Firewall Policy¶
Overview¶
API used to create and modify firewall policies on BIG-IQ.
REST Endpoint: /mgmt/cm/firewall/working-config¶
Paths¶
List of policy collections.¶
GET /mgmt/cm/firewall/working-config/policies
Description¶
Returns the collection of firewall policies.
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | Collection of firewall policies. | properties_collection |
400 | Error response “Bad Request” | error_collection |
Permissions¶
Role | Allow |
---|---|
Trust Discovery Import | Yes |
Network Security Editor | Yes |
Network Security Manager | Yes |
Network Security Deployer | Yes |
Network Security Viewer | Yes |
Service_Catalog_Viewer | Yes |
Used to get a single firewall policy.¶
GET /mgmt/cm/firewall/working-config/policies/{objectId}
Description¶
Returns the firewall policy identified by id for an endpoint URI.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Path | objectId | Policy object ID required | string(UUID) | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | Firewall policy object. | properties_policy |
400 | Server error response “Bad Request”. | error_collection |
Permissions¶
Role | Allow |
---|---|
Trust Discovery Import | Yes |
Network Security Editor | Yes |
Network Security Manager | Yes |
Network Security Deployer | Yes |
Network Security Viewer | Yes |
Service_Catalog_Viewer | Yes |
Used to get the rules for a firewall policy.¶
GET /mgmt/cm/firewall/working-config/policies/{objectId}/rules
Description¶
Returns the firewall rules subcollection for a policy.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Path | objectId | Collection of policy rule object id required | string(UUID) | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | Collection of firewall rules. | properties_collection |
400 | Error response “Bad Request” | properties_collection |
Permissions¶
Role | Allow |
---|---|
Trust Discovery Import | Yes |
Network Security Editor | Yes |
Network Security Manager | Yes |
Network Security Deployer | Yes |
Network Security Viewer | Yes |
Service_Catalog_Viewer | Yes |
Get a single rule for a firewall policy.¶
GET /policies/{objectId}/rules/{ruleId}
Description¶
Returns the firewall rule identified by a endpoint URI.
Parameters¶
Type | Name | Description | Schema | Default |
---|---|---|---|---|
Path | objectId | Policy object id required | string(UUID) | None |
Path | ruleId | Rule object id required | string(UUID) | None |
Responses¶
HTTP Code | Description | Schema |
---|---|---|
200 | Firewall rule object | properties_rule |
400 | Error response “Bad Request” | error_collection |
Permissions¶
Role | Allow |
---|---|
Trust Discovery Import | Yes |
Network Security Editor | Yes |
Network Security Manager | Yes |
Network Security Deployer | Yes |
Network Security Viewer | Yes |
Service_Catalog_Viewer | Yes |
Definitions¶
error_collection¶
Name | Description | Schema |
---|---|---|
errorStack | Error stack trace returned by java. optional, read-only | string |
items | Collection of policies-error. optional | < object > array |
kind | Type information for policy object. optional, read-only | string |
message | Error message returned from server. optional, read-only | string |
requestBody | The data in the request body. GET (None) optional, read-only | string |
requestOperationId | Unique id assigned to rest operation. optional, read-only | integer(int64) |
properties_collection¶
Name | Description | Schema |
---|---|---|
generation | An integer that will track change made to a policy object. generation. optional, read-only | integer(int64) |
items | Collection of policies-properties. optional | < object > array |
kind | Type information for this policy object. optional, read-only | string |
lastUpdateMicros | Update time (micros) for last change made to a policy object. time. optional, read-only | integer(int64) |
selfLink | A reference link URI to the policy object. optional, read-only | string |
properties_policy¶
Name | Description | Schema |
---|---|---|
description | Description of object. optional | string |
generation | A integer that will track change made to a policy object. generation. optional, read-only | integer(int64) |
id | Unique id assigned to a policy object. optional, read-only | string |
kind | Type information for this policy object. optional, read-only | string |
lastUpdateMicros | Update time (micros) for last change made to a policy object. time. optional, read-only | integer(int64) |
name | Name of object. required | string |
partition | BIG-IP partition on which this object exists. required | string |
rulesCollectionReference | Reference link to firewall rules assigned to this policy object. optional | rulesCollectionReference |
selfLink | A reference link URI to the policy object. optional, read-only | string |
rulesCollectionReference
Name | Description | Schema |
---|---|---|
isSubcollection | Is a subcollection (True/False) optional | boolean |
link | Reference link to rules collection object. optional | string |
properties_rule¶
Name | Description | Schema |
---|---|---|
action | Action taken for rule match (accept, accept-decisively, drop, reject). required | string |
destination | Destination object used by a rule, usually specified by (port-list, port-range, port, address-list, address-range, address, domain-name, country/region). optional | object |
evalOrder | Order in which server evaluates rules referenced in a policy object. optional | integer |
generation | An integer that will track change made to a policy rule object. generation. optional, read-only | integer(64) |
hitCountStatReference | Reference link to a object that maintains an integer for rule hit counts. optional | object |
iRule | Link to F5 iRule to a firewall policy. optional | string |
iRuleSampleRate | Sample rate of iRule. optional | integer |
id | Unique id assigned to a policy rule object. optional, read-only | string |
kind | Type information for this policy rule object. optional, read-only | string |
lastUpdateMicros | pdate time (micros) for last change made to a policy rule object. time optional, read-only | integer(64) |
log | Boolean used to enable / disable server logging for actions taken on packets. optional | boolean |
name | Name of the policy rule object. required | string |
protocol | IP protocol to match against packet. required | string |
ruidMaster | Used to generate rule UUIDs when deploying to BIG-IPs that support and have rule UUIDs enabled. optional | string |
ruidSeed | In conjuntion with ruidSeed, used to generate rule UUIDs when deploying to BIG-IPs that support and have rule UUIDs enabled. optional | integer(64) |
ruleListReference | Reference link to a rule-list object (list of rules managed in a single object.) optional | object |
scheduleReference | Reference link to a schedule object used by this policy object. optional | object |
selfLink | A reference link URI to the policy rule object. optional, read-only | string |
servicePolicyReference | Reference link to a service-policy object (used as a container for network idle timers and/or port misuse policies). optional | object |
source | Source object used by rule, usually specified by (port-list, port-range, port, address-list, address-range, address, domain-name, country/region, VLAN). optional | object |
state | State of rule. (disabled, enabled, scheduled). required | string |
Examples¶
None