Retrieve rules

The get_rules request retrieves all the rules in a device's or group's policy.

The input will be the active session ID and the name of the device, group, or matrix. The output will be a list of all the rules of all the policies that apply to each device, including the value of each rule field.

Resource Name: /fa/server/rules/read

Request Method: GET

Request URL Parameters:

Element	Type	Description
sessionMandatory	String	Session ID returned in login request.
entityMandatory	String	The display name of the device, group, or matrix.
entityTypeOptional	String	One of the following: device (default) group matrix

Element

Type

Description

sessionMandatory

String

Session ID returned in login request.

entityMandatory

String

The display name of the device, group, or matrix.

entityTypeOptional

String

One of the following:

device (default)

group

matrix

Note: The page and size elements are not supported for the get_rules request.

Response:

Element	Type	Description
name	String	The name of the entity.
type	String	The entity type.
rules	A list of rule objects.	A list of rules, including the values for each rule's fields. The fields for each rule vary by device brand .
status	String	One of the following: true. Indicates the request succeeded. false. Indicates the request failed.
messageOnly is returned when the request fails.	String	An error message.

Request example

curl -H "Accept:application/json" -k "https://192.168.3.76/fa/server/rules/read?session=c69bcc3e6832149642b32e6f269c82c0&entity=admin

Response example

{

"0": {

"name": "admin",

"type": "DEVICE",

"rules": [

{

"ruleNum": "CSM_IPV6_FW_ACL_MGT(2)",

"ruleId": "0x3e40f580",

"deviceID": 468,

"source": ["TammarsIPv6"],

"isNegateSource": false,

"destination": ["ALONOBJ"],

"isNegateDestination": false,

"service": ["102"],

"isNegateService": false,

"action": "permit",

"enable": "enabled",

"log": "",

"comments": [""],

"time": [""],

"cli": ["ipv6 access-list CSM_IPV6_FW_ACL_MGT permit object-group 102 object-group TammarsIPv6 object-group ALONOBJ"]

{

"ruleNum":"CSM_IPV6_FW_ACL_MGT(6)",

"ruleId": "0x108b3f0b",

"deviceID": 468,

"source": ["fdf8:c07d:9849:25b1:1000:2000:3000:4001"],

"isNegateSource": false,

"destination": ["any"],

"isNegateDestination": false,

"service": ["tcp/588"],

"isNegateService": false,

"action": "permit",

"enable": "enabled",

"log": "informational",

"comments": ["FireFlow #6161 Einats comment"],

"time": [""],

"cli": ["ipv6 access-list CSM_IPV6_FW_ACL_MGT permit tcp host fdf8:c07d:9849:25b1:1000:2000:3000:4001 any eq 588 log"]

{

"ruleNum": "Int-30_access_in_1(16)",

"ruleId": "0xf15f1e42",

"deviceID": 468,

"source": ["10.30.9.147"],

"isNegateSource": false,

"destination": ["10.110.9.158"],

"isNegateDestination": false,

"service": ["tcp/16992"],

"isNegateService": false,

"action": "permit",

"enable": "enabled",

"log": "informational",

"comments": ["6988 AsherAdded"],

"time": [""],

"cli": ["access-list Int-30_access_in_1 extended permit tcp host 10.30.9.147 host 10.110.9.158 eq 16992 log"]

}

]

"status": true

}

Retrieve rules

Sorry about that

Want to tell us more?

Great!