Modifying a rule in a policy

You can modify a rule within an existing policy.

After logon, you must first search for the policy using the filtering feature:

GET http://localhost:8082/7.0/elements/fw_policy?filter=HQ Policy

After the policy is found, you can retrieve a specific type of rule with the following request:

http://localhost:8082/7.0/elements/fw_policy/56

GET http://localhost:8082/7.0/elements/fw_policy/56

These special links to the Firewall Policy retrieve all applicable rules in the current policy:
  • fw_ipv4_access_rules — Retrieves all Firewall IPv4 Access rules
  • fw_ipv6_access_rules — Retrieves all Firewall IPv6 Access rules
  • fw_ipv4_nat_rules — Retrieves all Firewall IPv4 NAT rules
  • fw_ipv6_nat_rules — Retrieves all Firewall IPv6 NAT rules
For example, in Firewall IPv4 Access rules, the first rule is @514.0:
{
        "href": "http://localhost:8082/7.0/elements/fw_policy/56/fw_ipv4_access_rule/514",
        "name": "Rule @514.0",
        "type": "fw_ipv4_access_rule"
}

GET http://localhost:8082/7.0/elements/fw_policy/56/fw_ipv4_access_rule/514

The content of the @514 Firewall IPv4 Access rule is retrieved:
    {
        "comment": "Set logging default, set long timeout for SSH connections",
        "is_disabled": false,
        "key": 2543,
        "link":
        [
            {
                "href": "http://localhost:8082/7.0/elements/fw_policy/56/fw_ipv4_access_rule/514",
                "rel": "self",
                "type": "fw_ipv4_access_rule"
            }
        ],
        "parent_policy": "http://localhost:8082/7.0/elements/fw_policy/56",
        "rank": 4,
        "read_only": false,
        "system": false,
        "tag": "514.0"
}

The result has ETag: MjU0Mzk4MTEzMDYyMzMyMzYxMTg= as the HTTP response header.

This rule seems to be a comment rule (no source/destination/service attributes are defined), so you could update the comment, for example:

PUT http://localhost:8082/7.0/elements/fw_policy/56/fw_ipv4_access_rule/514

The new JSON content with the updated comment and If-Match: MjU0Mzk4MTEzMDYyMzMyMzYxMTg= as the HTTP request header returns a 200 HTTP response status code and the following in the HTTP response header:

http://localhost:8082/7.0/elements/fw_policy/56/fw_ipv4_access_rule/514

See addRuleAndUpload.py JSON or XML samples.