[GH-ISSUE #94] Get and list down web policies

kerem commented

2026-02-27 23:18:38 +03:00

Owner

Originally created by @NetworkJBM on GitHub (Jun 25, 2025).
Original GitHub issue: https://github.com/sophos/sophos-firewall-sdk/issues/94

Is your feature request related to a problem? Please describe.
Currently, the Sophos XG Firewall Python SDK lacks native support for managing Web Policies and User Activities. As a result, administrators cannot programmatically list, retrieve, or create web policies or assign user activities to specific users through the SDK. This requires manual configuration via the GUI or using less integrated methods, which is time-consuming and prone to errors, especially in environments with frequent user policy changes.

Describe the solution you'd like
I would like the Python SDK for Sophos XG Firewall to include functions that allow:

✅ Listing and retrieving existing Web Policies
✅ Creating, modifying, and deleting Web Policies
✅ Creating custom User Activities (e.g., specific categories or URL groups)
✅ Assigning User Activities to Web Policies or directly to specific users
✅ Retrieving existing User Activities for audit purposes

These functions should align with the existing SDK structure and support authentication via the standard API mechanisms. Ideally, the SDK should also support JSON responses for easy integration into automation workflows.

Describe alternatives you've considered

Using direct XML API requests via requests in Python, but this lacks the structure and error handling of an integrated SDK.

Manually configuring policies via the Web GUI, which is not practical for automated or large-scale deployments.

Leveraging Syslog or Reporting APIs to track activities, but these do not allow policy creation or assignment.

None of these alternatives provide a clean, scalable, and scriptable method to manage web policies and user activities.

Additional context
This feature is essential for environments with dynamic user groups, such as schools, enterprises, or MSPs managing multiple clients. It would streamline policy assignment during onboarding and allow for faster response to policy changes based on user role or activity patterns. Integration with the SDK would also allow better alignment with infrastructure-as-code and automation practices.

Originally created by @NetworkJBM on GitHub (Jun 25, 2025). Original GitHub issue: https://github.com/sophos/sophos-firewall-sdk/issues/94 Is your feature request related to a problem? Please describe. Currently, the Sophos XG Firewall Python SDK lacks native support for managing Web Policies and User Activities. As a result, administrators cannot programmatically list, retrieve, or create web policies or assign user activities to specific users through the SDK. This requires manual configuration via the GUI or using less integrated methods, which is time-consuming and prone to errors, especially in environments with frequent user policy changes. Describe the solution you'd like I would like the Python SDK for Sophos XG Firewall to include functions that allow: ✅ Listing and retrieving existing Web Policies ✅ Creating, modifying, and deleting Web Policies ✅ Creating custom User Activities (e.g., specific categories or URL groups) ✅ Assigning User Activities to Web Policies or directly to specific users ✅ Retrieving existing User Activities for audit purposes These functions should align with the existing SDK structure and support authentication via the standard API mechanisms. Ideally, the SDK should also support JSON responses for easy integration into automation workflows. Describe alternatives you've considered Using direct XML API requests via requests in Python, but this lacks the structure and error handling of an integrated SDK. Manually configuring policies via the Web GUI, which is not practical for automated or large-scale deployments. Leveraging Syslog or Reporting APIs to track activities, but these do not allow policy creation or assignment. None of these alternatives provide a clean, scalable, and scriptable method to manage web policies and user activities. Additional context This feature is essential for environments with dynamic user groups, such as schools, enterprises, or MSPs managing multiple clients. It would streamline policy assignment during onboarding and allow for faster response to policy changes based on user role or activity patterns. Integration with the SDK would also allow better alignment with infrastructure-as-code and automation practices.

kerem commented

2026-02-27 23:18:38 +03:00

Author

Owner

@mamullen13316 commented on GitHub (Jun 30, 2025):

Thank you for submitting this. The requested features have been implemented in version v0.1.64. Details are in PR#95. Please let us know if there's anything we missed, bugs, etc.

@mamullen13316 commented on GitHub (Jun 30, 2025): Thank you for submitting this. The requested features have been implemented in version v0.1.64. Details are in [PR#95](https://github.com/sophos/sophos-firewall-sdk/pull/95). Please let us know if there's anything we missed, bugs, etc.

kerem commented

2026-02-27 23:18:38 +03:00

Author

Owner

@NetworkJBM commented on GitHub (Jul 4, 2025):

Thanks for the update, I’d like to ask one small thing

I’m not able to list down the rules of each web policy when getting them. Would it be possible to get the rules of a web policy by the assigned user.
Therefore it lists down the assigned web activities and the other settings associated with that rule of that user…

@NetworkJBM commented on GitHub (Jul 4, 2025): Thanks for the update, I’d like to ask one small thing I’m not able to list down the rules of each web policy when getting them. Would it be possible to get the rules of a web policy by the assigned user. Therefore it lists down the assigned web activities and the other settings associated with that rule of that user…

kerem commented

2026-02-27 23:18:38 +03:00

Author

Owner

@mamullen13316 commented on GitHub (Jul 4, 2025):

Thanks for the update, I’d like to ask one small thing

I’m not able to list down the rules of each web policy when getting them. Would it be possible to get the rules of a web policy by the assigned user. Therefore it lists down the assigned web activities and the other settings associated with that rule of that user…

Would something like this work for you?

user_policies = parse_user_policies(webpolicies)   # webpolicies is the output of get_webfilterpolicy()

user_policies
{'firewall_apiuser': {'policies': {'test1': ['testactivity2'],
   'MyPolicyWithUserAssignedActivity': ['testactivity2'],
   'MyCustomPolicy1': ['testactivity2', 'Extreme'],
   'MyPolicyWithCustomUserActivity': ['MyUserActivity']}},
 'Guest Group': {'policies': {'MyPolicy2': ['Militancy & Extremist',
    'Extreme'],
   'MyPolicyWithCustomUserActivity': ['MyUserActivity']}}}

This is the output of a function that takes the results of fw.get_webfilterpolicy() and returns the above dict. Then you can parse it to pull out the data. For example:

def print_user_policies(user_policies):
     print(f"{'Name':<25}{'Policy':<50}{'Category':<50}")
     for user, data in user_policies.items():
         for policy, category in data['policies'].items():
             print(f"{user:<25}{policy:<50}{', '.join(category):<50}")

>>> print_user_policies(user_policies)
Name                     Policy                                            Category                                          
firewall_apiuser         test1                                             testactivity2                                     
firewall_apiuser         MyPolicyWithUserAssignedActivity                  testactivity2                                     
firewall_apiuser         MyCustomPolicy1                                   testactivity2, Extreme                            
firewall_apiuser         MyPolicyWithCustomUserActivity                    MyUserActivity                                    
Guest Group              MyPolicy2                                         Militancy & Extremist, Extreme                    
Guest Group              MyPolicyWithCustomUserActivity                    MyUserActivity

Do you need the other fields included in the user_policies dict like HTTPAction, HTTPSAction, etc?

@mamullen13316 commented on GitHub (Jul 4, 2025): > Thanks for the update, I’d like to ask one small thing > > I’m not able to list down the rules of each web policy when getting them. Would it be possible to get the rules of a web policy by the assigned user. Therefore it lists down the assigned web activities and the other settings associated with that rule of that user… Would something like this work for you? ```python user_policies = parse_user_policies(webpolicies) # webpolicies is the output of get_webfilterpolicy() user_policies {'firewall_apiuser': {'policies': {'test1': ['testactivity2'], 'MyPolicyWithUserAssignedActivity': ['testactivity2'], 'MyCustomPolicy1': ['testactivity2', 'Extreme'], 'MyPolicyWithCustomUserActivity': ['MyUserActivity']}}, 'Guest Group': {'policies': {'MyPolicy2': ['Militancy & Extremist', 'Extreme'], 'MyPolicyWithCustomUserActivity': ['MyUserActivity']}}} ``` This is the output of a function that takes the results of fw.get_webfilterpolicy() and returns the above dict. Then you can parse it to pull out the data. For example: ```python def print_user_policies(user_policies): print(f"{'Name':<25}{'Policy':<50}{'Category':<50}") for user, data in user_policies.items(): for policy, category in data['policies'].items(): print(f"{user:<25}{policy:<50}{', '.join(category):<50}") >>> print_user_policies(user_policies) Name Policy Category firewall_apiuser test1 testactivity2 firewall_apiuser MyPolicyWithUserAssignedActivity testactivity2 firewall_apiuser MyCustomPolicy1 testactivity2, Extreme firewall_apiuser MyPolicyWithCustomUserActivity MyUserActivity Guest Group MyPolicy2 Militancy & Extremist, Extreme Guest Group MyPolicyWithCustomUserActivity MyUserActivity ``` Do you need the other fields included in the user_policies dict like HTTPAction, HTTPSAction, etc?

kerem referenced this issue

2026-02-27 23:18:40 +03:00

[PR #2] [MERGED] update to v0.1.5 #4

Rows
Columns

[GH-ISSUE #94] Get and list down web policies #2