Trust an existing rule

Trust an existing rule. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the UID from the risky rule data in the response (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport).

Resource Name: /api/v1/trustedTraffic/trustRiskyRule

Request Method: POST

Request Parameters:

Element	Type	Description
risky_rule_ids Mandatory	string	Array of riskyRuledIds. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the trustParam from the risky rule data in the response trustRuleLinkParams (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport).
risky_rule_lines	string	Risky Rule Line Number(s) to trust.
trusted_traffic_risky_rules_requestMandatory	List of Import trusted traffic request type object	Import trusted traffic request. See Import trusted traffic request Type object.

Element

Type

Description

risky_rule_ids

Mandatory

string

Array of riskyRuledIds. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the trustParam from the risky rule data in the response trustRuleLinkParams (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport).

risky_rule_lines

string

Risky Rule Line Number(s) to trust.

trusted_traffic_risky_rules_requestMandatory

List of Import trusted traffic request type object

Import trusted traffic request.

See Import trusted traffic request Type object.

Import trusted traffic request Type

The following table describes the elements in the Import trusted traffic request type object:

Element	Type	Description
comment	string	Comment
expiration_date	integer	Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future.
tree_name Mandatory	string	The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name.
trust_Traffic_Level_To_apply Mandatory	string	Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group.
trust_future_host_groups_changes Mandatory	boolean	Trust future host group changes: true false

Response:

Code	Description
200	Operation completed successfully
400	Validation error
401	Unauthorized

Request cURL examples

Trust-curl -X POST "https://[machine IP]/afa/api/v1/trustedTraffic/trustRiskyRule" -H "accept: */*" -H "Content-Type: application/json" -d "{\"trusted_traffic_risky_rules_request\":{\"comment\":\"\",\"trust_future_host_groups_changes\":false,\"tree_name\":\"10_20_244_3_prod1\",\"trust_Traffic_Level_To_apply\":\"10.20.244.3_prod1\"},\"risky_rule_ids\":[\"104_1\"]}"

Request examples

{
  "risky_rule_ids": [
    "5"
  ],
  "trusted_traffic_risky_rules_request": {
    "tree_name": "Device",
    "trust_Traffic_Level_To_apply": "ALL_FIREWALLS",
    "trust_future_host_groups_changes": true
  }
}

Trust an existing rule

Sorry about that

Want to tell us more?

Great!