Add a new trusted traffic request

Add a new trusted traffic request.

Warning: If other devices in the group do not have the relevant host group, adding trusted traffic to the group level can cause mismatches to the resulted trusted traffic

Resource Name: /api/v1/trustedTraffic

Request Method: POST

Request Parameters:

Element

Type

Description

destination
Mandatory

String

Destination can be host group, IP or range

service
Mandatory

boolean

Create new object, if not exist already.

  • False if no objects exist, enter service name only. See service name Type.
  • True if objects exist, enter service name and service details. See service name Type and service details Type
source
Mandatory

String

Source can be host group, IP or range

trusted_traffic_request Mandatory

List of import trusted traffic request objects

See import trusted traffic request Type objects.

service name Type

The following table describes the elements in the service name type object:

Element

Type

Description

service_name
Mandatory

string

Service name. format: alphanumeric character only

service details Type

The following table describes the elements in the service_details type object:

Specify at least one of the src_port_high, src_port_low, dest_port_high, or dest_port_low

Element

Type

Description

dest_port_high

string

Destination port (highest value) for TCP/UDP.

dest_port_low string Destination port (lowest value) for TCP/UDP.
icmp_code string ICMP code standard.
icmp_type string ICMP type standard.
protocol string Protocol: TCP (default), UDP, ICMP.
src_port_high string Source port (highest value) for TCP/UDP.
src_port_low string Source port (lowest value) for TCP/UDP.

Import trusted traffic request Type

The following table describes the elements in the import trusted traffic request type object:

Element

Type

Description

comment

string

Comment

expiration_date integer Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future.
tree_name Mandatory string The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name.
trust_Traffic_Level_To_apply Mandatory string Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group.
trust_future_host_groups_changes Mandatory boolean

Trust future host group changes.

  • True: Trust future changes to hostgroups. Changes to the IP addresses within the host group will not cancel the trusted traffic rules.
  • False (default): Only trust IP addresses. Changes to the IP addresses in this traffic rule will cancel this trust traffic rule.

Response:

Code

Description

200

Operation completed successfully

400 invalid device name

401

Unauthorized

Request cURL examples

Add-curl -X POST "https://[machine IP]/afa/api/v1/trustedTraffic" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"destination\": \"Any\", \"service\": { \"create_new_object_if_not_exist\": false, \"service_name\": \"icmp\" }, \"source\": \"Any\", \"trusted_traffic_request\": { \"tree_name\": \"10_20_244_3_prod1\", \"trust_Traffic_Level_To_apply\": \"10.20.244.3_prod1\", \"trust_future_host_groups_changes\": false }}"

Request examples

{
  "destination": "Any",
  "service": {
    "create_new_object_if_not_exist": true,
    "service_details": {
      "dest_port_low": "242",
      "dest_port_high": "34",
      "src_port_high": "24",
      "src_port_low": "20"
    },
    "service_name": "stoptogo"
  },
  "source": "Any",
  "trusted_traffic_request": {
    "tree_name": "Nachos",
    "trust_Traffic_Level_To_apply": "Nachos",
    "trust_future_host_groups_changes": true
  }


}