Posted 2023-Dec-10 16:48
  
Verify if any security orchestration or SIEM products you employ from third parties interact with Sangfor IAG. Some solutions may provide means of pushing IP addresses via their own connectors or APIs.

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders