Policy > Security > East West Security

Associated URIs:

API Description API Path

List security policies


List all security policies for a domain.
GET /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies

Deletes a security policy from this domain


Deletes the security policy along with all the rules
DELETE /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>

Read security policy


Read security policy for a domain.
GET /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>

Patch security policy


Patch the security policy for a domain. If a security policy for the given
security-policy-id is not present, the object will get created and if it is
present it will be updated. This is a full replace
PATCH /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>

Revise the positioning of security policies


This is used to set a precedence of a security policy w.r.t others.
POST /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>?action=revise

Create or Update security policy


Create or Update the security policy for a domain. This is a full replace.
All the rules are replaced.
PUT /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>

List rules


List rules
GET /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules

Delete rule


Delete rule
DELETE /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Read rule


Read rule
GET /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Patch a rule


Patch the rule. If Rule corresponding to the the given rule-id is
not present, the object will get created and if it is present it will be
updated. This is a full replace
PATCH /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Revise the positioning of rule


This is used to re-order a rule within a security policy.
POST /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>?action=revise

Create or update a rule


Update the rule. Create new rule if a rule with the rule-id is not already present.
PUT /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Get rule statistics


Get statistics of a rule.
- no enforcement point path specified: Stats will be evaluated on each enforcement
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>/statistics

Get security policy statistics


Get statistics of a security policy.
- no enforcement point path specified: Stats will be evaluated on each enforcement
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /global-manager/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/statistics

Get PolicyFirewallSchedulers


Get all PolicyFirewallSchedulers
GET /global-manager/api/v1/global-infra/firewall-schedulers

Delete Policy Firewall Scheduler


Deletes the specified PolicyFirewallScheduler. If scheduler
is consumed in a security policy, it won't get deleted.
DELETE /global-manager/api/v1/global-infra/firewall-schedulers/<firewall-scheduler-id>

Get PolicyFirewallScheduler


Get a PolicyFirewallScheduler by id
GET /global-manager/api/v1/global-infra/firewall-schedulers/<firewall-scheduler-id>

Create or Update PolicyFirewallScheduler


Creates/Updates a PolicyFirewallScheduler, which can be set at security
policy. Note that at least one property out of "days", "start_date",
"time_interval", "end_date" is required if "recurring" field is true. Also
"start_time" and "end_time" should not be present. And if "recurring"
field is false then "start_date" and "end_date" is mandatory, "start_time"
and "end_time" is optional. Also the fields "days" and "time_interval"
should not be present.
PATCH /global-manager/api/v1/global-infra/firewall-schedulers/<firewall-scheduler-id>

Create or Update PolicyFirewallScheduler


Updates a PolicyFirewallScheduler, which can be set at security policy.
Note that at least one property out of "days", "start_date",
"time_interval", "end_date" is required if "recurring" field is true. Also
"start_time" and "end_time" should not be present. And if "recurring"
field is false then "start_date" and "end_date" is mandatory, "start_time"
and "end_time" is optional. Also the fields "days" and "time_interval"
should not be present.
PUT /global-manager/api/v1/global-infra/firewall-schedulers/<firewall-scheduler-id>

Reset firewall rule statistics


Sets firewall rule statistics counter to zero. This operation is supported
for given category, for example: DFW i.e. for all layer3 firewall
(transport nodes only) rules or EDGE i.e. for all layer3 edge firewall
(edge nodes only) rules.
- no enforcement point path specified:
On global manager, it is mandatory to give an enforcement point path.
On local manager, reset of stats will be executed for each enforcement point.
- {enforcement_point_path}: Reset of stats will be executed only for the given enforcement point.
POST /global-manager/api/v1/global-infra/settings/firewall/stats?action=reset