Add Section With Rules
Creates a new firewall section with rules. The limit on the number of rules is defined by maxItems in collection types for FirewallRule (FirewallRuleXXXList types). When invoked on a section with a large number of rules, this API is supported only at low rates of invocation (not more than 4-5 times per minute). The typical latency of this API with about 1024 rules is about 4-5 seconds. This API should not be invoked with large payloads at automation speeds. More than 50 rules with a large number of rule references is not supported.
Instead, to create sections, use: POST /api/v1/firewall/sections
To create rules, use: POST /api/v1/firewall/sections/<section-id>/rules
Use the following Policy API -
PUT|PATCH /policy/api/v1/infra/domains/<domain-id>/security-policies/<security-policy-id>
Request
URI
POST
https://nsxmanager.your.domain/api/v1/firewall/sections?action=create_with_rules
COPY
Query Parameters
string
id
Optional
Constraints:
maxLength: 64
Identifier of the anchor rule or section. This is a required field in case operation like 'insert_before' and 'insert_after'.
string
operation
Optional
Constraints:
default: insert_top
Operation
Possible values are :
insert_top,
insert_bottom,
insert_after,
insert_before,
Request Body
FirewallSectionRuleList
of type(s)
application/json
Optional
{
"_links": [
{
"action": "string",
"href": "string",
"rel": "string"
}
],
"_schema": "string",
"_self": {},
"_revision": 0,
"_create_time": 0,
"_create_user": "string",
"_last_modified_time": 0,
"_last_modified_user": "string",
"_protection": "string",
"_system_owned": false,
"description": "string",
"display_name": "string",
"id": "string",
"resource_type": "string",
"tags": [
{
"scope": "string",
"tag": "string"
}
],
"applied_tos": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
}
],
"is_default": false,
"rule_count": 0,
"section_type": "string",
"stateful": false,
"autoplumbed": false,
"category": "string",
"comments": "string",
"enforced_on": "string",
"firewall_schedule": {
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
},
"lock_modified_by": "string",
"lock_modified_time": 0,
"locked": false,
"priority": 0,
"tcp_strict": false,
"rules": [
{
"_links": [
{
"action": "string",
"href": "string",
"rel": "string"
}
],
"_schema": "string",
"_self": {},
"_revision": 0,
"_owner": {},
"description": "string",
"display_name": "string",
"id": "string",
"resource_type": "string",
"action": "string",
"applied_tos": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
}
],
"destinations": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
}
],
"destinations_excluded": false,
"direction": "string",
"disabled": false,
"ip_protocol": "string",
"is_default": false,
"logged": false,
"notes": "string",
"priority": 0,
"rule_tag": "string",
"sources": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
}
],
"sources_excluded": false,
"context_profiles": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
}
],
"extended_sources": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string"
}
],
"section_id": "string",
"services": [
{
"is_valid": false,
"target_display_name": "string",
"target_id": "string",
"target_type": "string",
"service": {
"resource_type": "string"
}
}
]
}
]
}Responses
201
Created
Returns
FirewallSectionRuleList
of type(s)
application/json
This response body class contains all of the following:
InlineFirewallSectionRuleList1
"FirewallSectionRuleList Object"
412
Returns
PreconditionFailed
of type(s)
application/json
Operation doesn't return any data structure
500
Returns
InternalServerError
of type(s)
application/json
Operation doesn't return any data structure
503
Returns
ServiceUnavailable
of type(s)
application/json
Operation doesn't return any data structure
Code Samples
COPY
curl -X POST -H 'Authorization: <value>' -H 'Content-Type: application/json' -d '{"rules":[{}]}' https://{api_host}/api/v1/firewall/sections?action=create_with_rules
Deprecated
On This Page
Management Plane Api Operations
GET
Get Exclude List
Deprecated
PUT
Update Exclude List
Deprecated
POST
Add Member
Deprecated
POST
Check Member If Exists
Deprecated
POST
Remove Member
Deprecated
GET
List Firewall Profiles
Deprecated
POST
Create Firewall Profile
Deprecated
DELETE
Delete Firewall Profile
Deprecated
GET
Get Firewall Profile
Deprecated
PUT
Update Firewall Profile
Deprecated
GET
Read Firewall Rule
Deprecated
GET
Get Rule State
Deprecated
GET
List Sections
Deprecated
POST
Add Section
Deprecated
GET
Get Sections Summary
Deprecated
DELETE
Delete Section
Deprecated
GET
Get Section
Deprecated
PUT
Update Section
Deprecated
GET
Get Rules
Deprecated
POST
Add Rule In Section
Deprecated
GET
Get Firewall Section Stats
Deprecated
DELETE
Delete Rule
Deprecated
GET
Get Rule
Deprecated
PUT
Update Rule
Deprecated
GET
Get Firewall Stats
Deprecated
POST
Revise Rule
Deprecated
POST
Add Rules In Section
Deprecated
GET
Get Section State
Deprecated
POST
Get Section With Rules
Deprecated
POST
Lock Section
Deprecated
POST
Revise Section
Deprecated
POST
Revise Section With Rules
Deprecated
POST
Unlock Section
Deprecated
POST
Update Section With Rules
Deprecated
POST
Add Section With Rules
Deprecated
POST
Reset Firewall Rule Stats
Deprecated
GET
List Firewall Status
Deprecated
GET
Get Firewall Status
Deprecated
PUT
Update Firewall Status
Deprecated
GET
Get Firewall Status On Target Resource
Deprecated
POST
Disable Firewall On Target Resource
Deprecated
POST
Enable Firewall On Target Resource
Deprecated
GET
List Compute Collection Statuses
Deprecated
GET
List Transport Node Statuses By Compute Collection Id
Deprecated
GET
Get Compute Collection Status By Id
Deprecated
GET
List Enabled Compute Collections
Deprecated
DELETE
Delete Enabled Compute Collection
Deprecated
GET
Get Enabled Compute Collection
Deprecated
PUT
Update Enabled Compute Collection
Deprecated
GET
Get Master Switch Setting
Deprecated
PUT
Update Master Switch Setting
Deprecated
GET
Get Nsgroup Vm Details
Deprecated
GET
Get Standalone Hosts Switch Setting
Deprecated
PUT
Update Standalone Hosts Switch Setting
Deprecated
GET
Get System Stats
Deprecated
GET
List Virtual Machine Statuses By Transport Node Id
Deprecated
GET
List User Sessions
Deprecated
GET
Get User Stats
Deprecated
GET
Get Vm Stats
Deprecated
GET
Get Mps Compute Collection Status
DELETE
Delete Mps Service Deployment
GET
Get Mps Service Deployment
POST
Deploy Mps Service
POST
Mps Change Appliance
GET
Get Mps Deployment Spec
GET
Malware Prevention Teaser List Regions
POST
Create Malware Prevention Teaser Registration Url
GET
Malware Prevention Teaser Check Status
GET
Get Mps Transport Node Status
GET
List Service Configs
Deprecated
POST
Create Service Config
Deprecated
POST
Service Config Batch Operation
Deprecated
GET
Effective Profiles
Deprecated
DELETE
Delete Service Config
Deprecated
GET
Read Service Config
Deprecated
PUT
Update Service Config
Deprecated
GET
List Service Attachments
Deprecated
POST
Add Service Attachment
Deprecated
DELETE
Delete Service Attachment
Deprecated
GET
Get Service Attachment
Deprecated
PUT
Update Service Attachment
Deprecated
GET
List Service Chains
Deprecated
POST
Add Service Chain
Deprecated
DELETE
Delete Service Chain
Deprecated
GET
Get Service Chain
Deprecated
GET
List Service Paths
Deprecated
GET
List Service Instances
GET
List Service Managers
POST
Register Service Manager
DELETE
Delete Service Manager
GET
Get Service Manager
PUT
Update Service Manager
GET
List Service Insertion Services
POST
Add Service Insertion Service
DELETE
Delete Service Insertion Service
GET
Get Service Insertion Service
PUT
Update Service Insertion Service
GET
Get Service Deployments
POST
Deploy Service
DELETE
Delete Service Deployment
GET
Get Service Deployment
PUT
Update Service Deployment
Deprecated
GET
Get Service Deployment State
GET
Get Service Deployment Status
POST
Upgrade Service Deployment
GET
List Service Instances For Service
POST
Add Service Instance
DELETE
Delete Service Instance
Deprecated
GET
Get Service Instance
PUT
Update Service Instance
Deprecated
GET
Get Service Instance NS Groups
GET
List Instance Endpoints
POST
Add Instance Endpoint
Deprecated
DELETE
Delete Instance Endpoint
Deprecated
GET
Get Instance Endpoint
Deprecated
GET
List Instance Runtimes
POST
Update Service Vm State
GET
Get Runtime Interface Statistics
Deprecated
GET
Get Runtime Interface Operational Status
POST
Delete Service V Ms
Deprecated
POST
Deploy Service V Ms
Deprecated
POST
Upgrade Service V Ms
Deprecated
GET
Get Service Instance State
GET
Get Service Instance Status
GET
List SI Service Profiles
Deprecated
POST
Add SI Service Profile
Deprecated
DELETE
Delete SI Service Profile
Deprecated
GET
Get SI Service Profile
Deprecated
GET
Get Service Profile NS Groups
Deprecated
GET
List Service Chain Mappings
Deprecated
GET
List Solution Configs
POST
Create Solution Config
DELETE
Delete Solution Config
GET
Get Solution Config
PUT
Update Solution Config
DELETE
Delete Extended Solution Config
GET
Get Extended Solution Config
POST
Create Extended Solution Config
PUT
Update Extended Solution Config
GET
List Vendor Templates
POST
Add Vendor Template
DELETE
Delete Vendor Template
GET
Get Vendor Template
GET
Resolve Source Entities