Retrieves all the rules in a device's or group's policy

Retrieves all the rules in a device's or group's policy.

The response lists all the rules of all the policies that apply to each device, including the value of each rule field.

Requires permissions to view users and roles.

Resource Name:

/api/v1/rules

Request Method: GET

Request URL Parameters:

Element

Type

Description
entity Mandatory

String

The display name of the device, group, or matrix.
entityType Optional

String

One of the following:

  • Firewall (default)

  • group

  • matrix

Note: The page and size elements are not supported for this request.

cURL example 

curl -X GET "https://<localhost>/afa/api/v1/rules?entity=VR-Marigold-PA_vsys1_default&entityType=FIREWALL" -H "accept: */*"

Status Codes

Code Description
200 OK
401 Unauthorized
500 Internal server error

Response Parameters:

Parameter Type Description
name string Name of the device
type string Type of the device
rules array An array of rule objects
rules.ruleNum string Rule number
rules.ruleId string ID of the rule
rules.deviceID integer ID of the device
rules.source array Source IP addresses or IP ranges
rules.isNegateSource boolean Indicates if source is negated
rules.destination array Destination IP addresses or IP ranges
rules.isNegateDestination boolean Indicates if destination is negated
rules.service array Services or ports used in the rule
rules.isNegateService boolean Indicates if service is negated
rules.action string Action to be taken (e.g., Allow, Deny)
rules.enable string Indicates if the rule is enabled
rules.log string Indicates if the rule logging is enabled
rules.application array Applications associated with the rule
rules.user array Users associated with the rule

Response example 

[
  {
    "name": "FDT1",
    "type": "DEVICE",
    "rules": [
      {
        "ruleNum": "6",
        "ruleId": "005056AE_94F6_0ed3_0000_000268434437",
        "deviceID": 52650,
        "source": [
          "net_object-10.30.204.24-30"
        ],
        "isNegateSource": false,
        "destination": [
          "net_object-10.50.204.48-28"
        ],
        "isNegateDestination": false,
        "service": [
          "ser_object-tcp-84-87"
        ],
        "isNegateService": false,
        "action": "Allow",
        "enable": "enabled",
        "log": "1",
        "application": [
          "any"
        ],
        "user": [
          "any"
        ]
      },
      {
        "ruleNum": "7",
        "ruleId": "005056AE_94F6_0ed3_0000_000268434438",
        "deviceID": 52650,
        "source": [
          "ip-10.30.204.30"
        ],
        "isNegateSource": false,
        "destination": [
          "ip-10.50.204.90"
        ],
        "isNegateDestination": false,
        "service": [
          "ser_group1"
        ],
        "isNegateService": false,
        "action": "Allow",
        "enable": "enabled",
        "log": "1",
        "application": [
          "any"
        ],
        "user": [
          "any"
        ]
      }

]

}

]