| API Description | API Path |
|---|---|
Get list of entities in exclude list |
GET /api/v1/firewall/excludelist
|
Check if the object a member of the exclude list |
POST /api/v1/firewall/excludelist?action=check_if_exists
|
Remove an existing object from the exclude list |
POST /api/v1/firewall/excludelist?action=remove_member
|
Add a new object in the exclude list |
POST /api/v1/firewall/excludelist?action=add_member
|
Modify exclude list |
PUT /api/v1/firewall/excludelist
|
Get firewall profiles available.List all the firewall profiles available by requested resource_type. |
GET /api/v1/firewall/profiles
|
Create a firewall profile.Create a firewall profile with values provided. It creates profile based resource_type in the payload. |
POST /api/v1/firewall/profiles
|
Delete a firewall profile.Deletes a firewall profile. |
DELETE /api/v1/firewall/profiles/<profile-id>
|
Get all firewall session timer profiles.Return firewall session timer profile. |
GET /api/v1/firewall/profiles/<profile-id>
|
Update a firewall profile.Update user configurable properties of firewall profile. |
PUT /api/v1/firewall/profiles/<profile-id>
|
Read an Existing RuleReturn existing firewall rule information. |
GET /api/v1/firewall/rules/<rule-id>
|
Get the Realized State of a Firewall RuleReturn realized state information of a firewall rule. Returned response is same as rule's section realization state response. |
GET /api/v1/firewall/rules/<rule-id>/state
|
List All Firewall SectionsList all firewall section in paginated form. A default page size is limited to 1000 firewall sections. By default list of section is filtered by LAYER3 type. |
GET /api/v1/firewall/sections
|
Create a Section with RulesCreates a new firewall section with rules. The limit on the number of rules is defined by maxItems in collection types for FirewallRule (FirewallRuleXXXList types). When invoked on a section with a large number of rules, this API is supported only at low rates of invocation (not more than 4-5 times per minute). The typical latency of this API with about 1024 rules is about 4-5 seconds. This API should not be invoked with large payloads at automation speeds. More than 50 rules with a large number of rule references is not supported. Instead, to create sections, use: POST /api/v1/firewall/sections To create rules, use: POST /api/v1/firewall/sections/<section-id>/rules |
POST /api/v1/firewall/sections?action=create_with_rules
|
Create a New Empty SectionCreates new empty firewall section in the system. |
POST /api/v1/firewall/sections
|
Delete an Existing Section and Its Associated RulesRemoves firewall section from the system. Firewall section with rules can only be deleted by passing "cascade=true" parameter. |
DELETE /api/v1/firewall/sections/<section-id>
|
Get an Existing SectionReturns information about firewall section for the identifier. |
GET /api/v1/firewall/sections/<section-id>
|
Unlock a sectionUnlock a section |
POST /api/v1/firewall/sections/<section-id>?action=unlock
|
Get an Existing Section, Including RulesReturns firewall section information with rules for a section identifier. When invoked on a section with a large number of rules, this API is supported only at low rates of invocation (not more than 4-5 times per minute). The typical latency of this API with about 1024 rules is about 4-5 seconds. This API should not be invoked with large payloads at automation speeds. More than 50 rules with a large number rule references is not supported. Instead, to read firewall rules, use: GET /api/v1/firewall/sections/<section-id>/rules with the appropriate page_size. |
POST /api/v1/firewall/sections/<section-id>?action=list_with_rules
|
Lock a sectionLock a section |
POST /api/v1/firewall/sections/<section-id>?action=lock
|
Update an Existing Section, Including Its RulesModifies existing firewall section along with its association with rules. When invoked on a large number of rules, this API is supported only at low rates of invocation (not more than 2 times per minute). The typical latency of this API with about 1024 rules is about 15 seconds in a cluster setup. This API should not be invoked with large payloads at automation speeds. Instead, to update rule content, use: PUT /api/v1/firewall/sections/<section-id>/rules/<rule-id> Simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
POST /api/v1/firewall/sections/<section-id>?action=update_with_rules
|
Update an Existing Section, Including Its PositionModifies an existing firewall section along with its relative position among other firewall sections in the system. Simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
POST /api/v1/firewall/sections/<section-id>?action=revise
|
Update an Existing Section with RulesModifies an existing firewall section along with its relative position among other firewall sections with rules. When invoked on a large number of rules, this API is supported only at low rates of invocation (not more than 2 times per minute). The typical latency of this API with about 1024 rules is about 15 seconds in a cluster setup. This API should not be invoked with large payloads at automation speeds. Instead, to move a section above or below another section, use: POST /api/v1/firewall/sections/<section-id>?action=revise To modify rules, use: PUT /api/v1/firewall/sections/<section-id>/rules/<rule-id> Simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
POST /api/v1/firewall/sections/<section-id>?action=revise_with_rules
|
Update an Existing SectionModifies the specified section, but does not modify the section's associated rules. Simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
PUT /api/v1/firewall/sections/<section-id>
|
Get All the Rules for a SectionReturn all firewall rule(s) information for a given firewall section. |
GET /api/v1/firewall/sections/<section-id>/rules
|
Add Multiple Rules in a SectionCreate multiple firewall rules in existing firewall section bounded by limit of 1000 firewall rules per section. Adding multiple firewall rules in a section modifies parent section entity and simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
POST /api/v1/firewall/sections/<section-id>/rules?action=create_multiple
|
Add a Single Rule in a SectionAdds a new firewall rule in existing firewall section. Adding firewall rule to a section modifies parent section entity and simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale content to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
POST /api/v1/firewall/sections/<section-id>/rules
|
Delete an Existing RuleDelete existing firewall rule in a firewall section. Deleting firewall rule in a section modifies parent section and simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
DELETE /api/v1/firewall/sections/<section-id>/rules/<rule-id>
|
Read an Existing RuleReturn existing firewall rule information in a firewall section. |
GET /api/v1/firewall/sections/<section-id>/rules/<rule-id>
|
Update an Existing Rule and Reorder the RuleModifies existing firewall rule along with relative position among other firewall rules inside a firewall section. Revising firewall rule in a section modifies parent section entity and simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
POST /api/v1/firewall/sections/<section-id>/rules/<rule-id>?action=revise
|
Update an Existing RuleModifies existing firewall rule in a firewall section. Updating firewall rule in a section modifies parent section entity and simultaneous update (modify) operations on same section are not allowed to prevent overwriting stale contents to firewall section. If a concurrent update is performed, HTTP response code 409 will be returned to the client operating on stale data. That client should retrieve the firewall section again and re-apply its update. |
PUT /api/v1/firewall/sections/<section-id>/rules/<rule-id>
|
Get Firewall rule level statisticsGet aggregated statistics for a rule for given firewall section. The API only supports access to cached (source=cached) statistical data collected offline in the system. Data includes total number of packets, bytes, sessions counters and popularity index for a firewall rule and overall session count, max session count and max popularity index for all firewall rules on transport nodes or edge nodes. Aggregated statistics like maximum popularity index, maximum session count and total session count are computed with lower frequency compared to individual generic rule statistics, hence they may have a computation delay up to 15 minutes to reflect in response to this API. |
GET /api/v1/firewall/sections/<section-id>/rules/<rule-id>/stats
|
Get Firewall section level statistics sectionGet aggregated statistics for all rules for a given firewall section. The API only supports access to cached (source=cached) statistical data collected offline in the system. Data includes total number of packets, bytes, sessions counters and popularity index for a firewall rule and overall session count, max session count and max popularity index for all firewall rules on transport nodes or edge nodes. Aggregated statistics like maximum popularity index, maximum session count and total session count are computed with lower frequency compared to individual generic rule statistics, hence they may have a computation delay up to 15 minutes to reflect in response to this API. |
GET /api/v1/firewall/sections/<section-id>/rules/stats
|
Get the Realized State of a Firewall SectionReturn realized state information of a firewall section. |
GET /api/v1/firewall/sections/<section-id>/state
|
Get the summary of sections in the firewall configuration.List the summary of number of sections and number of rules for each firewall category (L2DFW, L3DFW). |
GET /api/v1/firewall/sections/summary
|
Reset firewall rule statisticsSets firewall rule statistics counter to zero. This operation is supported for given category, for example: L3DFW i.e. for all layer3 firewall (transport nodes only) rules or L3EDGE i.e. for all layer3 edge firewall (edge nodes only) rules or L3BRIDGEPORT i.e. for all layer3 bridge port firewall (bridge ports only) rules. |
POST /api/v1/firewall/stats?action=reset
|
List all firewall status for supported contexts |
GET /api/v1/firewall/status
|
Get firewall global status for dfw context |
GET /api/v1/firewall/status/<context-type>
|
Update global firewall status for dfw context |
PUT /api/v1/firewall/status/<context-type>
|
Get firewall status for target resource in dfw context |
GET /api/v1/firewall/status/<context-type>/<id>
|
Enable firewall on target resource in dfw context |
POST /api/v1/firewall/status/<context-type>/<id>?action=enable_firewall
|
Disable firewall on target resource in dfw context |
POST /api/v1/firewall/status/<context-type>/<id>?action=disable_firewall
|