Edit trusted traffic data
Edit an existing trusted traffic request using trusted traffic ID (Parameter: trusted_traffic_id).
To get the trusted_traffic_id value, use GET /trustedTraffic/firewalls/{firewallName} method
Warning: If other devices in the group do not have the relevant host group, editing trusted traffic to the group level can cause mismatches to the resulted trusted traffic
Resource Name:
Request Method: PUT
Request Parameters:
Element |
Type |
Description |
---|---|---|
destination Mandatory |
String |
Destination can be host group, IP or range |
service
Mandatory |
boolean |
Create new object if not exist.
|
source
Mandatory |
String |
Source can be host group, IP or range |
trusted_traffic_request
Mandatory |
List of Import trusted traffic request type objects |
A list of Import trusted traffic request information. See Import Trusted Traffic Request Type. |
trustedTrafficId Mandatory | integer | To get the trusted_traffic_id value, use GET /trustedTraffic/firewalls/{firewallName} method |
service_name Type
The following table describes the elements in the service_name type object:
Element |
Type |
Description |
---|---|---|
service_name Mandatory |
string |
Service name. |
service_details Type
The following table describes the elements in the service details type object:
Element |
Type |
Description |
---|---|---|
dest_port_high
|
string |
Destination port (highest value) for TCP/UDP |
dest_port_low | string | Destination port (lowest value) for TCP/UDP |
icmp_code | string | ICMP code standard |
icmp_type | string | ICMP type standard |
protocol | string | Protocol: TCP, UDP, ICMP |
src_port_high | string | Source port (highest value) for TCP/UDP |
src_port_low | string | Source port (lowest value) for TCP/UDP |
Import trusted traffic request Type
The following table describes the elements in the Import trusted traffic request type object:
Element |
Type |
Description |
---|---|---|
comment
Optional |
string |
Comment |
expiration_date Optional |
integer | Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future |
tree_name Mandatory |
string | The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name. |
trust_Traffic_Level_To_apply Mandatory |
string | Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group |
trust_future_host_groups_changes Optional |
boolean |
Trust future host group changes
|
Response:
Code |
Description |
---|---|
200 |
Operation completed successfully |
400 |
Validation error |
401 |
Unauthorized |
Request cURL examples
Edit-curl -X PUT "https:// 10.20.15.182/afa/api/v1/trustedTraffic/10959" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"destination\": \"Any\", \"service\": { \"create_new_object_if_not_exist\": false, \"service_name\": \"icmp\" }, \"source\": \"Any\", \"trusted_traffic_request\": { \"comment\":\"trusted traffic is added\", \"tree_name\": \"10_20_244_3_prod1\", \"trust_Traffic_Level_To_apply\": \"10.20.244.3_prod1\", \"trust_future_host_groups_changes\": false }}"
Request examples
{ "destination": "Any", "service": { "create_new_object_if_not_exist": true, "service_details": { "dest_port_low": "242", "dest_port_high": "34", "src_port_high": "24", "src_port_low": "20" }, "service_name": "stoptogo" }, "source": "Any", "trusted_traffic_request": { "tree_name": "Nachos", "trust_Traffic_Level_To_apply": "Nachos", "trust_future_host_groups_changes": true } }