Firewall Contexts
Overview
API used to create and modify firewall contexts on BIG-IQ.
REST Endpoint: /mgmt/cm/firewall/working-config
Paths
List of firewall collections.
GET /mgmt/cm/firewall/working-config/firewalls
Description
Returns the collection of firewalls.
Responses
HTTP Code |
Description |
Schema |
200 |
Collection of firewalls. |
properties_firewall_collection |
400 |
Error response “Bad Request” |
error_collection |
Permissions
Role |
Allow |
Trust Discovery Import |
Yes |
Network Security Editor |
Yes |
Network Security Manager |
Yes |
Network Security Viewer |
Yes |
Network Security Deployer |
Yes |
Service Catalog Viewer |
Yes |
Service Catalog Editor |
Yes |
Application Editor |
Yes |
Application Viewer |
Yes |
Used to get a single firewall context.
GET /mgmt/cm/firewall/working-config/firewalls/{objectId}
Description
Returns the firewall context identified by a endpoint URI.
Parameters
Type |
Name |
Description |
Schema |
Default |
Path |
objectId |
Firewall object id required |
string(UUID) |
None |
Responses
HTTP Code |
Description |
Schema |
200 |
Firewall context object |
properties_firewall |
400 |
Error response “Bad Request” |
error_collection |
Permissions
Role |
Allow |
Trust Discovery Import |
Yes |
Network Security Editor |
Yes |
Network Security Manager |
Yes |
Network Security Viewer |
Yes |
Network Security Deployer |
Yes |
Service Catalog Viewer |
Yes |
Service Catalog Editor |
Yes |
Application Editor |
Yes |
Application Viewer |
Yes |
PATCH firewall policies into firewall context.
PATCH /mgmt/cm/firewall/working-config/firewalls/{objectId}
{
"enforcedPolicyReference": { "link": "<working config firewall policy self-link>" }
}
{
"stagedPolicyReference": { "link": "<working config firewall policy self-link>" }
}
{
"natPolicyReference": { "link": "<working config NAT policy self-link>" }
}
{
"servicePolicyReference": { "link": "<working config service policy self-link>" }
}
Description
Will patch an enforced, staged, NAT and/or service policy reference link into the firewall context. Self-ip firewall context cannot have NAT policy.
Parameters
Type |
Name |
Description |
Schema |
Default |
Path |
objectId |
Firewall object id required |
string(UUID) |
None |
Responses
HTTP Code |
Description |
Schema |
200 |
Patch firewall policies to firewalls success. |
properties_firewall |
400 |
Error response “Bad Request” |
error_collection |
Permissions
Role |
Allow |
Network Security Editor |
Yes |
Network Security Manager |
Yes |
Definitions
error_collection
Name |
Description |
Schema |
errorStack |
Error stack trace returned by java. optional, read-only |
string |
items |
Collection of firewalls-error. optional, read-only |
< object > array |
kind |
Type information for firewalls object. optional, read-only |
string |
message |
Error message returned from server. optional, read-only |
string |
requestBody |
The data in the request body. GET (None) optional, read-only |
string |
requestOperationId |
Unique id assigned to rest operation. optional, read-only |
integer(int64) |
properties_firewall
Name |
Description |
Schema |
firewallIpAddress |
Firewall IP Address optional |
string |
firewallType |
Firewall Type (vip, self-ip, route-domain, global, and management-ip) optional |
string |
floating |
Is this a floating ip interfaces are part of a shared vlan in a cluster. optional |
boolean |
enforcedPolicyReference |
Reference to a firewall policy of enforced type. optional |
string |
servicePolicyReference |
Reference to a firewall service policy used by BIG-IP. optional |
string |
stagedPolicyReference |
Reference to a firewall policy of staged type. optional |
string |
natPolicyReference |
Reference to a firewall NAT policy used by BIG-IP. optional |
string |
deviceReference |
Reference properties for device BIGIP. (id, name, kind, machineId, link) required |
string |
subPath |
Name of virtual used as part of path. ex. Full Path /Partition/virtual.app optional |
string |
useDevicePolicy |
Use device policy. yes/no optional |
string |
useRouteDomainPolicy |
Use Route Domain policy. yes/no optional |
string |
description |
Description of security firewall context. optional |
string |
generation |
An integer that will track change made to a firewall object. generation. optional, read-only |
integer(int64) |
id |
Unique id assigned to a firewall object. optional, read-only |
string |
kind |
Type information for a firewall object. optional, read-only |
string |
lastUpdateMicros |
Update time (micros) for last change made to a firewall object. time. optional, read-only |
integer(int64) |
name |
Name of object. required |
string |
partition |
BIGIP partition this object exists. required |
string |
rulesCollectionReference |
Reference link to firewall rules assigned to this firewall object. optional |
rulesCollectionReference |
selfLink |
A reference link URI to the firewall object. optional, read-only |
string |
rulesCollectionReference
Name |
Description |
Schema |
isSubcollection |
Is a subcollection (True/False) optional |
boolean |
link |
Reference link to rules collection object. (In-line rules for firewalls not supported.) optional |
string |
properties_firewall_collection
Name |
Description |
Schema |
generation |
An integer that will track change made to a firewall collection object-generation. optional, read-only |
integer(int64) |
items |
Collection of firewall-properties. optional, read-only |
< object > array |
kind |
Type information for this firewall collection object. optional, read-only |
string |
lastUpdateMicros |
Update time (micros) for last change made to a firewall collection object-time. optional, read-only |
integer(int64) |
selfLink |
A reference link URI to the firewall collection object. optional, read-only |
string |