Search firewall changes
Search for firewall changes based on your search criteria. You can make basic or complex queries. See search tips below for explanation of the required format of your search query.
Search Tips:
Basic queries are in the following format:
[field name] [Basic Operator] [value]
Create complex queries by combining basic queries separated by a Composite Operator:
[Basic Query][Composite Operator][Basic Query]
Operators:
|
Basic Operators |
Composite Operators |
|---|---|
|
== (equal to) |
AND |
|
!= (not equal to) |
OR |
|
> (greater than) (only applicable for date fields) |
|
|
>= (greater than or equal to) (only applicable for date fields) |
|
|
< (less than) (only applicable for date fields) |
|
|
<= (less than or equal to) (only applicable for date fields) |
Allowed field names
| Field name | Required format | Description/Example |
|---|---|---|
| id | integer | Firewall Change ID / 770 |
| devicename | string | Device Name / PanoramaDeviceName |
| changedate | date | Change Date in ISO 8601 format with UTC Time. / 2023-01-25T23:12:56Z |
| changedby | string | User name / userName |
| status | string | Status / no ticket |
| policy | string | Policy / PanoramaPolicyName |
| summary | string | Summary / Rule number x in device y removed |
| changetype | add, delete, modify | Change Type / add |
For example, here is a composite query:
(status == \"no ticket\") or (changetype != add)
Resource Name:
Request Method: POST
Request parameters
|
Element |
Type |
Description |
|
searchQueryRequest mandatory |
object |
The search query request in JSON format. The request must contain the search criteria. See search tips above for details. |
| pageIndex | integer | The page index to retrieve. It is a positive integer with a default value of 0. |
Request example
{
"searchQuery": "(status == \"no ticket\") or (changetype != add)"
}
Request cURL example
curl -X POST "https://example.com/firewall-changes/search?pageIndex=1" \
-H "Content-Type: application/json" \
-d '{ "searchQuery": "(status == \"no ticket\") or (changetype != add)" }'
Response parameters
|
Element |
Type |
Description |
| paginationInfo | object | The pagination information. |
| currentPageIndex | integer | The current page index. |
| maxElementsForPage | integer | The maximum number of elements per page. |
| totalElements | integer | The total number of elements across all pages. |
| totalPages | integer | The total number of pages. |
| firewallChange | array of object | An array of firewall changes that match the search criteria. Each firewall change is represented as a FirewallChanges schema. |
| id | integer | The ID of the firewall change. |
| summary | string | A summary of the firewall change. |
| deviceName | string | The name of the device where the firewall change was made. |
| changeDate | date | The date and time the firewall change was made, in ISO 8601 format with UTC time. |
| status | string | The status of the firewall change. |
| policy | string | The name of the policy associated with the firewall change. |
| ruleChange | object | The change done in the firewall, |
| changeType | string | The type of change made to the firewall. Can be "add", "delete", or "modify". |
| oldRule | Object | Old firewall rule details |
| newRule | Object | New firewall rule details |
| acl | string | Access Control List |
| action | string | Action |
| application | string | Application |
| comment | string | Comment |
| creationDate | string | Creation date in ISO 8601 format with UTC Time |
| destination | string | Destination |
| destinationDetails | string | Destination details |
| destinationNat | string | Destination NAT |
| deviceName | string | Device name |
| enable | string | Enable status |
| fromZone | string | From zone |
| install | string | Install status |
| name | string | Name |
| ruleId | string | Rule ID |
| ruleInterface | string | Rule interface |
| ruleNum | string | Rule number |
| service | string | Service |
| serviceDetails | string | Service details |
| source | string | Source |
| sourceDetails | string | Source details |
| sourceNat | string | Source NAT |
| time | string | Time range |
| toZone | string | To zone |
| track | string | Track status |
| user | string | User |
| vpn | string | VPN |
| messages | array | Array of message details containing code and message |
| status | string | Status of the request, can be Success or Failure. |
| code | string | Message details error code |
| message | string | Message details error message |
Status codes:
|
Code |
Description |
|||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 200 |
Success |
|||||||||||||||
|
400 |
Input validation failure
|
|||||||||||||||
| 403 |
Authentication failure Error messages:
|
|||||||||||||||
| 500 |
Failed to complete operation. Error messages:
|
Response example for success 200
{
"paginationInfo": {
"currentPageIndex": 0,
"maxElementsForPage": 10,
"totalElements": 50,
"totalPages": 5
},
"firewallChanges": [
{
"id": 770,
"summary": "Rule number 1 in device PanoramaDeviceName removed",
"deviceName": "PanoramaDeviceName",
"changeDate": "2023-01-25T23:12:56Z",
"status": "no ticket",
"comment": "Rule removed",
"policy": "PanoramaPolicyName",
"ruleChange": {
"changeType": "Delete",
"oldRule": {
"acl": "acl1",
"action": "allow",
"application": "app1",
"comment": "Allow access",
"creationDate": "2023-01-25T23:12:56Z",
"destination": "192.168.1.1",
"destinationDetails": "Server1",
"destinationNat": "None",
"deviceName": "PanoramaDeviceName",
"enable": "true",
"fromZone": "Internal",
"install": "true",
"name": "AllowAccessRule",
"ruleId": "R1",
"ruleInterface": "eth0",
"ruleNum": "1",
"service": "HTTP",
"serviceDetails": "Port 80",
"source": "192.168.0.1",
"sourceDetails": "Client1",
"sourceNat": "None",
"time": "00:00-23:59",
"toZone": "External",
"track": "true",
"user": "user1",
"vpn": "None"
},
"newRule": null
}
}
]
}
Response example for failure 400
{
"data": {},
"messages": [
{
"code": "401",
"message": "Invalid search query format"
}
],
"status": "Failure"
}
