API Description | API Path |
---|---|
List gateway policiesList all gateway policies for specified Domain. |
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies |
Delete GatewayPolicyDelete GatewayPolicy |
DELETE /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>
|
Read gateway policyRead gateway policy for a domain. |
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id> |
Update gateway policyUpdate the gateway policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a gateway policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. |
PATCH /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>
|
Revise the positioning of gateway policyThis is used to set a precedence of a gateway policy w.r.t others. |
POST /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>?action=revise
|
Update gateway policyUpdate the gateway policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a gateway policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. |
PUT /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>
|
List rulesList rules |
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules |
Delete ruleDelete rule |
DELETE /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>
|
Read ruleRead rule |
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id> |
Update gateway ruleUpdate the gateway rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a gateway policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains/<domain-id>/gateway-policies/<gateway-policy-id> Concurrency Note: Concurrent firewall rule creation is not supported under the same Gateway Policy. |
PATCH /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>
|
Revise the positioning of gateway ruleThis is used to re-order a gateway rule within a gateway policy. |
POST /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>?action=revise
|
Update gateway ruleUpdate the gateway rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a gateway policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains/<domain-id>/gateway-policies/<gateway-policy-id> Concurrency Note: Concurrent firewall rule creation is not supported under the same Gateway Policy. |
PUT /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>
|
Get gateway rule statisticsGet statistics of a gateway rule. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. |
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>/statistics
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>/statistics |
Get gateway policy statisticsGet statistics of a gateay policy. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. |
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/statistics
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/statistics |
List IDS gateway policiesList all IDS gateway policies for specified Domain. |
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies
|
Delete IDS GatewayPolicyDelete IDS GatewayPolicy |
DELETE /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>
|
Read IDS gateway policyRead IDS gateway policy for a domain. |
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>
|
Update IDS gateway policyUpdate the IDS gateway policy for a domain. |
PATCH /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>
|
Revise the positioning of IDS gateway policyThis is used to set a precedence of a IDS gateway policy w.r.t others. |
POST /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>?action=revise
|
Update IDS gateway policyUpdate the IDS gateway policy for a domain. |
PUT /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>
|
List IDS Gateway rulesList IDS Gateway rules |
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules
|
Delete IDS Gateway ruleDelete IDS Gateway rule |
DELETE /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>
|
Read IDS ruleRead IDS rule |
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>
|
Update IDS gateway ruleUpdate the gateway rule. |
PATCH /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>
|
Revise the positioning of IDS gateway ruleThis is used to re-order a IDS gateway rule within a IDS gateway policy. |
POST /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>?action=revise
|
Create or Update IDS gateway ruleCreate or Update the IDS gateway rule. |
PUT /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>
|
Get IDS gateway rule statisticsGet statistics of a IDS gateway rule. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. |
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>/statistics
|
Get IDS gateway policy statisticsGet statistics of a IDS gateway policy. - no enforcement point path specified: Stats will be evaluated on each enforcement. point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. |
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/statistics
|
List TLS Config ProfilesAPI will list all TLS Config Profiles |
GET /policy/api/v1/infra/security/tls-inspection-config-profiles
(Experimental)
GET /policy/api/v1/global-infra/security/tls-inspection-config-profiles (Experimental) |
Delete TLS Config ProfileAPI will delete TLS Config Profile |
DELETE /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile>
(Experimental)
DELETE /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) |
Get TLS Config ProfileAPI will get TLS Config Profile |
GET /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile>
(Experimental)
GET /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) |
Create or update TLS Config ProfileAPI will create/update TLS Config Profile |
PATCH /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile>
(Experimental)
PATCH /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) |
Update TLS Config ProfileAPI will update TLS Config Profile |
PUT /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile>
(Experimental)
PUT /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental) |
Get the list of gateway firewall dependent servicesGet the list of gateway firewall dependent services |
GET /policy/api/v1/infra/settings/firewall/gateway/dependent-services
|
Delete FqdnAnalysisConfigDelete FqdnAnalysisConfig from the passed edge cluser node. |
DELETE /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config
|
Get FqdnAnalysisConfigGets a FqdnAnalysisConfig. This returns the details of the config like whether the FQDN Analysis is enabled or disabled for the given edge cluster. |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config
|
Create or Update FqdnAnalysisConfigCreates/Updates a FqdnAnalysisConfig object. If FqdnAnalysisConfig object does not exists for the passed edge-cluster node, create a new FqdnAnalysisConfig object. If it already exists, patch it. |
PATCH /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config
|
Create or Update FqdnAnalysisConfigCreates/Updates FqdnAnalysisConfig Object for the given edge cluster. If FqdnAnalysisConfig object is not already present, creates it. If it already exists, replace with this object. |
PUT /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config
|
Delete PolicyUrlCategorizationConfigDelete PolicyUrlCategorizationConfig. If deleted, the URL categorization will be disabled for that edge cluster. |
DELETE /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>
|
Get PolicyUrlCategorizationConfigGets a PolicyUrlCategorizationConfig. This returns the details of the config like whether the URL categorization is enabled or disabled, the id of the context profiles which are used to filter the categories, and the update frequency of the data from the cloud. |
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>
|
Create or Update PolicyUrlCategorizationConfigCreates/Updates a PolicyUrlCategorizationConfig. Creating or updating the PolicyUrlCategorizationConfig will enable or disable URL categorization for the given edge cluster. If the context_profiles field is empty, the edge cluster will detect all the categories of URLs. If context_profiles field has any context profiles, the edge cluster will detect only the categories listed within those context profiles. The context profiles should have attribute type URL_CATEGORY. The update_frequency specifies how frequently in minutes, the edge cluster will get updates about the URL data from the URL categorization cloud service. If the update_frequency is not specified, the default update frequency will be 30 min. |
PATCH /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>
|
Create or Update PolicyUrlCategorizationConfigCreates/Updates a PolicyUrlCategorizationConfig. Creating or updating the PolicyUrlCategorizationConfig will enable or disable URL categorization for the given edge cluster. If the context_profiles field is empty, the edge cluster will detect all the categories of URLs. If context_profiles field has any context profiles, the edge cluster will detect only the categories listed within those context profiles. The context profiles should have attribute type URL_CATEGORY. The update_frequency specifies how frequently in minutes, the edge cluster will get updates about the URL data from the URL categorization cloud service. If the update_frequency is not specified, the default update frequency will be 30 min. |
PUT /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>
|
Get list of gateway policies with rules that belong to the specific Tier-0 logical router.Get filtered view of gateway rules associated with the Tier-0. The gateay policies are returned in the order of category and precedence. |
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/gateway-firewall
GET /policy/api/v1/global-infra/tier-0s/<tier-0-id>/gateway-firewall |
Get list of gateway policies with rules that belong to the specific Tier-0 LocalServices.Get filtered view of Gateway Firewall rules associated with the Tier-0 Locale Services. The gateway policies are returned in the order of category and sequence number. |
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-services-id>/gateway-firewall
GET /policy/api/v1/global-infra/tier-0s/<tier-0-id>/locale-services/<locale-services-id>/gateway-firewall |
Delete security configDelete security config |
DELETE /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config
|
Read Security FeatureRead Security Feature. |
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config
|
Create or Update security configurationCreate a T0 security configuration if it is not already present, otherwise update the security onfiguration. |
PATCH /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config
|
Create or Update security configurationCreate or update security configuration. |
PUT /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config
|
Get list of gateway policies with rules that belong to the specific Tier-1.Get filtered view of Gateway Firewall rules associated with the Tier-1. The gateway policies are returned in the order of category and sequence number. |
GET /policy/api/v1/global-infra/tier-1s/<tier-1-id>/gateway-firewall
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/gateway-firewall |
Get list of gateway policies with rules that belong to the specific Tier-1 LocalServices.Get filtered view of Gateway Firewall rules associated with the Tier-1 Locale Services. The gateway policies are returned in the order of category and sequence number. |
GET /policy/api/v1/global-infra/tier-1s/<tier-1-id>/locale-services/<locale-services-id>/gateway-firewall
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-services-id>/gateway-firewall |
Read Security FeatureRead Security Feature. |
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/security-config
|
Create or Update security configurationCreate a security configuration if it is not already present, otherwise update the security onfiguration. |
PATCH /policy/api/v1/infra/tier-1s/<tier-1-id>/security-config
|
Create or Update security configurationCreate or update security configuration. |
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>/security-config
|
TLS inspection execution state details for the tier1TLS inspection execution state details for the tier1 |
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state
|
TLS inspection execution state fqdn details for the tier1TLS inspection execution state fqdn details for the tier1 |
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state/fqdns
|
Get TLS inspection FQDN stateGet TLS inspection FQDN state |
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state/fqdns/<fqdn-id>
|
Delete TLS Config Profile Binding for Tier-1 Logical RouterAPI will delete TLS Config Profile Binding for Tier-1 Logical Router. |
DELETE /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
|
Get TLS Config Profile Binding Map for Tier-1 Logical RouterAPI will get TLS Config Profile Binding Map for Tier-1 Logical Router. |
GET /policy/api/v1/global-infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
GET /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id> |
Create or update TLS Config Profile Binding Map for Tier-1 Logical RouterAPI will create or update TLS Config profile binding map for Tier-1 Logical Router. |
PATCH /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
|
Create or update TLS Config Profile Binding Map for Tier-1 Logical RouterAPI will create or update TLS Config profile binding map for Tier-1 Logical Router. |
PUT /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
|
Get Tls profiles available.List all the Tls profiles available by requested resource_type. |
GET /policy/api/v1/infra/tls-inspection-action-profiles
|
Delete a Tls profile.Deletes a Tls profile. |
DELETE /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
|
Get TLS profile with id.Return Tls profile. |
GET /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
|
Create a Tls profile.Create a Tls profile with values provided. It creates profile based on the resource_type in the payload. Each action profile supports the following 3 pre-defined config setting defaults: Balanced, High Fidelity and High Security. 1 - External Profile Balanced (default) Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile API payload:
Profile with default settings:
2 - External Profile High Fidelity Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile Sample intent path:
Profile with default settings:
3 - External Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile Sample intent path:
Profile with default settings:
4 - Internal Profile Balanced Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile Sample intent path:
Profile with default settings:
5 - Internal Profile High Fidelity Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile Sample intent path:
Profile with default settings:
6 - Internal Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile Sample intent path:
Profile with default settings:
|
PATCH /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
|
Update a Tls profile.Update user configurable properties of Tls profile. Each action profile supports the following 3 pre-defined config setting defaults: Balanced, High Fidelity and High Security. 1 - External Profile Balanced (default) Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile API payload:
Profile with default settings:
2 - External Profile High Fidelity Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile Sample intent path:
Profile with default settings:
3 - External Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile Sample intent path:
Profile with default settings:
4 - Internal Profile Balanced Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile Sample intent path:
Profile with default settings:
5 - Internal Profile High Fidelity Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile Sample intent path:
Profile with default settings:
6 - Internal Profile High Security Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile Sample intent path:
Profile with default settings:
|
PUT /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>
|
List TLS policiesList all TLS policies. |
GET /policy/api/v1/infra/tls-inspection-policies
|
Delete TlsPolicyDelete TlsPolicy |
DELETE /policy/api/v1/infra/tls-inspection-policies/<policy-id>
|
Read tls policyRead TLS policy. |
GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>
|
Update TLS policyUpdate the TLS policy. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a TLS policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. |
PATCH /policy/api/v1/infra/tls-inspection-policies/<policy-id>
|
Update TLS policyUpdate the TLS policy. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a TLS policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. |
PUT /policy/api/v1/infra/tls-inspection-policies/<policy-id>
|
List TLS rulesList TLS rules |
GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules
|
Delete ruleDelete rule |
DELETE /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
|
Read ruleRead rule |
GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
|
Update TLS ruleUpdate the TLS rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a TLS policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/tls-inspection-policies/<policy-id> |
PATCH /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
|
Update TLS ruleUpdate the TLS rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you want to edit several rules in a TLS policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/tls-inspection-policies/<policy-id> |
PUT /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>
|
Get the list of URL categories.Gets the list of categories. This will provide all the supported categories along with their ids. Few examples of these categories are Shopping, Social Networks, Streaming sites, etc. |
GET /policy/api/v1/infra/url-categories
|
Get the list of reputation severityGets the list of reputation severities. This will provide all the supported severities along with their ids, min and max reputaitons. The min_reputation and max_reputation specify the range of the reputations which belong to a particular severity. For instance, any reputation between 1 to 20 belongs to the severity 'High Risk'. Similary a reputation between 81 to 100 belong to the severity 'Trustworthy'. |
GET /policy/api/v1/infra/url-reputation-severities
|