Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

API Limitations - Rules, Users and Groups

Follow
Avatar
Jn

I'm currently using MSP to manage a singular device, which is perhaps outside the intended audience of the MSP service, however this currently seems to be the only publicly supported method of accessing the Firewalla API*. As such, I've opted to pay for the MSP service to  programmatically manage aspects of my network.

With this in mind, to facilitate this I put together a module and subsequent terraform provider to help manage my target lists along side other devices, however, I've found the current offerings through MSP to be quite restrictive.

Currently, the only resource I can programmatically create and manage via the MSP API is a Target List. While this is a primary desire, the API currently does not extend to any adjoining objects such as Rules, Groups or Users.

Furthermore, the implementation of the Target List feature is hampered by arbitrary and restrictive limits:

Which severely hampers any means of utilizing community blocklists, similar to what is pre-baked in by your service:

  • Crypto List: 23,750
  • OISD: 55,873
  • Newly Registered Domains: 4,215,786
  • Log4j attackers: 25,408

It would be of tremendous help if the API offerings were a bit more comprehensive in these areas, but I again realize this might be reaching outside the original intent of MSP. With that said, is there any chance you might have visibility into a roadmap for future API priorities?

Thank you!

 

* I say "officially" supported, as while I'm aware of community projects that have utilized the "additional pairing" option to effectively spoof the iOS app for authentication, it would certainly seem that API is not officially supported and subject to change, even if more comprehensive.

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Firewalla CM

    Hi @Jn,

    Our dev team is working on "creating rules" via MSP API. We hope it will be available in MSP 2.10.0. Please follow this main thread for updates: Feature Request: MSP API "add new rule" endpoint 

    May I ask how you are using the Target List feature, and your use case for needing more than 20 lists with more than 2000 entries? 

    • Custom Target Lists are limited as they are not meant for you to import large lists from somewhere else (security lists are dynamic, and we don't recommend using static, "stale" lists). Large lists are expensive to maintain and support.
    • Firewalla already has a huge built-in list that you don't need to bring your own.
    • We do support popular lists as System Target Lists, and with MSP, you can use the Import Target List feature for even more optional lists.
    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post