Policy > Security > East West Security

Associated URIs:

API Description API Path

List communication maps


List all communication maps for a domain.
This API is deprecated. Please use the following API instead.
GET /infra/domains/domain-id/security-policies
GET /policy/api/v1/infra/domains/<domain-id>/communication-maps (Deprecated)

Deletes a communication map from this domain


Deletes the communication map along with all the communication entries
This API is deprecated. Please use the following API instead.
DELETE /infra/domains/domain-id/security-policies/security-policy-id
DELETE /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id> (Deprecated)

Read communication-map


Read communication-map for a domain.
This API is deprecated. Please use the following API instead.
GET /infra/domains/domain-id/security-policies/security-policy-id
GET /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id> (Deprecated)

Patch communication map


Patch the communication map for a domain. If a communication map for the
given communication-map-id is not present, the object will get created and
if it is present it will be updated. This is a full replace
This API is deprecated. Please use the following API instead.
PATCH /infra/domains/domain-id/security-policies/security-policy-id
PATCH /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id> (Deprecated)

Revise the positioning of communication maps


This is used to set a precedence of a communication map w.r.t others.
This API is deprecated. Please use the following API instead.
POST /infra/domains/domain-id/security-policies/security-policy-id?action=revise
POST /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>?action=revise (Deprecated)

Create or Update communication map


Create or Update the communication map for a domain. This is a full replace.
All the CommunicationEntries are replaced.
This API is deprecated. Please use the following API instead.
PUT /infra/domains/domain-id/security-policies/security-policy-id
PUT /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id> (Deprecated)

List CommunicationEntries


List CommunicationEntries
This API is deprecated. Please use the following API instead.
GET /infra/domains/domain-id/security-policies/security-policy-id/rules
GET /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries (Deprecated)

Delete CommunicationEntry


Delete CommunicationEntry
This API is deprecated. Please use the following API instead.
DELETE /infra/domains/domain-id/security-policies/security-policy-id/rules/rule-id
DELETE /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id> (Deprecated)

Read CommunicationEntry


Read CommunicationEntry
This API is deprecated. Please use the following API instead.
GET /infra/domains/domain-id/security-policies/security-policy-id/rules/rule-id
GET /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id> (Deprecated)

Patch a CommunicationEntry


Patch the CommunicationEntry. If a communication entry for the given
communication-entry-id is not present, the object will get created and if
it is present it will be updated. This is a full replace
This API is deprecated. Please use the following API instead.
PATCH /infra/domains/domain-id/security-policies/security-policy-id/rules/rule-id
PATCH /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id> (Deprecated)

Revise the positioning of communication entry


This is used to re-order a communictation entry within a communication map.
This API is deprecated. Please use the following API instead.
POST /infra/domains/domain-id/security-policies/security-policy-id/rules/rule-id?action=revise
POST /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id>?action=revise (Deprecated)

Create or update a CommunicationEntry


Update the CommunicationEntry. If a CommunicationEntry with the communication-entry-id
is not already present, this API fails with a 404. Creation of CommunicationEntries
is not allowed using this API.
This API is deprecated. Please use the following API instead
PUT /infra/domains/domain-id/security-policies/securit-policy-id/rules/rule-id
PUT /policy/api/v1/infra/domains/<domain-id>/communication-maps/<communication-map-id>/communication-entries/<communication-entry-id> (Deprecated)

List IDS security policies


List intrusion detection system security policies.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies

Delete IDS security policy


Delete intrusion detection system security policy.
DELETE /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>

Get IDS security policy.


Read intrusion detection system security policy.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>

Patch IDS security policy


Patch intrusion detection system security policy for a domain.
PATCH /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>

Revise the positioning of IDS security policies


This is used to set a precedence of a security policy w.r.t others.
POST /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>?action=revise

create or update IDS security policy


Update intrusion detection system security policy for a domain.
PUT /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>

List IDS rules


List intrusion detection rules.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>/rules

Delete IDS rule


Delete intrusion detection rule.
DELETE /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>/rules/<rule-id>

Get IDS rule.


Read intrusion detection rule
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>/rules/<rule-id>

Patch IDS rule


Patch intrusion detection system rule.
PATCH /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>/rules/<rule-id>

Revise the positioning of IDS rule


This is used to re-order a rule within a security policy.
POST /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>/rules/<rule-id>?action=revise

create or update IDS rule


Update intrusion detection system rule.
PUT /policy/api/v1/infra/domains/<domain-id>/intrusion-service-policies/<policy-id>/rules/<rule-id>

List security policies


List all security policies for a domain.
GET /policy/api/v1/infra/domains/<domain-id>/security-policies
GET /policy/api/v1/global-infra/domains/<domain-id>/security-policies

Deletes a security policy from this domain


Deletes the security policy along with all the rules
DELETE /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>

Read security policy


Read security policy for a domain.
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>
GET /policy/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>

Patch security policy


Patch the security policy for a domain. If a security policy for the given
security-policy-id is not present, the object will get created and if it is
present it will be updated. This is a full replace
PATCH /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>

Revise the positioning of security policies


This is used to set a precedence of a security policy w.r.t others.
POST /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>?action=revise

Create or Update security policy


Create or Update the security policy for a domain. This is a full replace.
All the rules are replaced.
PUT /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>

List rules


List rules
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules
GET /policy/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules

Delete rule


Delete rule
DELETE /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Read rule


Read rule
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>
GET /policy/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Patch a rule


Patch the rule. If Rule corresponding to the the given rule-id is
not present, the object will get created and if it is present it will be
updated. This is a full replace
PATCH /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Revise the positioning of rule


This is used to re-order a rule within a security policy.
POST /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>?action=revise

Create or update a rule


Update the rule. Create new rule if a rule with the rule-id is not already present.
PUT /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>

Get rule statistics


Get statistics of a rule.
- no enforcement point path specified: Stats will be evaluated on each enforcement
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>/statistics
GET /policy/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>/statistics

Get security policy statistics


Get statistics of a security policy.
- no enforcement point path specified: Stats will be evaluated on each enforcement
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>/statistics
GET /policy/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/statistics

List policy drafts


List policy drafts.
GET /policy/api/v1/infra/drafts

Delete a manual draft


Delete a manual draft.
DELETE /policy/api/v1/infra/drafts/<draft-id>

Read draft


Read a draft for a given draft identifier.
GET /policy/api/v1/infra/drafts/<draft-id>

Patch a manual draft


Create a new manual draft if the specified draft id does not correspond
to an existing draft. Update the manual draft otherwise.
Auto draft can not be updated.
PATCH /policy/api/v1/infra/drafts/<draft-id>

Publish a draft


Read a draft and publish it by applying changes onto current configuration.
POST /policy/api/v1/infra/drafts/<draft-id>?action=publish

Create or update a manual draft


Create a new manual draft if the specified draft id does not correspond
to an existing draft. Update the manual draft otherwise.
Auto draft can not be updated.
PUT /policy/api/v1/infra/drafts/<draft-id>

Get an aggregated configuration for the draft


Get an aggregated configuration that will get applied onto current
configuration during publish of this draft.
The response is a hierarichal payload containing the aggregated
configuration differences from the latest auto draft till the specified draft.
GET /policy/api/v1/infra/drafts/<draft-id>/aggregated

Get a preview of a configuration after publish of a draft


Get a preview of a configuration which will be present after publish of
a specified draft. The response essentially is a hierarichal payload
containing the configuration, which will be in active after a specified
draft gets published onto current configuration.
GET /policy/api/v1/infra/drafts/<draft-id>/complete

Get PolicyFirewallSchedulers


Get all PolicyFirewallSchedulers
GET /policy/api/v1/infra/firewall-schedulers
GET /policy/api/v1/global-infra/firewall-schedulers

Delete Policy Firewall Scheduler


Deletes the specified PolicyFirewallScheduler. If scheduler
is consumed in a security policy, it won't get deleted.
DELETE /policy/api/v1/infra/firewall-schedulers/<firewall-scheduler-id>

Get PolicyFirewallScheduler


Get a PolicyFirewallScheduler by id
GET /policy/api/v1/infra/firewall-schedulers/<firewall-scheduler-id>
GET /policy/api/v1/global-infra/firewall-schedulers/<firewall-scheduler-id>

Create or Update PolicyFirewallScheduler


Creates/Updates a PolicyFirewallScheduler, which can be set at security
policy. Note that at least one property out of "days", "start_date",
"time_interval", "end_date" is required if "recurring" field is true. Also
"start_time" and "end_time" should not be present. And if "recurring"
field is false then "start_date" and "end_date" is mandatory, "start_time"
and "end_time" is optional. Also the fields "days" and "time_interval"
should not be present.
PATCH /policy/api/v1/infra/firewall-schedulers/<firewall-scheduler-id>

Create or Update PolicyFirewallScheduler


Updates a PolicyFirewallScheduler, which can be set at security policy.
Note that at least one property out of "days", "start_date",
"time_interval", "end_date" is required if "recurring" field is true. Also
"start_time" and "end_time" should not be present. And if "recurring"
field is false then "start_date" and "end_date" is mandatory, "start_time"
and "end_time" is optional. Also the fields "days" and "time_interval"
should not be present.
PUT /policy/api/v1/infra/firewall-schedulers/<firewall-scheduler-id>

List compute cluster idfw Configuration


API will list all compute cluster wise identity firewall configuration
GET /policy/api/v1/infra/settings/firewall/idfw/cluster

Read compute cluster idfw configuration


Read compute cluster identity firewall configuration
GET /policy/api/v1/infra/settings/firewall/idfw/cluster/<cluster-id>

Patch compute cluster idfw configuration


Patch compute cluster identity firewall configuration.
PATCH /policy/api/v1/infra/settings/firewall/idfw/cluster/<cluster-id>

Create or update compute cluster idfw configuration


Update the compute cluster idfw configuration
PUT /policy/api/v1/infra/settings/firewall/idfw/cluster/<cluster-id>

Read idfw configuration for standalone host


Read identity firewall configuration for standalone host
GET /policy/api/v1/infra/settings/firewall/idfw/standalone-host-switch-setting

Patch idfw configuration for standalone host


Patch identity firewall configuration for standalone host
PATCH /policy/api/v1/infra/settings/firewall/idfw/standalone-host-switch-setting

Create or update idfw configuration for standalone host


Update the idfw configuration for standalone host
PUT /policy/api/v1/infra/settings/firewall/idfw/standalone-host-switch-setting

Get dfw firewall configuration


Get the current dfw firewall configurations.
GET /policy/api/v1/infra/settings/firewall/security

Update dfw firewall configuration


Update dfw firewall related configurations.
PATCH /policy/api/v1/infra/settings/firewall/security

Update dfw firewall configuration


Update dfw firewall related configurations.
PUT /policy/api/v1/infra/settings/firewall/security

Read security policy exclude list


Read exclude list for firewall
GET /policy/api/v1/infra/settings/firewall/security/exclude-list

Patch exclusion list for security policy


Patch exclusion list for security policy.
PATCH /policy/api/v1/infra/settings/firewall/security/exclude-list

Filter the firewall exclude list


Filter the firewall exclude list by the given object, to check whether
the object is a member of this exclude list.
POST /policy/api/v1/infra/settings/firewall/security/exclude-list?action=filter

Create or update exclusion list for security policy


Update the exclusion list for security policy
PUT /policy/api/v1/infra/settings/firewall/security/exclude-list

Get IDS system settings


Intrusion detection system settings.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services

Patch Intrusion detection system settings


Intrusion detection system settings.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services

Update Intrusion detection system settings


Intrusion detection system settings.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services

List IDS cluster configs


List intrusion detection system cluster configs.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs

Read IDS cluster config.


Read intrusion detection system cluster config
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs/<cluster-id>

Patch IDS config on cluster level


Patch intrusion detection system on cluster level.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs/<cluster-id>

create or update IDS config on cluster level


Update intrusion detection system on cluster level.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/cluster-configs/<cluster-id>

Read IDS config


Read intrusion detection system config of standalone hosts.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-standalone-host-config

Patch IDS configuration


Patch intrusion detection system configuration on standalone hosts.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-standalone-host-config

Create or update IDS configuration


Update intrusion detection system configuration on standalone hosts.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/ids-standalone-host-config

List IDS profiles


List intrusion detection profiles.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles

Delete IDS profile


Delete intrusion detection profile.
DELETE /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/<profile-id>

Get IDS profile.


Read intrusion detection profile
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/<profile-id>

Patch IDS profile


Patch intrusion detection system profile.
PATCH /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/<profile-id>

create or update IDS profile


Update intrusion detection profile.
PUT /policy/api/v1/infra/settings/firewall/security/intrusion-services/profiles/<profile-id>

Get IDS signature versions


Intrusion detection system signature versions.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/signature-versions

Change the state of IDS Signature Version


Make this IDS Signature version as ACTIVE version and other versions as NOTACTIVE.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/signature-versions?action=make_active_version

List IDS signatures


List intrusion detection system signatures.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/signature-versions/<version-id>/signatures

Upload IDS signatures bundle


Upload IDS signatures bundle
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/signatures?action=upload_signatures

Download and update IDS signatures


Trigger the process to Download and update the IDS signatures manually.
POST /policy/api/v1/infra/settings/firewall/security/intrusion-services/signatures?action=update_signatures

Get IDS signature status


Intrusion detection system signatures status.
GET /policy/api/v1/infra/settings/firewall/security/intrusion-services/signatures/status

Reset firewall rule statistics


Sets firewall rule statistics counter to zero. This operation is supported
for given category, for example: DFW i.e. for all layer3 firewall
(transport nodes only) rules or EDGE i.e. for all layer3 edge firewall
(edge nodes only) rules.
- no enforcement point path specified:
On global manager, it is mandatory to give an enforcement point path.
On local manager, reset of stats will be executed for each enforcement point.
- {enforcement_point_path}: Reset of stats will be executed only for the given enforcement point.
POST /policy/api/v1/infra/settings/firewall/stats?action=reset
POST /policy/api/v1/global-infra/settings/firewall/stats?action=reset