Firewall Contexts

Overview

API used to create and modify firewall contexts on BIG-IQ.

REST Endpoint: /mgmt/cm/firewalls/working-config

Paths

List of firewall collections.

GET /mgmt/cm/firewalls/working-config/firewalls

Description

Returns the collection of firewalls.

Responses

HTTP Code Description Schema
200 Collection of firewalls. properties_firewall_collection
400 Error response “Bad Request” error_collection

Permissions

Role Allow
Trust Discovery Import Yes
Network Security Editor Yes
Network Security Manager Yes
Network Security Viewer Yes
Network Security Deployer Yes
Service Catalog Viewer Yes
Service Catalog Editor Yes
Application Editor Yes
Application Viewer Yes

Used to get a single firewall context.

GET /mgmt/cm/firewalls/working-config/firewalls/{objectId}

Description

Returns the firewall context identified by a endpoint URI.

Parameters

Type Name Description Schema Default
Path objectId Firewall object id required string(UUID) None

Responses

HTTP Code Description Schema
200 Firewall context object properties_firewall
400 Error response “Bad Request” error_collection

Permissions

Role Allow
Trust Discovery Import Yes
Network Security Editor Yes
Network Security Manager Yes
Network Security Viewer Yes
Network Security Deployer Yes
Service Catalog Viewer Yes
Service Catalog Editor Yes
Application Editor Yes
Application Viewer Yes

PATCH firewall policies into firewall context.

PATCH /mgmt/cm/firewalls/working-config/firewalls/{objectId}
{
    "enforcedPolicyReference": { "link": "<working config firewall policy self-link>" }
}

{
    "stagedPolicyReference": { "link": "<working config firewall policy self-link>" }
}

{
    "natPolicyReference": { "link": "<working config NAT policy self-link>" }
}

{
    "servicePolicyReference": { "link": "<working config service policy self-link>" }
}

Description

Will patch an enforced, staged, NAT and/or service policy reference link into the firewall context. Self-ip firewall context cannot have NAT policy.

Parameters

Type Name Description Schema Default
Path objectId Firewall object id required string(UUID) None

Responses

HTTP Code Description Schema
200 Patch firewall policies to firewalls success. properties_firewall
400 Error response “Bad Request” error_collection

Permissions

Role Allow
Network Security Editor Yes
Network Security Manager Yes

Definitions

error_collection

Name Description Schema
errorStack Error stack trace returned by java. optional, read-only string
items Collection of firewalls-error. optional, read-only < object > array
kind Type information for firewalls object. optional, read-only string
message Error message returned from server. optional, read-only string
requestBody The data in the request body. GET (None) optional, read-only string
requestOperationId Unique id assigned to rest operation. optional, read-only integer(int64)

properties_firewall

Name Description Schema
firewallIpAddress Firewall IP Address optional string
firewallType Firewall Type (vip, self-ip, route-domain, global, and management-ip) optional string
floating Is this a floating ip interfaces are part of a shared vlan in a cluster. optional boolean
enforcedPolicyReference Reference to a firewall policy of enforced type. optional string
servicePolicyReference Reference to a firewall service policy used by BIG-IP. optional string
stagedPolicyReference Reference to a firewall policy of staged type. optional string
natPolicyReference Reference to a firewall NAT policy used by BIG-IP. optional string
deviceReference Reference properties for device BIGIP. (id, name, kind, machineId, link) required string
subPath Name of virtual used as part of path. ex. Full Path /Partition/virtual.app optional string
useDevicePolicy Use device policy. yes/no optional string
useRouteDomainPolicy Use Route Domain policy. yes/no optional string
description Description of security firewall context. optional string
generation An integer that will track change made to a firewall object. generation. optional, read-only integer(int64)
id Unique id assigned to a firewall object. optional, read-only string
kind Type information for a firewall object. optional, read-only string
lastUpdateMicros Update time (micros) for last change made to a firewall object. time. optional, read-only integer(int64)
name Name of object. required string
partition BIGIP partition this object exists. required string
rulesCollectionReference Reference link to firewall rules assigned to this firewall object. optional rulesCollectionReference
selfLink A reference link URI to the firewall object. optional, read-only string

rulesCollectionReference

Name Description Schema
isSubcollection Is a subcollection (True/False) optional boolean
link Reference link to rules collection object. (In-line rules for firewalls not supported.) optional string

properties_firewall_collection

Name Description Schema
generation An integer that will track change made to a firewall collection object-generation. optional, read-only integer(int64)
items Collection of firewall-properties. optional, read-only < object > array
kind Type information for this firewall collection object. optional, read-only string
lastUpdateMicros Update time (micros) for last change made to a firewall collection object-time. optional, read-only integer(int64)
selfLink A reference link URI to the firewall collection object. optional, read-only string

Examples

None