Retrieve rules

Retrieves all the rules in a device's or group's policy.

The response lists all the rules of all the policies that apply to each device, including the value of each rule field.

Resource Name:

/api/v1/rules

Request Method: GET

Request URL Parameters:

Element

Type

Description
entity Mandatory

String

The display name of the device, group, or matrix.
entityType Optional

String

One of the following:

  • Firewall (default)
    group
    matrix

Note: The page and size elements are not supported for this request.

Response:

Element

Type

Description
name

String

The name of the entity.
type

String

The entity type.
rules

A list of rule objects.

A list of rules, including the values for each rule's fields. The fields for each rule vary by device brand .
status

String

One of the following:

  • true. Indicates the request succeeded.
  • false. Indicates the request failed.
messageOnly is returned when the request fails.

String

An error message.

Request example 

curl -X GET "https://<localhost>/afa/api/v1/rules?entity=VR-Marigold-PA_vsys1_default&amp;entityType=FIREWALL" -H "accept: */*"

Response example

{

"0": {

"name": "admin",

"type": "DEVICE",

"rules": [

{

"ruleNum": "CSM_IPV6_FW_ACL_MGT(2)",

"ruleId": "0x3e40f580",

"deviceID": 468,

"source": ["TammarsIPv6"],

"isNegateSource": false,

"destination": ["ALONOBJ"],

"isNegateDestination": false,

"service": ["102"],

"isNegateService": false,

"action": "permit",

"enable": "enabled",

"log": "",

"comments": [""],

"time": [""],

"cli": ["ipv6 access-list CSM_IPV6_FW_ACL_MGT permit object-group 102 object-group TammarsIPv6 object-group ALONOBJ"]

},

{

"ruleNum":"CSM_IPV6_FW_ACL_MGT(6)",

"ruleId": "0x108b3f0b",

"deviceID": 468,

"source": ["fdf8:c07d:9849:25b1:1000:2000:3000:4001"],

"isNegateSource": false,

"destination": ["any"],

"isNegateDestination": false,

"service": ["tcp/588"],

"isNegateService": false,

"action": "permit",

"enable": "enabled",

"log": "informational",

"comments": ["FireFlow #6161 Einats comment"],

"time": [""],

"cli": ["ipv6 access-list CSM_IPV6_FW_ACL_MGT permit tcp host fdf8:c07d:9849:25b1:1000:2000:3000:4001 any eq 588 log"]

},

{

"ruleNum": "Int-30_access_in_1(16)",

"ruleId": "0xf15f1e42",

"deviceID": 468,

"source": ["10.30.9.147"],

"isNegateSource": false,

"destination": ["10.110.9.158"],

"isNegateDestination": false,

"service": ["tcp/16992"],

"isNegateService": false,

"action": "permit",

"enable": "enabled",

"log": "informational",

"comments": ["6988 AsherAdded"],

"time": [""],

"cli": ["access-list Int-30_access_in_1 extended permit tcp host 10.30.9.147 host 10.110.9.158 eq 16992 log"]

}

]

},

"status": true

}