Create a traffic change request

The FireFlow REST API creates a Traffic Change Request.

FireFlow validates the API to ensure that mandatory elements are in place, such as permissions, template, date formats, that any specified device exists in AFA, and so on.

Note: For IPv6 addresses, you must use IPv6 format for both source and destination. For example: 2001:cdba::3257:9652 - 2001:cdba::3257:9657. See IPv6 traffic change workflow.

Notes: For IPv6 templates, only Cisco ASA devices are supported.

Resource Name: /FireFlow/api/change-requests/traffic

Request Method: POST

Header requirements:

Key	Value
Cookie	FireFlow_Session=[sessionId]. The `sessionId` is retrieved from the authentication request.

Request Body:

Parameter	Type	Description
`trafficChangeRequestDetails`	TrafficChangeRequest type	Object body containing details for creation of traffic change request.

TrafficChangeRequest

Parameter	Type	Description
fields	array	Array of Fields
template	string	Template string
traffic	array	Array of Traffic

Fields

Parameter	Type	Description
name	string	Custom field name
values	array	Custom field values

TrafficLineDetails (part of Traffic array)

Parameter	Type	Description
action	string	Action: Allow or Drop
application	object	Application details
destination	object	Destination details
fields	array	Array of Fields
natDetails	object	NAT details
service	object	Service details
source	object	Source details
user	object	User details

NameTrafficFieldDetails (part of Application, Destination, Source, and User)

Parameter	Type	Description
items	array	Array of NameTrafficItemDetails

NameTrafficItemDetails

Parameter	Type	Description
fields	array	Array of Fields
name	string	Name to match

AddressTrafficFieldDetails (part of Destination and Source)

Parameter	Type	Description
items	array	Array of AddressTrafficItemDetails

AddressTrafficItemDetails

Parameter	Type	Description
address	string	IP address
fields	array	Array of Fields

ServiceTrafficFieldDetails (part of Service)

Parameter	Type	Description
items	array	Array of ServiceTrafficItemDetails

ServiceTrafficItemDetails

Parameter	Type	Description
fields	array	Array of Fields
service	string	Service name

NatDetails (part of TrafficLineDetails)

Parameter	Type	Description
destination	array	Destination array
port	array	Port array
source	array	Source array
type	string	NAT type

Storing firewall suffix in host or service groups

Request example

{
  "template": "Basic Change Traffic Request",
  "fields": [
    {
      "key": "subject",
      "values": [
        "Traffic_Ticket_Via_REST_API"
      ]
    },
    {
      "key": "Change Request Description",
      "values": [
        "add here the change request description"
      ]
    },
    {
      "name": "AppViz Application Name",
      "values": [
        "app1"
      ]
    },
    {
      "name": "devices",
      "values": [
        "CKP1",
        "Cisco2"
      ]
    }
  ],
  "traffic": [
    {
      "source": {
        "items": [
          {
            "name": "1.1.1.0/24"
          },
          {
            "name": "host_object"
          }
        ]
      },
      "destination": {
        "items": [
          {
            "name": "2.2.2.2-2.2.2.150",
            "fields": [
              {
                "key": "CFPTI",
                "values": [
                  "destination1"
                ]
              }
            ]
          }
        ]
      },
      "service": {
        "items": [
          {
            "name": "https"
          },
          {
            "name": "service_object"
          }
        ]
      },
      "user": {
        "items": [
          {
            "name": "user1"
          }
        ]
      },
      "application": {
        "items": [
          {
            "name": "any"
          }
        ]
      },
      "action": "Allow",
      "natDetails": {
        "source": [
          "9.9.9.9"
        ],
        "destination": [
          "8.8.8.8"
        ],
        "port": [
          "tcp/8080"
        ],
        "type": "Static"
      },
      "fields": [
        {
          "key": "Requested Source Group Name",
          "values": [
            "sourceGroup100"
          ]
        }
      ]
    }
  ]
}

IPv6 request example

Copy

{
                    "template":"170: Traffic Change Request (IPv6)",
                    "fields":[
                    {
                    "name":"subject",
                    "values":[
                    "IPv6_demo_3"
                    ]
                    },
                    {
                    "name":"devices",
                    "values":[
                    "10_132_16_2"
                    ]
                    }
                    ],
                    "traffic":[
                    {
                    "source":{
                    "items":[
                    {
                    "address":"fe80:2222::3333"
                    }
                    ]
                    },
                    "destination":{
                    "items":[
                    {
                    "address":"2001:cdba::3257:9652 - 2001:cdba::3257:9657"
                    }
                    ]
                    },
                    "service":{
                    "items":[
                    {
                    "name":"tcp/80-90"
 
                    }
                    ]
                    },
                    "action":"Allow"
                    }
                    ]
                }

cURL example

curl --request POST \
				--url https://<localhost>/FireFlow/api/change-requests/traffic \
				--header 'Content-Type: application/json' \
				--data '{
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				],
				"template": "string",
				"traffic": [
				{
				"action": "Allow/Drop",
				"application": {
				"items": [
				{
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				],
				"name": "name to match"
				}
				]
				},
				"destination": {
				"items": [
				{
				"address": "1.1.1.1",
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				]
				}
				]
				},
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				],
				"natDetails": {
				"destination": [
				"string"
				],
				"port": [
				"string"
				],
				"source": [
				"string"
				],
				"type": "Static/Dynamic"
				},
				"service": {
				"items": [
				{
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				],
				"service": "tcp/80"
				}
				]
				},
				"source": {
				"items": [
				{
				"address": "1.1.1.1",
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				]
				}
				]
				},
				"user": {
				"items": [
				{
				"fields": [
				{
				"name": "custom field name",
				"values": [
				"custom field value 1",
				"custom field value 2"
				]
				}
				],
				"name": "name to match"
				}
				]
				}
				}
				]
				}'

Status codes:

Code

Description

200

Traffic Change Request was created

400

Input validation failure

Error messages:

403

Authentication failure

Error messages:

50x

Internal Server Error

Response parameters

Parameter	Data Type	Description
data	object	Data object
messages	array	Array of messages
status	string	Status of request

MessageDetails (part of Messages array)

Parameter	Type	Description
code	string	Code
message	string	Message

Response Example Success 200

{ "data": {}, "messages": [ { "code": "string", "message": "string" } ], "status": "Success" }

Response Example Failure 400

{
  "data": {},
  "messages": [
    {
      "code": "string",
      "message": "string"
    }
  ],
  "status": "Failure"
}

Create a traffic change request

Sorry about that

Great!