Skip to main content

206002 - pfSense Authorization Failed

Agent error code #206002 indicates that the agent authenticated to pfSense successfully but the API user lacks the privileges required to manage aliases. pfSense returned HTTP 403 (Forbidden).

This error is distinct from authentication failures (#206001), which occur when the API key is not accepted. Error #206002 means the API key is valid but cannot perform the operation.

Common causes include:

  • The API user lacks the WebCfg - Firewall: Aliases: Edit privilege
  • The API user lacks the WebCfg - Status: System: REST API privilege required to call the REST endpoints
  • A Knoc that creates the alias on first grant needs WebCfg - Firewall: Aliases: Import, and this is missing
  • The pfSense user was demoted or had privileges removed since the Knoc was configured

Steps to Resolve

Verify the API User's Effective Privileges

  1. Log into pfSense and navigate to System > User Manager > Users
  2. Open the user the API key acts as and review the Effective Privileges section
  3. Confirm the user has at least:
    • WebCfg - Firewall: Aliases: Edit
    • WebCfg - Status: System: REST API
    • WebCfg - Firewall: Aliases: Import (only required if Knocknoc is expected to create the alias on first grant)

For the full setup, see the pfSense setup guide.

Add Missing Privileges

  1. Click Add under Effective Privileges to grant additional privileges to the user
  2. Save the user and retry the grant in Knocknoc
Back to top