Trust an existing rule

Trust an existing rule. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the UID from the risky rule data in the response (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport).

Resource Name: /api/v1/trustedTraffic/trustRiskyRule

Request Method: POST

Request Parameters:

Element

Type

Description

risky_rule_ids

Mandatory

string

Array of risky Ruled IDs. To get risky_rule_ids, go to the external-risky-rule-controller API Get /api/v1/riskyRules/getByReport method and return the trustParam from the risky rule data in the response trustRuleLinkParams (you will need the report name. You can get the report name from device-external-controller API GET /api/v1/device/{device}. Response parameter: lastReport).

risky_rule_lines string Risky Rule Line Numbers to trust.
trusted_traffic_risky_rules_requestMandatory

List of Import trusted traffic request type object

Import trusted traffic request.

See Import trusted traffic request type object.

Import trusted traffic request type

The following table describes the elements in the Import trusted traffic request type object:

Element

Type

Description

comment

string

Comment

expiration_date integer Milliseconds from 1.1.1970. See: https://currentmillis.com - UNIX time. Expiration date must be in the future.
tree_name Mandatory string The firewall name. Do not use group or ALL_FIREWALLS here. Use the device-setup-controller API GET /devices method to return the firewall name.
trust_Traffic_Level_To_apply Mandatory string Trusted traffic level: ALL_FIREWALLS or the tree name of the firewall/group.
trust_future_host_groups_changes Mandatory boolean

Trust future host group changes:

  • true

  • false

Response:

Code

Description

200

Operation completed successfully

400

Validation error

401

Unauthorized

Request cURL examples

Trust-curl -X POST "https://[machine IP]/afa/api/v1/trustedTraffic/trustRiskyRule" -H "accept: */*" -H "Content-Type: application/json" -d "{\"trusted_traffic_risky_rules_request\":{\"comment\":\"\",\"trust_future_host_groups_changes\":false,\"tree_name\":\"10_20_244_3_prod1\",\"trust_Traffic_Level_To_apply\":\"10.20.244.3_prod1\"},\"risky_rule_ids\":[\"104_1\"]}"

Request examples

{
  "risky_rule_ids": [
    "5"
  ],
  "trusted_traffic_risky_rules_request": {
    "tree_name": "Device",
    "trust_Traffic_Level_To_apply": "ALL_FIREWALLS",
    "trust_future_host_groups_changes": true
  }
}