Add a new trusted traffic request
Add a new trusted traffic request.
Warning: If other devices in the group do not have the relevant host group, adding trusted traffic to the group level can cause mismatches to the resulted trusted traffic
Resource Name:
Request Method: POST
Request Parameters:
Element |
Type |
Description |
---|---|---|
destination
Mandatory |
String |
Destination can be host group, IP or range |
service
Mandatory |
boolean |
Create new object, if not exist already.
|
source Mandatory |
String |
Source can be host group, IP or range |
trusted_traffic_request Mandatory |
List of import trusted traffic request objects |
See import trusted traffic request Type objects. |
service name Type
The following table describes the elements in the service name type object:
Element |
Type |
Description |
---|---|---|
service_name Mandatory |
string |
Service name. format: alphanumeric character only |
service details Type
The following table describes the elements in the service_details type object:
Specify at least one of the src_port_high, src_port_low, dest_port_high, or dest_port_low
Element |
Type |
Description |
---|---|---|
dest_port_high
|
string |
Destination port (highest value) for TCP/UDP. |
dest_port_low | string | Destination port (lowest value) for TCP/UDP. |
icmp_code | string | ICMP code standard. |
icmp_type | string | ICMP type standard. |
protocol | string | Protocol: TCP (default), UDP, ICMP. |
src_port_high | string | Source port (highest value) for TCP/UDP. |
src_port_low | string | Source port (lowest value) for TCP/UDP. |
Import trusted traffic request Type
The following table describes the elements in the import trusted traffic request type object:
Element |
Type |
Description |
---|---|---|
comment |
string |
Comment |
expiration_date | integer | Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future. |
tree_name Mandatory | string | The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name. |
trust_Traffic_Level_To_apply Mandatory | string | Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group. |
trust_future_host_groups_changes Mandatory | boolean |
Trust future host group changes.
|
Response:
Code |
Description |
---|---|
200 |
Operation completed successfully |
400 | invalid device name |
401 |
Unauthorized |
Request cURL examples
Add-curl -X POST "https://[machine IP]/afa/api/v1/trustedTraffic" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"destination\": \"Any\", \"service\": { \"create_new_object_if_not_exist\": false, \"service_name\": \"icmp\" }, \"source\": \"Any\", \"trusted_traffic_request\": { \"tree_name\": \"10_20_244_3_prod1\", \"trust_Traffic_Level_To_apply\": \"10.20.244.3_prod1\", \"trust_future_host_groups_changes\": false }}"
Request examples
{ "destination": "Any", "service": { "create_new_object_if_not_exist": true, "service_details": { "dest_port_low": "242", "dest_port_high": "34", "src_port_high": "24", "src_port_low": "20" }, "service_name": "stoptogo" }, "source": "Any", "trusted_traffic_request": { "tree_name": "Nachos", "trust_Traffic_Level_To_apply": "Nachos", "trust_future_host_groups_changes": true } }