damulagski Lv3Posted 2023-Dec-10 16:49
  
You might be able to create a custom REST API endpoint that communicates with the internal pushing mechanism if your Sangfor IAG version permits custom development. A thorough understanding of Sangfor IAG's internal operations would be necessary for this, and it might not be possible in all situations or versions.
IP addresses being blocked in certain situations
Jigen87 Lv3Posted 2023-Dec-10 16:49
  
Thankfully, Sangfor IAG provides a REST API for IP address block management. On certain instances, you may add or delete IP addresses from the block list by using the /security/policy/ipblacklist endpoint with the required permissions.
Fuji12 Lv3Posted 2023-Dec-10 16:50
  
I hope you are doing well as I write this. We've discovered a problem where a malicious IP address is being sent into IAG by one of our clients. The following describes the procedure they use to push the IP:

-> Objects -> Push IP Addresses -> Access Management ->Web Authentication -> Authentication Policy -> Edit Policy -> Policy Name (xyz)

Despite carefully reading the IAG Rest API documentation, I was unable to locate a specific API for pushing IP addresses under this heading. Would you kindly confirm whether there is a specific API for this use case or if there are other options we should consider?
noime Lv3Posted 2023-Dec-10 16:51
  
Recall that the optimal strategy is contingent upon your particular setting, level of technical proficiency, and intended automation.

For IP address blocking, I advise giving the REST API or CLI priority as they provide the most effective and adaptable solutions. Investigate possible custom development possibilities while looking into scripting or third-party tools as interim fixes if pushing IP addresses is critical.
Donsadam Posted 2023-Dec-10 16:54
  
Unlike what you've described, the Intelligent Access Gateway (IAG) lacks a distinct REST API endpoint that is made to push or ban IP addresses under the Web Authentication or Authentication Policy settings. Such fine-grained changes to the authentication policy are often not made publicly available via an API.
Rica Cortez Lv2Posted 2023-Dec-10 16:54
  
Nevertheless, depending on how your infrastructure is configured, you may want to look at other approaches that make use of network APIs or more comprehensive security, which may have an indirect impact on firewall rules or access restrictions. Using firewall APIs or security management tools that communicate with IAG indirectly may be necessary in order to block an IP address on a particular instance. Examining more comprehensive security APIs or network infrastructure integrations may provide answers for IP blocking within your instance at a more granular level.
Prosi Lv3Posted 2023-Dec-11 10:29
  
IAG (Identity and Access Governance) is a broad term that can refer to various solutions and technologies related to managing user identities and access within an organization

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders