REST API based configuration management

A REST API is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services. When it comes to configurations, most of the device vendors provide REST API support on different levels for reading and writing the device configuration in parts or as a whole during the backup process.

Network Configuration Manager uses the REST APIs to allow users to have a simplified UI experience. The users can focus on a particular part of the configuration without worrying about the command syntax and configuration hierarchy. On top of that, the REST API's GUI has been designed to resemble the device GUI for users' better understanding.

REST API based configuration management support

Support for REST API based configuration management has been provided for Fortigate and Palo Alto firewalls. We are working on providing support for more devices. Juniper and Arista devices are next in pipeline with Cisco FTD to follow. Please reach out to Network Configuration ManagerSupport (ncm-support@manageengine.com) in case you want us to add support for a particular vendor.

REST API based configuration management works with REST Configlets.

Benefits of REST API based configuration management over CLI Based configuration management:

  • While backing up whole configurations, REST APIs are faster.
  • Users don't have to memorize command syntaxes while updating a particular part of a configuration.
  • Users don't have to worry about the hierarchy of objects in a configuration.
  • The important objects in a configuration can be viewed in a grid format in Network Configuration Manager.
  • REST APIs provide a GUI that is similar to the device's GUI (Eg: Firewall GUI) and this makes it easy to update a part of the configuration directly from Network Configuration Manager.

REST Credentials

To use REST API features, Network Configuration Manager needs REST credentials to connect to the device before executing the REST APIs. These credentials can be provided directly from the "Apply Credentials" slide.

  • Each vendor needs different parameters to be set while connecting with REST APIs along with authentication parameters.
  • Network Configuration Manager provides the fields for each of these parameters with their default values based on the vendor, in the same credential slide.
  • One can choose to either manage the device with just REST Credentials or with a combination of CLI and REST credentials.
  • For important functions like Enabling/Disabling Syslog Change Detection, it is recommended to manage the device by using a combination of CLI and REST credentials.

Please refer to the following steps and screenshots to know more about associating REST credentials to a particular device.

  1. Go to Inventory > Devices.
  2. Select the devices on which you want to apply the REST Credentials.
  3. Select "Apply Credentials" from the options.
  4. Select "REST API" as the protocol in case you want to manage the devices with REST credentials alone. Otherwise, select your desired protocol, provide proper CLI credentials and then select the REST API tab to provide REST credentials.
  5. Check "Use REST API for communication whenever applicable". (This will be available only while using REST credentials along with CLI protocol.)
  6. Provide all the required parameters in the form and save the credentials.

Rest Configlets

Rest configlets are configuration objects such as address, policy, security rules etc. You can access Rest Configlets by going to Config Automation > Configlets > Rest Configlets.

Each configlet comes with a different set of operations such as Add, Edit, View, Delete, Rename, View All, Clone, Execute etc.

Operation Description
ADD Adds a new object to the device configuration.
Edit Provides a list of objects available in the device. Users can then select a particular object. The details about the selected object will be fetched from the device and will be shown to the users. Users can update any particular detail/parameter for that object and then execute the configlet to save the changes in device.
View Provides a list of objects available in the device. Users can then select a particular object. The details about the selected object will be fetched from the device and shown to the user in read only mode.
View All Shows all the available objects in the device in a grid along with their details
Delete Provides a list of objects available in the device. Users can select a particular object and execute the configlet to delete the object.
Rename Users can select a particular object and provide a new name to rename the object in the device.
Clone Users can select a particular object and provide a new name to clone the object in the device with the name provided along with its properties
Execute Most of the non-firewall devices have objects that can only be viewed and executed as CLI commands. For such devices and configuration objects, there will be only one operation available, which is "Execute". It will execute the command in the device with the provided parameters.