Trust an existing rule
Trust an existing rule. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the UID from the risky rule data in the response (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport).
Resource Name:
Request Method: POST
Request Parameters:
Element |
Type |
Description |
---|---|---|
risky_rule_ids Mandatory |
string |
Array of riskyRuledIds. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the trustParam from the risky rule data in the response trustRuleLinkParams (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport). |
risky_rule_lines | string | Risky Rule Line Number(s) to trust. |
trusted_traffic_risky_rules_requestMandatory |
List of Import trusted traffic request type object |
Import trusted traffic request. See Import trusted traffic request Type object. |
Import trusted traffic request Type
The following table describes the elements in the Import trusted traffic request type object:
Element |
Type |
Description |
---|---|---|
comment |
string |
Comment |
expiration_date | integer | Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future. |
tree_name Mandatory | string | The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name. |
trust_Traffic_Level_To_apply Mandatory | string | Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group. |
trust_future_host_groups_changes Mandatory | boolean |
Trust future host group changes:
|
Response:
Code |
Description |
---|---|
200 |
Operation completed successfully |
400 |
Validation error |
401 |
Unauthorized |
Request cURL examples
Trust-curl -X POST "https://[machine IP]/afa/api/v1/trustedTraffic/trustRiskyRule" -H "accept: */*" -H "Content-Type: application/json" -d "{\"trusted_traffic_risky_rules_request\":{\"comment\":\"\",\"trust_future_host_groups_changes\":false,\"tree_name\":\"10_20_244_3_prod1\",\"trust_Traffic_Level_To_apply\":\"10.20.244.3_prod1\"},\"risky_rule_ids\":[\"104_1\"]}"
Request examples
{ "risky_rule_ids": [ "5" ], "trusted_traffic_risky_rules_request": { "tree_name": "Device", "trust_Traffic_Level_To_apply": "ALL_FIREWALLS", "trust_future_host_groups_changes": true } }
Related topics