Firewall Policy¶
Overview¶
API used to create and modify firewall policies on BIG-IQ.
REST Endpoint: /mgmt/cm/firewall/working-config¶
Paths¶
List of policy collections.¶
GET /mgmt/cm/firewall/working-config/policies
Description¶
Returns the collection of firewall policies.
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Collection of firewall policies. | properties_collection |
| 400 | Error response “Bad Request” | error_collection |
Permissions¶
| Role | Allow |
|---|---|
| Trust Discovery Import | Yes |
| Network Security Editor | Yes |
| Network Security Manager | Yes |
| Network Security Deployer | Yes |
| Network Security Viewer | Yes |
| Service_Catalog_Viewer | Yes |
Used to get a single firewall policy.¶
GET /mgmt/cm/firewall/working-config/policies/{objectId}
Description¶
Returns the firewall policy identified by id for an endpoint URI.
Parameters¶
| Type | Name | Description | Schema | Default |
|---|---|---|---|---|
| Path | objectId | Policy object ID required | string(UUID) | None |
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Firewall policy object. | properties_policy |
| 400 | Server error response “Bad Request”. | error_collection |
Permissions¶
| Role | Allow |
|---|---|
| Trust Discovery Import | Yes |
| Network Security Editor | Yes |
| Network Security Manager | Yes |
| Network Security Deployer | Yes |
| Network Security Viewer | Yes |
| Service_Catalog_Viewer | Yes |
Used to get the rules for a firewall policy.¶
GET /mgmt/cm/firewall/working-config/policies/{objectId}/rules
Description¶
Returns the firewall rules subcollection for a policy.
Parameters¶
| Type | Name | Description | Schema | Default |
|---|---|---|---|---|
| Path | objectId | Collection of policy rule object id required | string(UUID) | None |
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Collection of firewall rules. | properties_collection |
| 400 | Error response “Bad Request” | properties_collection |
Permissions¶
| Role | Allow |
|---|---|
| Trust Discovery Import | Yes |
| Network Security Editor | Yes |
| Network Security Manager | Yes |
| Network Security Deployer | Yes |
| Network Security Viewer | Yes |
| Service_Catalog_Viewer | Yes |
Get a single rule for a firewall policy.¶
GET /policies/{objectId}/rules/{ruleId}
Description¶
Returns the firewall rule identified by a endpoint URI.
Parameters¶
| Type | Name | Description | Schema | Default |
|---|---|---|---|---|
| Path | objectId | Policy object id required | string(UUID) | None |
| Path | ruleId | Rule object id required | string(UUID) | None |
Responses¶
| HTTP Code | Description | Schema |
|---|---|---|
| 200 | Firewall rule object | properties_rule |
| 400 | Error response “Bad Request” | error_collection |
Permissions¶
| Role | Allow |
|---|---|
| Trust Discovery Import | Yes |
| Network Security Editor | Yes |
| Network Security Manager | Yes |
| Network Security Deployer | Yes |
| Network Security Viewer | Yes |
| Service_Catalog_Viewer | Yes |
Definitions¶
error_collection¶
| Name | Description | Schema |
|---|---|---|
| errorStack | Error stack trace returned by java. optional, read-only | string |
| items | Collection of policies-error. optional | < object > array |
| kind | Type information for policy object. optional, read-only | string |
| message | Error message returned from server. optional, read-only | string |
| requestBody | The data in the request body. GET (None) optional, read-only | string |
| requestOperationId | Unique id assigned to rest operation. optional, read-only | integer(int64) |
properties_collection¶
| Name | Description | Schema |
|---|---|---|
| generation | An integer that will track change made to a policy object. generation. optional, read-only | integer(int64) |
| items | Collection of policies-properties. optional | < object > array |
| kind | Type information for this policy object. optional, read-only | string |
| lastUpdateMicros | Update time (micros) for last change made to a policy object. time. optional, read-only | integer(int64) |
| selfLink | A reference link URI to the policy object. optional, read-only | string |
properties_policy¶
| Name | Description | Schema |
|---|---|---|
| description | Description of object. optional | string |
| generation | A integer that will track change made to a policy object. generation. optional, read-only | integer(int64) |
| id | Unique id assigned to a policy object. optional, read-only | string |
| kind | Type information for this policy object. optional, read-only | string |
| lastUpdateMicros | Update time (micros) for last change made to a policy object. time. optional, read-only | integer(int64) |
| name | Name of object. required | string |
| partition | BIG-IP partition on which this object exists. required | string |
| rulesCollectionReference | Reference link to firewall rules assigned to this policy object. optional | rulesCollectionReference |
| selfLink | A reference link URI to the policy object. optional, read-only | string |
rulesCollectionReference
| Name | Description | Schema |
|---|---|---|
| isSubcollection | Is a subcollection (True/False) optional | boolean |
| link | Reference link to rules collection object. optional | string |
properties_rule¶
| Name | Description | Schema |
|---|---|---|
| action | Action taken for rule match (accept, accept-decisively, drop, reject). required | string |
| destination | Destination object used by a rule, usually specified by (port-list, port-range, port, address-list, address-range, address, domain-name, country/region). optional | object |
| evalOrder | Order in which server evaluates rules referenced in a policy object. optional | integer |
| generation | An integer that will track change made to a policy rule object. generation. optional, read-only | integer(64) |
| hitCountStatReference | Reference link to a object that maintains an integer for rule hit counts. optional | object |
| iRule | Link to F5 iRule to a firewall policy. optional | string |
| iRuleSampleRate | Sample rate of iRule. optional | integer |
| id | Unique id assigned to a policy rule object. optional, read-only | string |
| kind | Type information for this policy rule object. optional, read-only | string |
| lastUpdateMicros | pdate time (micros) for last change made to a policy rule object. time optional, read-only | integer(64) |
| log | Boolean used to enable / disable server logging for actions taken on packets. optional | boolean |
| name | Name of the policy rule object. required | string |
| protocol | IP protocol to match against packet. required | string |
| ruidMaster | Used to generate rule UUIDs when deploying to BIG-IPs that support and have rule UUIDs enabled. optional | string |
| ruidSeed | In conjuntion with ruidSeed, used to generate rule UUIDs when deploying to BIG-IPs that support and have rule UUIDs enabled. optional | integer(64) |
| ruleListReference | Reference link to a rule-list object (list of rules managed in a single object.) optional | object |
| scheduleReference | Reference link to a schedule object used by this policy object. optional | object |
| selfLink | A reference link URI to the policy rule object. optional, read-only | string |
| servicePolicyReference | Reference link to a service-policy object (used as a container for network idle timers and/or port misuse policies). optional | object |
| source | Source object used by rule, usually specified by (port-list, port-range, port, address-list, address-range, address, domain-name, country/region, VLAN). optional | object |
| state | State of rule. (disabled, enabled, scheduled). required | string |
Examples¶
None