Edit trusted traffic data

Edit an existing trusted traffic request using trusted traffic ID (Parameter: trusted_traffic_id).

To get the trusted_traffic_id value, use GET /trustedTraffic/firewalls/{firewallName} method

Warning: If other devices in the group do not have the relevant host group, editing trusted traffic to the group level can cause mismatches to the resulted trusted traffic

Resource Name: /api/v1/trustedTraffic/{trustedTrafficId}

Request Method: PUT

Request Parameters:

Element

Type

Description

destination Mandatory

String

Destination can be host group, IP or range

service
Mandatory

boolean

Create new object if not exist.

  • false if no objects exist, enter service name only. See service name Type.

  • true if objects exist, enter service name and service details. See service name Type and service details Type

source
Mandatory

String

Source can be host group, IP or range

trusted_traffic_request
Mandatory

List of Import trusted traffic request type objects

A list of Import trusted traffic request information. See Import Trusted Traffic Request Type.

trustedTrafficId Mandatory integer To get the trusted_traffic_id value, use GET /trustedTraffic/firewalls/{firewallName} method

service_name Type

The following table describes the elements in the service_name type object:

Element

Type

Description

service_name

Mandatory

string

Service name.

service_details Type

The following table describes the elements in the service details type object:

Element

Type

Description

dest_port_high

string

Destination port (highest value) for TCP/UDP

dest_port_low string Destination port (lowest value) for TCP/UDP
icmp_code string ICMP code standard
icmp_type string ICMP type standard
protocol string Protocol: TCP, UDP, ICMP
src_port_high string Source port (highest value) for TCP/UDP
src_port_low string Source port (lowest value) for TCP/UDP

Import trusted traffic request Type

The following table describes the elements in the Import trusted traffic request type object:

Element

Type

Description

comment

Optional

string

Comment

expiration_date
Optional
integer Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future
tree_name
Mandatory
string The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name.
trust_Traffic_Level_To_apply
Mandatory
string Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group

trust_future_host_groups_changes

Optional

boolean

Trust future host group changes

  • true

  • false

Response:

Code

Description

200

Operation completed successfully

400

Validation error

401

Unauthorized

Request cURL examples

Edit-curl -X PUT "https:// 10.20.15.182/afa/api/v1/trustedTraffic/10959" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"destination\": \"Any\", \"service\": { \"create_new_object_if_not_exist\": false, \"service_name\": \"icmp\" }, \"source\": \"Any\", \"trusted_traffic_request\": { \"comment\":\"trusted traffic is added\", \"tree_name\": \"10_20_244_3_prod1\", \"trust_Traffic_Level_To_apply\": \"10.20.244.3_prod1\", \"trust_future_host_groups_changes\": false }}"

Request examples

{
  "destination": "Any",
  "service": {
    "create_new_object_if_not_exist": true,
    "service_details": {
      "dest_port_low": "242",
      "dest_port_high": "34",
      "src_port_high": "24",
      "src_port_low": "20"
    },
    "service_name": "stoptogo"
  },
  "source": "Any",
  "trusted_traffic_request": {
    "tree_name": "Nachos",
    "trust_Traffic_Level_To_apply": "Nachos",
    "trust_future_host_groups_changes": true
  }


}