Modifying a rule in a policy
You can modify a rule within an existing policy.
After logon, you must first search for the policy using the filtering feature:
GET http://localhost:8082/7.1/elements/fw_policy?filter=HQ Policy
After the policy is found, you can retrieve a specific type of rule with the following request:
http://localhost:8082/7.1/elements/fw_policy/56
GET http://localhost:8082/7.1/elements/fw_policy/56
- fw_ipv4_access_rules — Retrieves all Engine IPv4 Access rules
- fw_ipv6_access_rules — Retrieves all Engine IPv6 Access rules
- fw_ipv4_nat_rules — Retrieves all Engine IPv4 NAT rules
- fw_ipv6_nat_rules — Retrieves all Engine IPv6 NAT rules
{
"href": "http://localhost:8082/7.1/elements/fw_policy/56/fw_ipv4_access_rule/514",
"name": "Rule @514.0",
"type": "fw_ipv4_access_rule"
}
GET http://localhost:8082/7.1/elements/fw_policy/56/fw_ipv4_access_rule/514
{
"comment": "Set logging default, set long timeout for SSH connections",
"is_disabled": false,
"key": 2543,
"link":
[
{
"href": "http://localhost:8082/7.1/elements/fw_policy/56/fw_ipv4_access_rule/514",
"rel": "self",
"type": "fw_ipv4_access_rule"
}
],
"parent_policy": "http://localhost:8082/7.1/elements/fw_policy/56",
"rank": 4,
"read_only": false,
"system": false,
"tag": "514.0"
}
The result has ETag: MjU0Mzk4MTEzMDYyMzMyMzYxMTg= as the HTTP response header.
This rule seems to be a comment rule (no source/destination/service attributes are defined), so you could update the comment, for example:
PUT http://localhost:8082/7.1/elements/fw_policy/56/fw_ipv4_access_rule/514
The new JSON content with the updated comment and If-Match: MjU0Mzk4MTEzMDYyMzMyMzYxMTg=
as the HTTP request header returns a 200 HTTP response status code and the following in
the HTTP response header:
http://localhost:8082/7.1/elements/fw_policy/56/fw_ipv4_access_rule/514
See
addRuleAndUpload.py
JSON or XML samples.