Create a traffic change request

The FireFlow REST API creates a Traffic Change Request.

FireFlow validates the API to ensure that mandatory elements are in place, such as permissions, template, date formats, that any specified device exists in AFA, and so on.

Resource Name: /FireFlow/api/change-requests/traffic

Request Method: POST

Request Body:

Element

Type

Description
trafficChangeRequestDetails

TrafficChangeRequest type

Object body containing details for creation of traffic change request.

If you are using the StoreFirewallSuffixInHostGroup and StoreFirewallSuffixInServiceGroup configuration, the address format in source and destination fields must be as follows:

Firewall suffixes

This definition is translated from the fireall as follows:

<object_name>:fw:<firewall treeName>

For example: host-1:fw:My_GW1
Group suffixes

This definition is translated from the one of the group members, as follows:

<object_name>:grp:<firewall treeName>

For example: grp-1:grp:My_GW1

Source with firewall suffix example:

{

"source": {

"items": [{

"address": "host-1:fw:My_GW1"

}

]

}

If you are defining the device, you must enter the device database name, not the name displayed in the AFA device tree. Rule IDs must also be defined as the internal AFA IDs.

Retrieve both device database names and internal rule IDs using the following API:

https://<server_IP>/fa/server/rules/read?session=<FA_session_Id>&entity=<AFA_UI_display_name>

Any error messages that include the device name include the name displayed in AFA.

The attachment field accepts single or multiple values, and expects the following syntax: 'filename=<filename>:content=<encoded file content to base64 string>'

Additionally:

  • Filenames must be valid Linux filenames, including valid characters only, no more than 255 characters, and not an empty string.

  • Files must also have valid extensions, and not be of any file types listed in the RestrictedFileExtensionsInAttachment configuration.

  • File content should be encoded to base 64.

  • Before encoding, the file content should not exceed the maximum size configured in the MaxAttachmentSize configuration parameter.

    For details, see FireFlow configuration parameter reference.

Request example 

{
 "template": "Basic Change Traffic Request",
  "fields": [
  {
   "key": "subject",
   "values": [
    "Traffic_Ticket_Via_REST_API"
    ]
   },
   {
    "key": "Change Request Description",
    "values": [
     "add here the change request description"
    ]
   },
   {
    "name": "devices",
    "values": [
     "CKP1",
     "Cisco2"
    ]
   }
  ],
  "traffic": [{
   "source": {
    "items": [{
     "name": "1.1.1.0/24"
    },
    {
     "name": "host_object"
    }
   ]
  },
  "destination": {
   "items": [{
    "name": "2.2.2.2-2.2.2.150",
     "fields": [{
      "key": "CFPTI",
       "values": [
        "destination1"
       ]
     }]
   }]
  },
  "service": {
   "items": [{
    "name": "https"
    },
    {
     "name": "service_object"
     }
    ]
   },
   "user": {
    "items": [{
    "name": "user1"
   }]
  },
  "application": {
   "items": [{
   "name": "any"
   }]
  },
  "action": "Allow",
  "natDetails": {
   "source": ["9.9.9.9"],
   "destination": ["8.8.8.8"],
   "port": ["tcp/8080"],
   "type": "Static"
  },
  "fields": [{
   "key": "Requested Source Group Name",
   "values": [
   "sourceGroup100"
   ]
 }]
}]
}

Response: Response type