Table of Contents
Importing User .csv file via XML API
*This fix is for firmware after v18.0 MR3 and v17.5 MR14
SFOS has an XML API that provides a way to automatically manage most objects and features that can be controlled via the Webadmin user interface, and User objects are no exception. The current work around to the old CSV import feature for bulk adding of on-device user accounts is to use this service. For more detailed explanation visit this site
Enabling XML API on your firewall
1) Log in to your XG Firewall as an Administrator account
2) Go to Backup & firmware → API
3) Under API configuration, check the Enabled box
4) Under Allowed IP address, enter the IP address of the computer where you are going to run this program
Installing Python 3 and preparing dependencies
Install Python 3 on your computer
- Python 3 comes built in to some Unix-based systems, including MacOS
- For Windows systems, you can download and install the latest Python installer from https://www.python.org
- For Linux distributions, your system's default package manager will almost certainly have a suitable package ready to install
For MacOS
Although Python 3 is now included in MacOS (since version 10.15), python 2 is still the default. To solve this run the program as python3 instead of python. When run this way you may get an error about missing the 'requests' module, in which case you can install the python3 version:
python3 -m pip install requests
For Windows
1) When installing Python on Windows, make sure to select the option to “Add Python to PATH” on the first screen of the installer. This will allow you to run python scripts from a Windows command prompt
2) After installation completes, open a new Command Prompt window
3) Install additional libraries that are required to run this program - run
C:\Users\John> pip install requests python-certifi-win32
4) If you have enabled TLS decryption on your XG Firewall and get a certificate error running this command, you can either create a decryption exclusion for the domain pypi.org or get a copy of your firewall's root CA certificate in a file and rerun the command as follows:
C:\Users\John> pip install requests python-certifi-win32 --cert mycacert.pem
Prepare your csv file
This script expects you to provide a csv file, with fields separated by commas. The file must have the following columns - Name, Username, Password, Email Address, Group:
Example:
Name,Username,Password,Email Address,Group Nigel Brown,nbrown,Pa5s!w0rd19,nigel.brown@example.com,Open Group Gina Lopez,glopez,e1Azjr8q9^21,gina.lopez@example.com,Open Group
Downloading and running the script
1) Download this zip and extract it to a directory on your computer. The rest of these instructions assume you saved it in 'Downloads', and that the csv file containing the users you want to add is in 'Documents' and called users.csv
2) Run the following command, substituting your firewall's hostname or IP address, admin username and password.
python3 Downloads/UserImport.py -f x.x.x.x -i Documents/users.csv -u admin -p A1B2c3d4!!E5 -a
3) If you see exception messages related to certificate trust issues, try running the same command again, but add '-n' as an additional command-line qualifier.
python3 Downloads/UserImport.py -f x.x.x.x -i Documents/users.csv -u admin -p A1B2c3d4!!E5 -a -n
Troubleshooting
1) If you get an error message of the connection timing out:
Confirm what port is being utilized in the Admin settings
1) Go to Administration → Admin and User Settings
2) Under Admin console and end-user interaction check the Admin console HTTPS port
* The default for the python program is port 4444
* If your port is different edit the text on line 175/6 of the Python code; it should then read
callurl = ('https://' + stuff.firewall + ':4444/webconsole/APIController')
2) My passwords do not meet password complexity
Line 36 (sci35), Status 510 Invalid password - doesn't meet complexity requirements
1) Go to Administration → Admin and User Settings → User password complexity settings
2) Disable Enable password complexity check
3) Reboot device and double check that Enable password complexity check is still disabled
4) Re-run the python command