Uploading a policy and monitoring its status
There are two ways of uploading or refreshing a policy — from the engine and from the policy.
To upload a policy from the engine, you must first search for the engine after logging in using the filtering feature:
GET http://localhost:8082/7.0/elements?filter=Helsinki FW
Engine
"link":
[
{
"href": "http://localhost:8082/7.0/elements/fw_cluster/1563/refresh",
"rel": "refresh"
},
{
"href": "http://localhost:8082/7.0/elements/fw_cluster/1563/upload",
"rel": "upload"
},
…
]
Policy
The verb ‘upload’ is listed, so you can execute the following request:
POST http://localhost:8082/7.0/elements/fw_cluster/1563/upload?filter=HQ Policy
By filtering the REST call with the HQ Policy, you enable the upload of the HQ Policy on the Helsinki Firewall Cluster.
{
"follower": "http://localhost:8082/7.0/elements/fw_cluster/1563/upload/NWYyMDBiOTA4ZTY3NDM0ZTotNzgyM2JmMmI6MTNmZWMxMGI3ZGY6LTdmZDA=",
"href": "http://localhost:8082/7.0/elements/fw_cluster/1563",
"in_progress": true,
"last_message": "",
"success": true
}
To follow up on the upload, you can periodically request for its status in the following way:
GET http://localhost:8082/7.0/elements/fw_cluster/1563/upload/NWYyMDBiOTA4ZTY3NDM0ZTotNzgyM2JmMmI6MTNmZWMxMGI3ZGY6LTdmZDA=
For as long as the attribute in_progress is not set to false, the upload continues with a new last_message attribute.
It is also possible to refresh a policy on the engine. As you can see from the engine links, the verb ‘refresh’ is also available on the engine:
POST http://localhost:8082/7.0/elements/fw_cluster/1563/refresh
This process ends in the same way as an upload. The engine must have a policy already installed to proceed to the upload.
See
addRuleAndUpload.py
JSON or XML samples.