Policy > Security > North South Security

Associated URIs:

API Description API Path

List gateway policies


List all gateway policies for specified Domain.
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies

Delete GatewayPolicy


Delete GatewayPolicy
DELETE /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>

Read gateway policy


Read gateway policy for a domain.
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>

Update gateway policy


Update the gateway policy for a domain. This is a full replace.
All the rules are replaced.
Performance Note: If you want to edit several rules in a gateway policy
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
PATCH /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>

Revise the positioning of gateway policy


This is used to set a precedence of a gateway policy w.r.t others.
POST /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>?action=revise

Update gateway policy


Update the gateway policy for a domain. This is a full replace.
All the rules are replaced.
Performance Note: If you want to edit several rules in a gateway policy,
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
PUT /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>

List rules


List rules
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules

Delete rule


Delete rule
DELETE /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>

Read rule


Read rule
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>

Update gateway rule


Update the gateway rule.
Create new rule if a rule with the rule-id is not already present.
Performance Note: If you want to edit several rules in a gateway policy,
prefer below mentioned API for optimal performance.
Pass all the rules which you wish to edit as embedded rules to it.
Use this API - PATCH (or PUT)
/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>

Concurrency Note: Concurrent firewall rule creation is not supported under the same Gateway Policy.
PATCH /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>

Revise the positioning of gateway rule


This is used to re-order a gateway rule within a gateway policy.
POST /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>?action=revise

Update gateway rule


Update the gateway rule.
Create new rule if a rule with the rule-id is not already present.
Performance Note: If you want to edit several rules in a gateway policy,
prefer below mentioned API for optimal performance.
Pass all the rules which you wish to edit as embedded rules to it.
Use this API - PATCH (or PUT)
/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>

Concurrency Note: Concurrent firewall rule creation is not supported under the same Gateway Policy.
PUT /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>

Get gateway rule statistics


Get statistics of a gateway rule.
- no enforcement point path specified: Stats will be evaluated on each enforcement.
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>/statistics
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/rules/<rule-id>/statistics

Get gateway policy statistics


Get statistics of a gateay policy.
- no enforcement point path specified: Stats will be evaluated on each enforcement.
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/statistics
GET /policy/api/v1/global-infra/domains/<domain-id>/gateway-policies/<gateway-policy-id>/statistics

List IDS gateway policies


List all IDS gateway policies for specified Domain.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies (Experimental)

Delete IDS GatewayPolicy


Delete IDS GatewayPolicy
DELETE /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id> (Experimental)

Read IDS gateway policy


Read IDS gateway policy for a domain.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id> (Experimental)

Update IDS gateway policy


Update the IDS gateway policy for a domain.
PATCH /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id> (Experimental)

Revise the positioning of IDS gateway policy


This is used to set a precedence of a IDS gateway policy w.r.t others.
POST /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>?action=revise (Experimental)

Update IDS gateway policy


Update the IDS gateway policy for a domain.
PUT /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id> (Experimental)

List IDS Gateway rules


List IDS Gateway rules
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules (Experimental)

Delete IDS Gateway rule


Delete IDS Gateway rule
DELETE /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id> (Experimental)

Read IDS rule


Read IDS rule
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id> (Experimental)

Update IDS gateway rule


Update the gateway rule.
PATCH /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id> (Experimental)

Revise the positioning of IDS gateway rule


This is used to re-order a IDS gateway rule within a IDS gateway policy.
POST /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>?action=revise (Experimental)

Create or Update IDS gateway rule


Create or Update the IDS gateway rule.
PUT /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id> (Experimental)

Get IDS gateway rule statistics


Get statistics of a IDS gateway rule.
- no enforcement point path specified: Stats will be evaluated on each enforcement.
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/rules/<rule-id>/statistics (Experimental)

Get IDS gateway policy statistics


Get statistics of a IDS gateway policy.
- no enforcement point path specified: Stats will be evaluated on each enforcement.
point.
- {enforcement_point_path}: Stats are evaluated only on the given enforcement point.
GET /policy/api/v1/infra/domains/<domain-id>/intrusion-service-gateway-policies/<policy-id>/statistics (Experimental)

List TLS Config Profiles


API will list all TLS Config Profiles
GET /policy/api/v1/infra/security/tls-inspection-config-profiles (Experimental)
GET /policy/api/v1/global-infra/security/tls-inspection-config-profiles (Experimental)

Delete TLS Config Profile


API will delete TLS Config Profile
DELETE /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
DELETE /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)

Get TLS Config Profile


API will get TLS Config Profile
GET /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
GET /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)

Create or update TLS Config Profile


API will create/update TLS Config Profile
PATCH /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
PATCH /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)

Update TLS Config Profile


API will update TLS Config Profile
PUT /policy/api/v1/infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)
PUT /policy/api/v1/global-infra/security/tls-inspection-config-profiles/<tls-inspection-config-profile> (Experimental)

Get the list of gateway firewall dependent services


Get the list of gateway firewall dependent services
GET /policy/api/v1/infra/settings/firewall/gateway/dependent-services

Delete FqdnAnalysisConfig


Delete FqdnAnalysisConfig from the passed edge cluser node.
DELETE /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config

Get FqdnAnalysisConfig


Gets a FqdnAnalysisConfig. This returns the details of the
config like whether the FQDN Analysis is enabled or disabled for
the given edge cluster.
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config

Create or Update FqdnAnalysisConfig


Creates/Updates a FqdnAnalysisConfig object. If FqdnAnalysisConfig object does not exists for the passed edge-cluster node,
create a new FqdnAnalysisConfig object. If it already exists, patch it.
PATCH /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config

Create or Update FqdnAnalysisConfig


Creates/Updates FqdnAnalysisConfig Object for
the given edge cluster. If FqdnAnalysisConfig object is not already present, creates it.
If it already exists, replace with this object.
PUT /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/fqdn-analysis-config

Delete PolicyUrlCategorizationConfig


Delete PolicyUrlCategorizationConfig. If deleted, the URL categorization
will be disabled for that edge cluster.
DELETE /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>

Get PolicyUrlCategorizationConfig


Gets a PolicyUrlCategorizationConfig. This returns the details of the
config like whether the URL categorization is enabled or disabled, the id
of the context profiles which are used to filter the categories, and the
update frequency of the data from the cloud.
GET /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>

Create or Update PolicyUrlCategorizationConfig


Creates/Updates a PolicyUrlCategorizationConfig. Creating or updating the
PolicyUrlCategorizationConfig will enable or disable URL categorization for
the given edge cluster. If the context_profiles field is empty, the edge
cluster will detect all the categories of URLs. If context_profiles field
has any context profiles, the edge cluster will detect only the categories
listed within those context profiles. The context profiles should have
attribute type URL_CATEGORY. The update_frequency specifies how frequently
in minutes, the edge cluster will get updates about the URL data from the
URL categorization cloud service. If the update_frequency is not specified,
the default update frequency will be 30 min.
PATCH /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>

Create or Update PolicyUrlCategorizationConfig


Creates/Updates a PolicyUrlCategorizationConfig. Creating or updating the
PolicyUrlCategorizationConfig will enable or disable URL categorization for
the given edge cluster. If the context_profiles field is empty, the edge
cluster will detect all the categories of URLs. If context_profiles field
has any context profiles, the edge cluster will detect only the categories
listed within those context profiles. The context profiles should have
attribute type URL_CATEGORY. The update_frequency specifies how frequently
in minutes, the edge cluster will get updates about the URL data from the
URL categorization cloud service. If the update_frequency is not specified,
the default update frequency will be 30 min.
PUT /policy/api/v1/infra/sites/<site-id>/enforcement-points/<enforcement-point-id>/edge-clusters/<edge-cluster-id>/url-categorization-configs/<url-categorization-config-id>

Get list of gateway policies with rules that belong to the specific Tier-0 logical router.


Get filtered view of gateway rules associated
with the Tier-0. The gateay policies are returned in the
order of category and precedence.
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/gateway-firewall
GET /policy/api/v1/global-infra/tier-0s/<tier-0-id>/gateway-firewall

Get list of gateway policies with rules that belong to the specific Tier-0 LocalServices.


Get filtered view of Gateway Firewall rules associated
with the Tier-0 Locale Services. The gateway policies are
returned in the order of category and sequence number.
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/locale-services/<locale-services-id>/gateway-firewall
GET /policy/api/v1/global-infra/tier-0s/<tier-0-id>/locale-services/<locale-services-id>/gateway-firewall

Delete security config


Delete security config
DELETE /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config

Read Security Feature


Read Security Feature.
GET /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config

Create or Update security configuration


Create a T0 security configuration if it is not already present,
otherwise update the security onfiguration.
PATCH /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config

Create or Update security configuration


Create or update security configuration.
PUT /policy/api/v1/infra/tier-0s/<tier-0-id>/security-config

Get list of gateway policies with rules that belong to the specific Tier-1.


Get filtered view of Gateway Firewall rules associated with the Tier-1.
The gateway policies are returned in the order of category and sequence number.
GET /policy/api/v1/global-infra/tier-1s/<tier-1-id>/gateway-firewall
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/gateway-firewall

Get list of gateway policies with rules that belong to the specific Tier-1 LocalServices.


Get filtered view of Gateway Firewall rules associated
with the Tier-1 Locale Services. The gateway policies are
returned in the order of category and sequence number.
GET /policy/api/v1/global-infra/tier-1s/<tier-1-id>/locale-services/<locale-services-id>/gateway-firewall
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/locale-services/<locale-services-id>/gateway-firewall

Read Security Feature


Read Security Feature.
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/security-config

Create or Update security configuration


Create a security configuration if it is not already present,
otherwise update the security onfiguration.
PATCH /policy/api/v1/infra/tier-1s/<tier-1-id>/security-config

Create or Update security configuration


Create or update security configuration.
PUT /policy/api/v1/infra/tier-1s/<tier-1-id>/security-config

TLS inspection execution state details for the tier1


TLS inspection execution state details for the tier1
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state

TLS inspection execution state fqdn details for the tier1


TLS inspection execution state fqdn details for the tier1
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state/fqdns

Get TLS inspection FQDN state


Get TLS inspection FQDN state
GET /policy/api/v1/infra/tier-1s/<tier-1-id>/tls-inspection-state/fqdns/<fqdn-id>

Delete TLS Config Profile Binding for Tier-1 Logical Router


API will delete TLS Config Profile Binding for Tier-1 Logical Router.
DELETE /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>

Get TLS Config Profile Binding Map for Tier-1 Logical Router


API will get TLS Config Profile Binding Map for Tier-1 Logical Router.
GET /policy/api/v1/global-infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>
GET /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>

Create or update TLS Config Profile Binding Map for Tier-1 Logical Router


API will create or update TLS Config profile binding map for Tier-1 Logical Router.
PATCH /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>

Create or update TLS Config Profile Binding Map for Tier-1 Logical Router


API will create or update TLS Config profile binding map for Tier-1 Logical Router.
PUT /policy/api/v1/infra/tier-1s/<tier1-id>/tls-inspection-config-profile-bindings/<tls-inspection-config-profile-binding-id>

Get Tls profiles available.


List all the Tls profiles available by requested resource_type.
GET /policy/api/v1/infra/tls-inspection-action-profiles

Delete a Tls profile.


Deletes a Tls profile.
DELETE /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>

Get TLS profile with id.


Return Tls profile.
GET /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>

Create a Tls profile.


Create a Tls profile with values provided. It creates profile based on the resource_type in the payload.
Each action profile supports the following 3 pre-defined config setting defaults:
Balanced, High Fidelity and High Security.

1 - External Profile Balanced (default)
Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile
API payload:

{
"tls_config_setting": "BALANCED",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}

Profile with default settings:

{
"tls_config_setting": "BALANCED",
"invalid_cert_action": "ALLOW",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_1",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_1",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-balanced-profile",
"display_name": "external-balanced-profile",
"path": "/infra/tls-inspection-action-profiles/external-balanced-profile",
"relative_path": "external-balanced-profile",
"parent_path": "/infra",
"unique_id": "bb236080-e49d-4475-9eb3-b749b075164a",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622225641015,
"_last_modified_user": "admin",
"_last_modified_time": 1622225641015,
"_revision": 0
}


2 - External Profile High Fidelity
Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile
Sample intent path:

{
"tls_config_setting": "HIGH_FIDELITY",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}

Profile with default settings:

{
"tls_config_setting": "HIGH_FIDELITY",
"invalid_cert_action": "ALLOW",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "TRANSPARENT",
"client_min_tls_version": "",
"client_max_tls_version": "",
"server_min_tls_version": "",
"server_max_tls_version": "",
"client_cipher_suite": [],
"server_cipher_suite": [],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-high-fidelity-profile",
"display_name": "external-high-fidelity-profile",
"path": "/infra/tls-inspection-action-profiles/external-high-fidelity-profile",
"relative_path": "external-high-fidelity-profile",
"parent_path": "/infra",
"unique_id": "bb6c8604-c8eb-44dd-aded-7407e0ca887c",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622225537386,
"_last_modified_user": "admin",
"_last_modified_time": 1622225537386,
"_revision": 0
}


3 - External Profile High Security
Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile
Sample intent path:

{
"tls_config_setting": "HIGH_SECURITY",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}

Profile with default settings:

{
"tls_config_setting": "HIGH_SECURITY",
"invalid_cert_action": "BLOCK",
"decryption_fail_action": "BLOCK",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_2",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_2",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-high-security-profile",
"display_name": "external-high-security-profile",
"path": "/infra/tls-inspection-action-profiles/external-high-security-profile",
"relative_path": "external-high-security-profile",
"parent_path": "/infra",
"unique_id": "e19cbc40-c679-4f32-9e40-aa5eedf7f254",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622141786963,
"_last_modified_user": "admin",
"_last_modified_time": 1622225387352,
"_revision": 4
}


4 - Internal Profile Balanced
Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile
Sample intent path:

{
"tls_config_setting": "BALANCED",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}

Profile with default settings:

{
"tls_config_setting": "BALANCED",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_1",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_1",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-balanced-profile",
"display_name": "internal-balanced-profile",
"path": "/infra/tls-inspection-action-profiles/internal-balanced-profile",
"relative_path": "internal-balanced-profile",
"parent_path": "/infra",
"unique_id": "b8486763-843a-4894-8dfd-5bceebb10cd3",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071598527,
"_last_modified_user": "admin",
"_last_modified_time": 1622071598527,
"_revision": 0
}


5 - Internal Profile High Fidelity
Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile
Sample intent path:

{
"tls_config_setting": "HIGH_FIDELITY",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}

Profile with default settings:

{
"tls_config_setting": "HIGH_FIDELITY",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "TRANSPARENT",
"client_min_tls_version": "",
"client_max_tls_version": "",
"server_min_tls_version": "",
"server_max_tls_version": "",
"client_cipher_suite": [],
"server_cipher_suite": [],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-high-fidelity-profile",
"display_name": "internal-high-fidelity-profile",
"path": "/infra/tls-inspection-action-profiles/internal-high-fidelity-profile",
"relative_path": "internal-high-fidelity-profile",
"parent_path": "/infra",
"unique_id": "27609d17-e642-4a7a-b414-176b3f7eca8d",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071452299,
"_last_modified_user": "admin",
"_last_modified_time": 1622071452299,
"_revision": 0
}


6 - Internal Profile High Security
Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile
Sample intent path:

{
"tls_config_setting": "HIGH_SECURITY",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}


Profile with default settings:

{
"tls_config_setting": "HIGH_SECURITY",
"decryption_fail_action": "BLOCK",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_2",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_2",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-high-security-profile",
"display_name": "internal-high-security-profile",
"path": "/infra/tls-inspection-action-profiles/internal-high-security-profile",
"relative_path": "internal-high-security-profile",
"parent_path": "/infra",
"unique_id": "52e3e7e8-718d-4eaf-a177-501f196c421a",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071359539,
"_last_modified_user": "admin",
"_last_modified_time": 1622071359539,
"_revision": 0
}

PATCH /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>

Update a Tls profile.


Update user configurable properties of Tls profile.
Each action profile supports the following 3 pre-defined config setting defaults:
Balanced, High Fidelity and High Security.

1 - External Profile Balanced (default)
Sample intent path: /infra/tls-inspection-action-profiles/external-balanced-profile
API payload:

{
"tls_config_setting": "BALANCED",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}

Profile with default settings:

{
"tls_config_setting": "BALANCED",
"invalid_cert_action": "ALLOW",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_1",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_1",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-balanced-profile",
"display_name": "external-balanced-profile",
"path": "/infra/tls-inspection-action-profiles/external-balanced-profile",
"relative_path": "external-balanced-profile",
"parent_path": "/infra",
"unique_id": "bb236080-e49d-4475-9eb3-b749b075164a",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622225641015,
"_last_modified_user": "admin",
"_last_modified_time": 1622225641015,
"_revision": 0
}


2 - External Profile High Fidelity
Sample intent path: /infra/tls-inspection-action-profiles/external-high-fidelity-profile
Sample intent path:

{
"tls_config_setting": "HIGH_FIDELITY",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}

Profile with default settings:

{
"tls_config_setting": "HIGH_FIDELITY",
"invalid_cert_action": "ALLOW",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "TRANSPARENT",
"client_min_tls_version": "",
"client_max_tls_version": "",
"server_min_tls_version": "",
"server_max_tls_version": "",
"client_cipher_suite": [],
"server_cipher_suite": [],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-high-fidelity-profile",
"display_name": "external-high-fidelity-profile",
"path": "/infra/tls-inspection-action-profiles/external-high-fidelity-profile",
"relative_path": "external-high-fidelity-profile",
"parent_path": "/infra",
"unique_id": "bb6c8604-c8eb-44dd-aded-7407e0ca887c",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622225537386,
"_last_modified_user": "admin",
"_last_modified_time": 1622225537386,
"_revision": 0
}


3 - External Profile High Security
Sample intent path:/infra/tls-inspection-action-profiles/external-high-security-profile
Sample intent path:

{
"tls_config_setting": "HIGH_SECURITY",
"resource_type": "TlsInspectionExternalProfile",
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2"
}

Profile with default settings:

{
"tls_config_setting": "HIGH_SECURITY",
"invalid_cert_action": "BLOCK",
"decryption_fail_action": "BLOCK",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_2",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_2",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"proxy_trusted_ca_cert": "/infra/certificates/caCert1",
"proxy_untrusted_ca_cert": "/infra/certificates/caCert2",
"ocsp_must_staple": false,
"resource_type": "TlsInspectionExternalProfile",
"id": "external-high-security-profile",
"display_name": "external-high-security-profile",
"path": "/infra/tls-inspection-action-profiles/external-high-security-profile",
"relative_path": "external-high-security-profile",
"parent_path": "/infra",
"unique_id": "e19cbc40-c679-4f32-9e40-aa5eedf7f254",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622141786963,
"_last_modified_user": "admin",
"_last_modified_time": 1622225387352,
"_revision": 4
}


4 - Internal Profile Balanced
Sample intent path:/infra/tls-inspection-action-profiles/internal-balanced-profile
Sample intent path:

{
"tls_config_setting": "BALANCED",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}

Profile with default settings:

{
"tls_config_setting": "BALANCED",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_1",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_1",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"TLS_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_128_CBC_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384",
"TLS_RSA_WITH_AES_256_CBC_SHA256"
],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-balanced-profile",
"display_name": "internal-balanced-profile",
"path": "/infra/tls-inspection-action-profiles/internal-balanced-profile",
"relative_path": "internal-balanced-profile",
"parent_path": "/infra",
"unique_id": "b8486763-843a-4894-8dfd-5bceebb10cd3",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071598527,
"_last_modified_user": "admin",
"_last_modified_time": 1622071598527,
"_revision": 0
}


5 - Internal Profile High Fidelity
Sample intent path:/infra/tls-inspection-action-profiles/internal-high-fidelity-profile
Sample intent path:

{
"tls_config_setting": "HIGH_FIDELITY",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}

Profile with default settings:

{
"tls_config_setting": "HIGH_FIDELITY",
"decryption_fail_action": "BYPASS",
"crypto_enforcement": "TRANSPARENT",
"client_min_tls_version": "",
"client_max_tls_version": "",
"server_min_tls_version": "",
"server_max_tls_version": "",
"client_cipher_suite": [],
"server_cipher_suite": [],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-high-fidelity-profile",
"display_name": "internal-high-fidelity-profile",
"path": "/infra/tls-inspection-action-profiles/internal-high-fidelity-profile",
"relative_path": "internal-high-fidelity-profile",
"parent_path": "/infra",
"unique_id": "27609d17-e642-4a7a-b414-176b3f7eca8d",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071452299,
"_last_modified_user": "admin",
"_last_modified_time": 1622071452299,
"_revision": 0
}


6 - Internal Profile High Security
Sample intent path:/infra/tls-inspection-action-profiles/internal-high-security-profile
Sample intent path:

{
"tls_config_setting": "HIGH_SECURITY",
"resource_type": "TlsInspectionInternalProfile",
"server_certs_key": ["/infra/certificates/server-cert-1"],
"default_cert_key": "/infra/certificates/server-cert-1"
}


Profile with default settings:

{
"tls_config_setting": "HIGH_SECURITY",
"decryption_fail_action": "BLOCK",
"crypto_enforcement": "ENFORCE",
"client_min_tls_version": "TLS_V1_2",
"client_max_tls_version": "TLS_V1_2",
"server_min_tls_version": "TLS_V1_2",
"server_max_tls_version": "TLS_V1_2",
"client_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_cipher_suite": [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
],
"server_certs_key": [
"/infra/certificates/server-cert-1"
],
"default_cert_key": "/infra/certificates/server-cert-1",
"ocsp_must_staple": false,
"certificate_validation": false,
"resource_type": "TlsInspectionInternalProfile",
"id": "internal-high-security-profile",
"display_name": "internal-high-security-profile",
"path": "/infra/tls-inspection-action-profiles/internal-high-security-profile",
"relative_path": "internal-high-security-profile",
"parent_path": "/infra",
"unique_id": "52e3e7e8-718d-4eaf-a177-501f196c421a",
"marked_for_delete": false,
"overridden": false,
"trusted_ca_bundles": [
"/infra/cabundles/default_trusted_public_ca_bundle"
],
"crls": [
"/infra/crls/nsx_default_public_crl"
],
"idle_connection_timeout": 5400,
"_system_owned": false,
"_protection": "NOT_PROTECTED",
"_create_user": "admin",
"_create_time": 1622071359539,
"_last_modified_user": "admin",
"_last_modified_time": 1622071359539,
"_revision": 0
}

PUT /policy/api/v1/infra/tls-inspection-action-profiles/<action-profile-id>

List TLS policies


List all TLS policies.
GET /policy/api/v1/infra/tls-inspection-policies

Delete TlsPolicy


Delete TlsPolicy
DELETE /policy/api/v1/infra/tls-inspection-policies/<policy-id>

Read tls policy


Read TLS policy.
GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>

Update TLS policy


Update the TLS policy. This is a full replace.
All the rules are replaced.
Performance Note: If you want to edit several rules in a TLS policy
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
PATCH /policy/api/v1/infra/tls-inspection-policies/<policy-id>

Update TLS policy


Update the TLS policy. This is a full replace.
All the rules are replaced.
Performance Note: If you want to edit several rules in a TLS policy,
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
PUT /policy/api/v1/infra/tls-inspection-policies/<policy-id>

List TLS rules


List TLS rules
GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules

Delete rule


Delete rule
DELETE /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>

Read rule


Read rule
GET /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>

Update TLS rule


Update the TLS rule.
Create new rule if a rule with the rule-id is not already present.
Performance Note: If you want to edit several rules in a TLS policy,
prefer below mentioned API for optimal performance.
Pass all the rules which you wish to edit as embedded rules to it.
Use this API - PATCH (or PUT)
/infra/tls-inspection-policies/<policy-id>
PATCH /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>

Update TLS rule


Update the TLS rule.
Create new rule if a rule with the rule-id is not already present.
Performance Note: If you want to edit several rules in a TLS policy,
prefer below mentioned API for optimal performance.
Pass all the rules which you wish to edit as embedded rules to it.
Use this API - PATCH (or PUT)
/infra/tls-inspection-policies/<policy-id>
PUT /policy/api/v1/infra/tls-inspection-policies/<policy-id>/rules/<rule-id>

Get the list of URL categories.


Gets the list of categories. This will provide all the supported categories
along with their ids. Few examples of these categories are Shopping, Social
Networks, Streaming sites, etc.
GET /policy/api/v1/infra/url-categories

Get the list of reputation severity


Gets the list of reputation severities. This will provide all the supported
severities along with their ids, min and max reputaitons.
The min_reputation and max_reputation
specify the range of the reputations which belong to a particular
severity. For instance, any reputation between 1 to 20 belongs to the
severity 'High Risk'. Similary a reputation between 81 to 100 belong
to the severity 'Trustworthy'.
GET /policy/api/v1/infra/url-reputation-severities