Skip to content

Instantly share code, notes, and snippets.

@siddhuwarrier

siddhuwarrier/gist:48af7481f923c433007db8fab9c666a0

Created March 25, 2024 12:53
Show Gist options
  • Save siddhuwarrier/48af7481f923c433007db8fab9c666a0 to your computer and use it in GitHub Desktop.
Save siddhuwarrier/48af7481f923c433007db8fab9c666a0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
This file has been truncated, but you can view the full file.
openapi: 3.0.1
info:
title: Cloud-delivered FMC API
description: '**This document specifies the REST URLs and methods supported in the Cloud-delivered FMC API provided as part of Cisco Defense Orchestrator. Refer to the version specific [REST API Quick Start Guide](https://www.cisco.com/c/en/us/support/security/defense-center/products-programming-reference-guides-list.html) for additional information.**'
contact:
name: CDO TAC
email: cdo.tac@cisco.com
license:
name: Cisco Defense Orchestrator Licensing
url: https://www.cisco.com/c/en/us/td/docs/security/firepower/licensing/faq/firepower-licence-FAQ.html
version: 1.0.0
tags:
- name: Policy
- name: Chassis
- name: Device HA Pairs
- name: System Configuration
- name: Intelligence
- name: Policy Assignments
- name: Backup
- name: Device Clusters
- name: License
- name: Deployment
- name: Users
- name: Devices
- name: Network Map
- name: Updates
- name: Search
- name: Troubleshoot
- name: Status
- name: Change Management
- name: Integration
- name: Health
- name: Audit
- name: System Information
- name: Analysis
- name: Object
- name: Device Groups
paths:
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/backup/downloadbackup/{targetId}:
get:
tags:
- Backup
description: '**Retrieves the backup associated with the specified UUID(In case of FMC manager identifier should be entered in place of UUID). <br/>If no filter is specified for a GET, retrieves the latest backup.**'
operationId: getDownloadBackup
parameters:
- name: targetId
in: path
description: Identifier for device/container.<br/>**FMC backup can be located by placing identifier <code>manager</code> instead of UUID.
required: true
schema:
type: string
- name: backupVersion
in: query
description: To be used in locating backup for device/container UUID <code>backupVersion</code>. <br/>**Filter parameter is optional and if not provided the latest backup will be fetched.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DownloadBackup'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/backup/downloadbackup/{targetId}?backupVersion={versionId} ( GET HTTP download of backup using the provided file name. )'
: value: {}
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/backup/files/{targetId}:
get:
tags:
- Backup
description: '**Retrieves or deletes the backup associated with the specified UUID(In case of FMC manager identifier should be entered in place of UUID). <br/>If no filter is specified for a GET, DELETE retrieves the latest backup.**'
operationId: getBackupFile
parameters:
- name: targetId
in: path
description: Identifier for a filename for which backup details are required.<br/>**FMC backup can be located by placing identifier <code>manager</code> instead of UUID.
required: true
schema:
type: string
- name: backupVersion
in: query
description: To be used in locating backup for device/container UUID <code>backupVersion</code>. <br/>**Filter parameter is optional and if not provided the latest backup will be fetched.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/BackupFile'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Backup
description: '**Retrieves or deletes the backup associated with the specified UUID(In case of FMC manager identifier should be entered in place of UUID). <br/>If no filter is specified for a GET, DELETE retrieves the latest backup. _Check the response section for applicable examples (if any)._**'
operationId: deleteBackupFile
parameters:
- name: targetId
in: path
description: Identifier for a filename for which backup details are required.<br/>**FMC backup can be located by placing identifier <code>manager</code> instead of UUID.
required: true
schema:
type: string
- name: backupVersion
in: query
description: To be used in locating backup for device/container UUID <code>backupVersion</code>. <br/>**Filter parameter is optional and if not provided the latest backup will be fetched.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/BackupFile'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/backup/files/{targetId}?backupVersion={versionId} ( Backup File DELETE request. )'
: value:
deleteStatus: File deleted Successfully.
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/backup/operational/devicebackup:
post:
tags:
- Backup
description: '**Creates the backup associated with the specified UUID. _Check the response section for applicable examples (if any)._**'
operationId: createDeviceBackup
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input devicebackup object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceBackup'
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceBackup'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceBackup'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/updates/upgradepackages/{objectId}:
get:
tags:
- Updates
description: '**GET: Retrieves the upgrade packages associated with the specified ID.If no ID is specified, retrieves list of all upgrade packages.DELETE: Deletes the upgrade package associated with the specified ID.**'
operationId: getUpgradePackage
parameters:
- name: objectId
in: path
description: Unique identifier of the object.
required: true
schema:
type: string
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/UpgradePackage'
examples:
'Example 1 : GET /api/fmc_platform/v1/updates/upgradepackages ( Test Get of Upgrade Packages )':
value:
links:
self: https://example.cisco.com/api/fmc_platform/v1/updates/upgradepackages?offset=0&limit=4
items:
- metadata:
upgradeType: Cisco FTD Upgrade
upgradeFileName: Cisco_FTD_Upgrade-6.2.3-84.sh
fileSize: 1038736
updateVersion: 6.2.3-84 IMS 84
upgradeFrom: 6.1.0
uploadDate: "2018-04-04T01:28:31Z"
rebootRequired: true
upgradeFileId: Cisco FTD Upgrade / Wed Apr 4 01:28:28 UTC 2018
name: Cisco_FTD_Upgrade-6.2.3-84.sh
links:
self: https://example.cisco.com/api/fmc_platform/v1/updates/upgradepackages/b3e26a18-8392-11e8-b3c5-e4a3cc8a21de
id: b3e26a18-8392-11e8-b3c5-e4a3cc8a21de
type: UpgradePackage
- metadata:
upgradeType: Cisco FTD Upgrade
upgradeFileName: Cisco_FTD_Upgrade-6.3.0-1256.sh
fileSize: 1097772
updateVersion: 6.3.0-1256 IMS 1256
upgradeFrom: 6.1.0
uploadDate: "2018-07-03T03:30:40Z"
rebootRequired: true
upgradeFileId: Cisco FTD Upgrade / Tue Jul 3 03:30:35 UTC 2018
name: Cisco_FTD_Upgrade-6.3.0-1256.sh
links:
self: https://example.cisco.com/api/fmc_platform/v1/updates/upgradepackages/b3e61096-8392-11e8-b3c5-e4a3cc8a21de
id: b3e61096-8392-11e8-b3c5-e4a3cc8a21de
type: UpgradePackage
- metadata:
upgradeType: Cisco FTD SSP Upgrade
upgradeFileName: Cisco_FTD_SSP_Upgrade-6.3.0-10716.sh
fileSize: 2244980
updateVersion: 6.3.0-10716 IMS 10716
upgradeFrom: 6.1.0
uploadDate: "2018-06-24T15:06:31Z"
rebootRequired: true
upgradeFileId: Cisco FTD SSP Upgrade / Sun Jun 24 15:06:14 UTC 2018
name: Cisco_FTD_SSP_Upgrade-6.3.0-10716.sh
links:
self: https://example.cisco.com/api/fmc_platform/v1/updates/upgradepackages/8b0e576e-79dd-11e8-845b-e5a3cc8a21de
id: 8b0e576e-79dd-11e8-845b-e5a3cc8a21de
type: UpgradePackage
- metadata:
upgradeType: Cisco FTD Upgrade
upgradeFileName: Cisco_FTD_Upgrade-6.3.0-10716.sh
fileSize: 1102216
updateVersion: 6.3.0-10716 IMS 10716
upgradeFrom: 6.1.0
uploadDate: "2018-06-24T14:59:41Z"
rebootRequired: true
upgradeFileId: Cisco FTD Upgrade / Sun Jun 24 14:59:38 UTC 2018
name: Cisco_FTD_Upgrade-6.3.0-10716.sh
links:
self: https://example.cisco.com/api/fmc_platform/v1/updates/upgradepackages/8b0f623a-79dd-11e8-845b-e5a3cc8a21de
id: 8b0f623a-79dd-11e8-845b-e5a3cc8a21de
type: UpgradePackage
paging:
offset: 0
limit: 4
count: 4
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Updates
description: '**GET: Retrieves the upgrade packages associated with the specified ID.If no ID is specified, retrieves list of all upgrade packages.DELETE: Deletes the upgrade package associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteUpgradePackage
parameters:
- name: objectId
in: path
description: Unique identifier of the object.
required: true
schema:
type: string
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/UpgradePackage'
examples:
? 'Example 1 : DELETE /api/fmc_platform/v1/updates/upgradepackages/ad4e78a0-948a-11e8-9f03-07873f284bf9 ( Delete the Upgrade Package by the upgrade package id. This operation will remove the upgrade package from FMC. )'
: value:
metadata:
upgradeType: Cisco FTD SSP Upgrade
upgradeFileName: Cisco_FTD_SSP_Upgrade-6.3.0-1347.sh
fileSize: 2337872
updateVersion: 6.3.0-1347 IMS 1347
upgradeFrom: 6.1.0
uploadDate: "2018-07-27T21:30:05Z"
rebootRequired: true
upgradeFileId: Cisco FTD SSP Upgrade / Fri Jul 27 21:29:45 UTC 2018
name: Cisco_FTD_SSP_Upgrade-6.3.0-1347.sh
links:
self: https://example.cisco.com/api/fmc_platform/v1/updates/upgradepackages/ad4e78a0-948a-11e8-9f03-07873f284bf9
id: ad4e78a0-948a-11e8-9f03-07873f284bf9
type: UpgradePackage
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/updates/upgradepackages/{containerUUID}/applicabledevices:
get:
tags:
- Updates
description: '**Retrieves the devices available for a particular upgrade package associated with the specified ID.**'
operationId: getAllApplicableDevice
parameters:
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ApplicableDeviceListContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/updates/upgrades:
post:
tags:
- Updates
description: '**Creates a task to trigger an FTD upgrade. For FMC upgrade, only readiness check is supported. _Check the response section for applicable examples (if any)._**'
operationId: createUpgrade
parameters:
- name: toggleToSnort3
in: query
description: Boolean to toggle the devices to Snort3.
required: false
schema:
type: boolean
requestBody:
description: The input representation of Upgrade object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Upgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/upgrades ( Push the specified upgrade package on the specified devices )':
value:
upgradePackage:
id: 73207350-8395-11e8-845b-e5a3cc8a21de
type: UpgradePackage
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
pushUpgradeFileOnly: "true"
'Example 2 : POST /api/fmc_platform/v1/updates/upgrades ( Trigger the specified upgrade on the specified devices )':
value:
upgradePackage:
id: 73207350-8395-11e8-845b-e5a3cc8a21de
type: UpgradePackage
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
pushUpgradeFileOnly: "false"
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Upgrade'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Upgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/upgrades ( Push the specified upgrade package on the specified devices )':
value:
upgradePackage:
id: 73207350-8395-11e8-845b-e5a3cc8a21de
type: UpgradePackage
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
pushUpgradeFileOnly: "true"
metadata:
task:
id: "8589935884"
message: Triggered all Push Upgrades successfully
status: RUNNING
type: Upgrade
'Example 2 : POST /api/fmc_platform/v1/updates/upgrades ( Trigger the specified upgrade on the specified devices )':
value:
upgradePackage:
id: 73207350-8395-11e8-845b-e5a3cc8a21de
type: UpgradePackage
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
pushUpgradeFileOnly: "false"
metadata:
task:
id: "8589935884"
message: Triggered all Upgrades successfully
status: RUNNING
type: Upgrade
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/updates/cancelupgrades:
post:
tags:
- Updates
description: '**API to trigger Cancel of a failed upgrade. _Check the response section for applicable examples (if any)._**'
operationId: createCancelUpgrade
requestBody:
description: The input representation of CancelUpgrade object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/CancelUpgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/cancelupgrades ( Trigger cancel upgrade on the specified devices )':
value:
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/CancelUpgrade'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/CancelUpgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/cancelupgrades ( Trigger cancel upgrade on the specified devices )':
value:
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
metadata:
task:
id: "8589935884"
message: Triggered all Cancel Upgrades successfully
status: RUNNING
type: CancelUpgrade
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/updates/retryupgrades:
post:
tags:
- Updates
description: '**API to trigger Retry of a failed upgrade. _Check the response section for applicable examples (if any)._**'
operationId: createRetryUpgrade
requestBody:
description: The input representation of RetryUpgrade object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RetryUpgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/retryupgrades ( Trigger retry upgrade on the specified devices )':
value:
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RetryUpgrade'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RetryUpgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/retryupgrades ( Trigger retry upgrade on the specified devices )':
value:
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
metadata:
task:
id: "8589935884"
message: Triggered all Retry Upgrades successfully
status: RUNNING
type: RetryUpgrade
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/updates/revertupgrades:
post:
tags:
- Updates
description: '**Creates a task to revert an upgrade on an FTD. _Check the response section for applicable examples (if any)._**'
operationId: createRevertUpgrade
requestBody:
description: The input representation of RevertUpgrade object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RevertUpgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/revertupgrades ( Trigger revert upgrade on the specified devices )':
value:
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RevertUpgrade'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RevertUpgrade'
examples:
'Example 1 : POST /api/fmc_platform/v1/updates/revertupgrades ( Trigger revert upgrade on the specified devices )':
value:
targets:
- id: 1251b782-7922-11e8-85d1-9ce8632d3182
type: Device
name: vFTD-1
- id: 88f052b8-7922-11e8-a602-840c6cea8ca5
type: Device
name: vFTD-2
metadata:
task:
id: "8589935884"
message: Triggered all Revert Upgrades successfully
status: RUNNING
type: RevertUpgrade
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/element/{objectId}:
get:
tags:
- Intelligence
description: '**API Operations on Element objects.**'
operationId: getRESTElement
parameters:
- name: objectId
in: path
description: Unique identifier of the Element.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTElement'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/element/elementUUID ( Get a single ElementModel instance )':
value:
links:
self: /fmc_tid/v1/domain/domainUUID/tid/element/elementUUID
id: elementUUID
type: element
name: Sample Element
model: Sample Model
caCert: |
-----BEGIN CACERTIFICATE-----
MIIGLT...
-----END CACERTIFICATE-----
cert: |
-----BEGIN CERTIFICATE-----
MIIGLT...
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIJK...
-----END RSA PRIVATE KEY-----
status: SampleStatus
registrationDate: "1457566762"
miscData:
policyName: Sample Policy
policyId: Sample Policy Id
tidStatus: "1"
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/incident/{objectId}:
get:
tags:
- Intelligence
description: '**API Operations on Incident objects.**'
operationId: getRESTIncident
parameters:
- name: objectId
in: path
description: Unique identifier of the Incident.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIncident'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID ( Example of GET by id )':
value:
updatedAt: 1499839877
sourceName: Test URL Source
equation:
children:
- children:
- children:
- isRealized: true
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: true
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
isRealized: false
op: AND
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
isRealized: false
op: OR
indicatorName: Test Indicators
observations:
- count: 1
elementName: elementName
elementId: elementUUID
type: observation
data:
miscData:
appId: HTTP
clientId: Wget
connectionSec: "1498739289"
counter: "46"
destIpAddress: ipAddressValue
destPort: "80"
instanceId: "1"
protocol: TCP
srcIpAddress: ipAddressValue
srcPort: "39749"
userId: No Authentication Required
actionTaken: none
type: SHA256
value: sha256Value
timestamp: 1498739292
- count: 2
elementName: elementName
elementId: elementUUID
type: observation
data:
miscData:
appId: HTTP
clientId: Wget
connectionSec: "1498739351"
counter: "57"
destIpAddress: ipAddressValue
destPort: "80"
instanceId: "1"
protocol: TCP
srcIpAddress: ipAddressValue
srcPort: "39753"
userId: No Authentication Required
actionTaken: blocked
type: SHA256
value: sha256Value
timestamp: 1498739351
indicatorId: indicatorUUID
feedId: feedUUID
realizedAt: 0
actionTaken: partiallyBlocked
property:
ttl: 90
allowlist: false
expirationTime: 1506514284
publish: true
action: monitor
status: new
links:
self: /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID
id: incidentUUID
type: incident
version: 1.0.0
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Intelligence
description: '**API Operations on Incident objects. _Check the response section for applicable examples (if any)._**'
operationId: updateRESTIncident
parameters:
- name: objectId
in: path
description: Unique identifier of the Incident.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Incident object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIncident'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID ( Example of PUT for Incident (change name and status) )':
value:
updatedAt: 1499839877
sourceName: Test STIX Feed
equation:
children:
- children:
- isRealized: false
type: LL_UNSUPPORTED_OBJECT_TYPE|Port
value: IDREF:{http://hailataxii.com}Observable-fbdadbd3-dc8f-4f21-8736-1123903a056f
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: LL_UNSUPPORTED_OBJECT_TYPE|Port
value: IDREF:{http://hailataxii.com}Observable-ffed4f18-a648-4162-a088-a529f218ff96
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: IPV_4_ADDR
value: ipAddressValue
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: true
type: DomainNameObjectType
value: domainNameValue
condition: EQUALS
isRealized: true
applyCondition: ANY
isRealized: true
op: OR
indicatorName: Test Indicators
observations:
- count: 1
elementName: elementName
elementId: elementUUID
type: observation
data:
miscData:
appId: DNS
clientId: DNS
connectionSec: "1498739571"
counter: "77"
destIpAddress: ipAddressValue
destPort: "53"
destZone: AutomatedInlineSZ
dnsResponse: No Error
instanceId: "1"
protocol: UDP
srcIpAddress: ipAddressValue
srcPort: "41207"
srcZone: AutomatedInlineSZ
userId: No Authentication Required
actionTaken: none
type: DomainNameObjectType
value: domainNameValue
timestamp: 1498739571
indicatorId: indicatorUUID
feedId: feedUUID
realizedAt: 1498739604
actionTaken: monitored
property:
ttl: 90
allowlist: false
expirationTime: 1506514581
publish: true
action: monitor
status: new
id: incidentUUID
type: incident
version: 1.0.0
name: Incident
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIncident'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID ( Example of PUT for Incident (change name and status) )':
value:
updatedAt: 1499840397
sourceName: Test STIX Feed
equation:
children:
- children:
- isRealized: false
type: LL_UNSUPPORTED_OBJECT_TYPE|Port
value: IDREF:{http://hailataxii.com}Observable-fbdadbd3-dc8f-4f21-8736-1123903a056f
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: LL_UNSUPPORTED_OBJECT_TYPE|Port
value: IDREF:{http://hailataxii.com}Observable-ffed4f18-a648-4162-a088-a529f218ff96
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: IPV_4_ADDR
value: ipAddressValue
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: true
type: DomainNameObjectType
value: domainNameValue
condition: EQUALS
isRealized: true
applyCondition: ANY
isRealized: true
op: OR
indicatorName: Test Indicators
observations:
- count: 1
elementName: elementName
elementId: elementUUID
type: observation
data:
miscData:
appId: DNS
clientId: DNS
connectionSec: "1498739571"
counter: "77"
destIpAddress: ipAddressValue
destPort: "53"
destZone: AutomatedInlineSZ
dnsResponse: No Error
instanceId: "1"
protocol: UDP
srcIpAddress: ipAddressValue
srcPort: "41207"
srcZone: AutomatedInlineSZ
userId: No Authentication Required
actionTaken: none
type: DomainNameObjectType
value: domainNameValue
timestamp: 1498739571
indicatorId: indicatorUUID
feedId: feedUUID
realizedAt: 1498739604
actionTaken: monitored
property:
ttl: 90
allowlist: false
expirationTime: 1506514581
publish: true
action: monitor
status: closed
links:
self: /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID
id: incidentUUID
type: incident
version: 1.0.0
name: Incident Closed
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIncident'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Intelligence
description: '**API Operations on Incident objects. _Check the response section for applicable examples (if any)._**'
operationId: deleteRESTIncident
parameters:
- name: objectId
in: path
description: Unique identifier of the Incident.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIncident'
examples:
'Example 1 : DELETE /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID ( Example of DELETE by id )':
value:
updatedAt: 1499839877
sourceName: Test URL Source
equation:
children:
- children:
- children:
- isRealized: true
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: true
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
isRealized: false
op: AND
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
- children:
- isRealized: false
type: SHA256
value: sha256Value
condition: EQUALS
isRealized: false
applyCondition: ANY
isRealized: false
op: OR
indicatorName: Test Indicators
observations:
- count: 1
elementName: elementName
elementId: elementUUID
type: observation
data:
miscData:
appId: HTTP
clientId: Wget
connectionSec: "1498739289"
counter: "46"
destIpAddress: ipAddressValue
destPort: "80"
instanceId: "1"
protocol: TCP
srcIpAddress: ipAddressValue
srcPort: "39749"
userId: No Authentication Required
actionTaken: none
type: SHA256
value: sha256Value
timestamp: 1498739292
- count: 2
elementName: elementName
elementId: elementUUID
type: observation
data:
miscData:
appId: HTTP
clientId: Wget
connectionSec: "1498739351"
counter: "57"
destIpAddress: ipAddressValue
destPort: "80"
instanceId: "1"
protocol: TCP
srcIpAddress: ipAddressValue
srcPort: "39753"
userId: No Authentication Required
actionTaken: blocked
type: SHA256
value: sha256Value
timestamp: 1498739351
indicatorId: indicatorUUID
feedId: feedUUID
realizedAt: 0
actionTaken: partiallyBlocked
property:
ttl: 90
allowlist: false
expirationTime: 1506514284
publish: true
action: monitor
status: new
links:
self: /fmc_tid/v1/domain/domainUUID/tid/incident/incidentUUID
id: incidentUUID
type: incident
version: 1.0.0
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/indicator/{objectId}:
get:
tags:
- Intelligence
description: '**API Operations on Indicator objects.**'
operationId: getRESTIndicator
parameters:
- name: objectId
in: path
description: Unique identifier of the Indicator.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIndicator'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/indicator/indicatorUUID ( Get a single Indicator instance )':
value:
inheritedProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
effectiveProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
customProperty:
publish: true
action: monitor
feedId: feedUUID
equation:
children:
- children:
- isRealized: false
type: IPV_4_ADDR
value: IPV_4_ADDR:c4a098d02ba0407e165c14996f8eae6b65a119a2
condition: EQUALS
applyCondition: ANY
isRealized: false
isRealized: false
op: OR
updatedAt: 1499842559
sourceName: Test Flat File IPV4
containsUnsupported: false
containsInvalid: false
observables:
- inheritedProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
effectiveProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
indicatorCount: 1
observableType: IPV_4_ADDR
updatedAt: 1498504028
value: ipAddressValue
id: IPV_4_ADDR:c4a098d02ba0407e165c14996f8eae6b65a119a2
type: observable
name: Observable
version: 1.0.0
indicatorVersion: 1.0.0
noRealizedIncidents: 0
noPartialIncidents: 0
links:
self: /fmc_tid/v1/domain/domainUUID/tid/indicator/indicatorUUID
id: indicatorUUID
type: indicator
name: Sample Indicator
version: 1.0.0
description: Indicator description
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Intelligence
description: '**API Operations on Indicator objects. _Check the response section for applicable examples (if any)._**'
operationId: updateRESTIndicator
parameters:
- name: objectId
in: path
description: Unique identifier of the Indicator.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Indicator object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIndicator'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/indicator/indicatorUUID ( PUT Example for Indicator )':
value:
inheritedProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
effectiveProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
customProperty:
publish: true
action: block
feedId: feedUUID
equation:
children:
- children:
- isRealized: false
type: IPV_4_ADDR
value: IPV_4_ADDR:c4a098d02ba0407e165c14996f8eae6b65a119a2
condition: EQUALS
applyCondition: ANY
isRealized: false
isRealized: false
op: OR
updatedAt: 1499842559
sourceName: Test Flat File IPV4
containsUnsupported: false
containsInvalid: false
observables:
- inheritedProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
effectiveProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
indicatorCount: 1
observableType: IPV_4_ADDR
updatedAt: 1498504028
value: ipAddressValue
id: IPV_4_ADDR:c4a098d02ba0407e165c14996f8eae6b65a119a2
type: observable
name: Observable
version: 1.0.0
indicatorVersion: 1.0.0
noRealizedIncidents: 0
noPartialIncidents: 0
id: indicatorUUID
type: indicator
name: Sample Indicator IPV4
version: 1.0.0
description: Indicator description changed
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIndicator'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/indicator/indicatorUUID ( PUT Example for Indicator )':
value:
inheritedProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
effectiveProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: block
customProperty:
publish: true
action: block
feedId: feedUUID
equation:
children:
- children:
- isRealized: false
type: IPV_4_ADDR
value: IPV_4_ADDR:c4a098d02ba0407e165c14996f8eae6b65a119a2
condition: EQUALS
applyCondition: ANY
isRealized: false
isRealized: false
op: OR
updatedAt: 1499843144
sourceName: Test Flat File IPV4
containsUnsupported: false
containsInvalid: false
observables:
- inheritedProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
effectiveProperty:
ttl: 90
publish: true
allowlist: false
expirationTime: 1506280028
action: monitor
indicatorCount: 1
observableType: IPV_4_ADDR
updatedAt: 1498504028
value: ipAddressValue
id: IPV_4_ADDR:c4a098d02ba0407e165c14996f8eae6b65a119a2
type: observable
name: Observable
version: 1.0.0
indicatorVersion: 1.0.0
noRealizedIncidents: 0
noPartialIncidents: 0
links:
self: /fmc_tid/v1/domain/domainUUID/tid/indicator/indicatorUUID
id: indicatorUUID
type: indicator
name: Sample Indicator IPV4
version: 1.0.0
description: Indicator description changed
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTIndicator'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/observable/{objectId}:
get:
tags:
- Intelligence
description: '**API Operations on Observable objects.**'
operationId: getRESTObservable
parameters:
- name: objectId
in: path
description: Unique identifier of the Observable.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTObservable'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/observable/observableUUID ( Get a single Observable instance )':
value:
inheritedProperty:
publish: true
expirationTime: 1493929252
allowlist: false
action: monitor
ttl: 90
observableType: IPV_4_ADDR
effectiveProperty:
publish: true
expirationTime: 1493929252
allowlist: false
action: monitor
ttl: 90
indicatorCount: 1
updatedAt: 1486153252
value: ipAddressValue
links:
self: /fmc_tid/v1/domain/domainUUID/tid/observable/observableUUID
id: observableUUID
type: observable
name: Observable name
version: 1.0.0
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Intelligence
description: '**API Operations on Observable objects. _Check the response section for applicable examples (if any)._**'
operationId: updateRESTObservable
parameters:
- name: objectId
in: path
description: Unique identifier of the Observable.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Observable object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTObservable'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/observable/observableUUID ( PUT Observable instance )':
value:
inheritedProperty:
publish: true
expirationTime: 1493929252
allowlist: false
action: monitor
ttl: 90
observableType: IPV_4_ADDR
effectiveProperty:
publish: true
expirationTime: 1493929252
allowlist: false
action: monitor
ttl: 90
indicatorCount: 1
updatedAt: 1486153252
value: ipAddressValue
id: observableUUID
type: observable
name: Observable name 2
version: 1.0.0
customProperty:
allowlist: true
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTObservable'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/observable/observableUUID ( PUT Observable instance )':
value:
inheritedProperty:
publish: true
expirationTime: 1493929252
allowlist: false
action: monitor
ttl: 90
observableType: IPV_4_ADDR
effectiveProperty:
publish: true
expirationTime: 1493929252
allowlist: false
action: monitor
ttl: 90
indicatorCount: 1
updatedAt: 1486153252
value: ipAddressValue
links:
self: /fmc_tid/v1/domain/domainUUID/tid/observable/observableUUID
id: observableUUID
type: observable
name: Observable name 2
version: 1.0.0
customProperty:
allowlist: true
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTObservable'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/taxiiconfig/discoveryinfo:
post:
tags:
- Intelligence
description: '**API Operations on Discovery Info objects. _Check the response section for applicable examples (if any)._**'
operationId: createRESTDiscoveryInfo
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Discovery Info object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTDiscoveryInfo'
examples:
'Example 1 : POST /fmc_tid/v1/domain/domainUUID/taxiiconfig/discoveryinfo ( POST Example for discoveryinfo )':
value:
uri: http://hailataxii.com/taxii-discovery-service
username: username
passwd: password
caCert: ""
clientCert: ""
clientPrivateKey: ""
params:
hostnameVerifier: allow_all
selfSignedServerCertificate: "false"
version: 0.1.0
type: source
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTDiscoveryInfo'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTDiscoveryInfo'
examples:
'Example 1 : POST /fmc_tid/v1/domain/domainUUID/taxiiconfig/discoveryinfo ( POST Example for discoveryinfo )':
value:
uri: http://hailataxii.com/taxii-discovery-service
params:
hostnameVerifier: allow_all
selfSignedServerCertificate: "false"
consumedUnsupportedObservables: 0
lastRun: 0
nextRun: 0
feedStatus: new
discoveryInfo:
- collectionName: DISCOVERY
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionPollIntervalInMinutes: 0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
- collectionName: COLLECTION_MANAGEMENT
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionPollIntervalInMinutes: 0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
- collectionName: POLL
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionPollIntervalInMinutes: 0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
refresh: 0
passwd: password
consumedObservables: 0
totalUnsupportedObservables: 0
invalidObservables: 0
totalObservables: 0
totalInvalidObservables: 0
downloadOn: false
runNow: false
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
property:
ttl: 90
action: monitor
expirationTime: 0
publish: true
allowlist: false
username: username
id: id
type: source
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/taxiiconfig/collections:
post:
tags:
- Intelligence
description: '**API Operations on Taxii Collection objects. _Check the response section for applicable examples (if any)._**'
operationId: createRESTTaxiiCollection
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Taxii Collection object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTaxiiCollection'
examples:
'Example 1 : POST /fmc_tid/v1/domain/domainUUID/taxiiconfig/collections ( POST Example for collections )':
value:
uri: http://hailataxii.com/taxii-discovery-service
username: username
passwd: password
caCert: ""
clientCert: ""
clientPrivateKey: ""
params:
hostnameVerifier: allow_all
selfSignedServerCertificate: "false"
version: 0.1.0
type: source
discoveryInfo:
- collectionPollIntervalInMinutes: 0
collectionName: DISCOVERY
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: COLLECTION_MANAGEMENT
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: POLL
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTaxiiCollection'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTaxiiCollection'
examples:
'Example 1 : POST /fmc_tid/v1/domain/domainUUID/taxiiconfig/collections ( POST Example for collections )':
value:
uri: http://hailataxii.com/taxii-discovery-service
params:
hostnameVerifier: allow_all
selfSignedServerCertificate: "false"
nextRun: 0
consumedUnsupportedObservables: 0
lastRun: 0
discoveryInfo:
- collectionPollIntervalInMinutes: 0
collectionName: DISCOVERY
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: COLLECTION_MANAGEMENT
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: POLL
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
collectionContentBinding: '[]'
type: taxii_collections
totalUnsupportedObservables: 0
totalInvalidObservables: 0
availableCollections:
- collectionPollIntervalInMinutes: 0
collectionName: guest.Abuse_ch
collectionDescription: guest.Abuse_ch
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.CyberCrime_Tracker
collectionDescription: guest.CyberCrime_Tracker
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.EmergineThreats_rules
collectionDescription: guest.EmergineThreats_rules
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.EmergingThreats_rules
collectionDescription: guest.EmergingThreats_rules
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.Lehigh_edu
collectionDescription: guest.Lehigh_edu
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.MalwareDomainList_Hostlist
collectionDescription: guest.MalwareDomainList_Hostlist
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.blutmagie_de_torExits
collectionDescription: guest.blutmagie_de_torExits
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.dataForLast_7daysOnly
collectionDescription: guest.dataForLast_7daysOnly
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.dshield_BlockList
collectionDescription: guest.dshield_BlockList
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: guest.phishtank_com
collectionDescription: guest.phishtank_com
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
- collectionPollIntervalInMinutes: 0
collectionName: system.Default
collectionDescription: system.Default
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
downloadOn: false
runNow: false
feedStatus: new
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 0
refresh: 0
passwd: password
property:
ttl: 90
allowlist: false
expirationTime: 0
publish: true
action: monitor
username: username
id: sourceUUID
type: source
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/source/{objectId}:
get:
tags:
- Intelligence
description: '**API Operations on Source objects.**'
operationId: getRESTTidSource
parameters:
- name: objectId
in: path
description: Unique identifier of the Source.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID ( Example of GET by id )':
value:
uri: http://somehost/feeds/domain.txt
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
pollInterval: "86400"
nextRun: 1499922000
consumedUnsupportedObservables: 0
checksum: 6A330EFFD42314B74C030C0038BAB3352F70CC5344D6CE24774BD04EFDEDB7BD
lastRun: 1499836832
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: true
runNow: false
feedStatus: parsing
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 501
feedType: flatfile
feedContent: DomainNameObjectType
delivery: url
refresh: 1440
property:
ttl: 80
allowlist: false
expirationTime: 1506749351
publish: true
action: block
id: sourceUUID
type: source
name: Test URL Source
description: Test URL Source
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Intelligence
description: '**API Operations on Source objects. _Check the response section for applicable examples (if any)._**'
operationId: updateRESTTidSource
parameters:
- name: objectId
in: path
description: Unique identifier of the Source.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Source object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID ( Example of PUT )':
value:
uri: http://somehost/feeds/domain.txt
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
nextRun: 1499922000
consumedUnsupportedObservables: 0
checksum: 6A330EFFD42314B74C030C0038BAB3352F70CC5344D6CE24774BD04EFDEDB7BD
lastRun: 1499836832
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: true
runNow: false
feedStatus: parsing
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 501
feedType: flatfile
feedContent: DomainNameObjectType
delivery: url
refresh: 1440
property:
ttl: "80"
publish: true
action: block
id: sourceUUID
type: source
name: Test URL Source
description: Test URL Source
caCert: ""
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID ( Example of PUT )':
value:
uri: http://somehost/feeds/domain.txt
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
pollInterval: "86400"
nextRun: 1499922000
consumedUnsupportedObservables: 0
checksum: 6A330EFFD42314B74C030C0038BAB3352F70CC5344D6CE24774BD04EFDEDB7BD
lastRun: 1499836832
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: true
runNow: false
feedStatus: parsing
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 501
feedType: flatfile
feedContent: DomainNameObjectType
delivery: url
refresh: 1440
property:
ttl: 80
allowlist: false
expirationTime: 1506749351
publish: true
action: block
links:
self: /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID
description: Test URL Source
id: sourceUUID
type: source
name: Test URL Source
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Intelligence
description: '**API Operations on Source objects. _Check the response section for applicable examples (if any)._**'
operationId: deleteRESTTidSource
parameters:
- name: objectId
in: path
description: Unique identifier of the Source.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
examples:
'Example 1 : DELETE /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID ( Example of DELETE by id )':
value:
uri: NTAyNTVjOTJjNjAzYWUzOWNlOTE3N2UyNzkxMTI4YTE5YzUzODU3MQ
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
job: 85eaa1fb-7250-4db5-865e-622030a155d7
statusMsg:
"0":
info: Operation completed successfully.
nextRun: 0
consumedUnsupportedObservables: 0
checksum: AD8E91B35B7F2EA8F99996EF49C1C9A43A86D6A271AE19782D5D31BF834BEE2A
lastRun: 1499836436
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: false
runNow: false
feedStatus: completed
finishTime: 1499836437
consumedIndicators: 1
totalIndicators: 1
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 1
feedType: flatfile
feedContent: IPV_4_ADDR
delivery: upload
refresh: 0
property:
ttl: 90
allowlist: false
expirationTime: 1507612436
publish: true
action: monitor
username: username
id: sourceUUID
type: source
name: Test STIX Source
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/source:
get:
tags:
- Intelligence
description: '**API Operations on Source objects.**'
operationId: getAllRESTTidSource
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSourceListContainer'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/source ( Example of GET all sources (concise view) )':
value:
links:
self: /fmc_tid/v1/domain/domainUUID/tid/source
items:
- id: sourceUUID
type: source
name: Test URL Feed
- id: sourceUUID
type: source
name: Test Flat File Domain Feed
- id: sourceUUID
type: source
name: Test TAXII Feed
- id: sourceUUID
type: source
name: Test TAXII Feed 2
paging:
offset: 0
limit: 4
count: 4
pages: 1
'Example 2 : GET /fmc_tid/v1/domain/domainUUID/tid/source?expanded=true ( Example of GET all sources (expanded view) )':
value:
links:
self: /fmc_tid/v1/domain/domainUUID/tid/source?expanded=true
items:
- uri: MzQwYWEyYjYxZjg4YmE1MTczNDNjYzk4ZTg0NDNlNGQwMzgyZWJlMw
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
job: 831f07f3-a0d2-481c-8eb8-5fbf22fe5ab1
statusMsg:
"0":
info: Operation completed successfully.
nextRun: 0
consumedUnsupportedObservables: 0
checksum: 204CCA8536F620B6B97396C464EA4E2F06DA998F8A855FCC8B1DC486598F698D
lastRun: 1498738283
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: false
runNow: false
feedStatus: completed
finishTime: 1498738400
consumedIndicators: 1
totalIndicators: 1
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 10
feedType: stix
feedContent: stix
delivery: upload
refresh: 0
property:
ttl: 90
allowlist: false
expirationTime: 1506514283
publish: true
action: monitor
id: sourceUUID
type: source
name: Test URL Feed
- uri: OWRmMWU2YmNmMzIzMDZjMjZjNGQxYTA4OThkNmIyZmU1ZmUzM2EwNQ
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
job: 152d9e2b-b7d1-414a-8b73-25f44230b634
statusMsg:
"0":
info: Operation completed successfully.
nextRun: 0
consumedUnsupportedObservables: 0
checksum: D1BC2C02D0C0B50BD9CC73BB1C1FF4F2FB25E2ECE7C3520E85508996DF11929F
lastRun: 1498738253
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: false
runNow: false
feedStatus: completed
finishTime: 1498738400
consumedIndicators: 17695
totalIndicators: 17695
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 17695
feedType: flatfile
feedContent: DomainNameObjectType
delivery: upload
refresh: 0
property:
ttl: 90
allowlist: false
expirationTime: 1506514253
publish: true
action: block
id: sourceUUID
type: source
name: Test Flat File Domain Feed
- uri: http://hailataxii.com/taxii-discovery-service
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
job: e06aa9fc-a6f3-4079-b384-0acf310efa85
nextRun: 1499922000
consumedUnsupportedObservables: 0
lastRun: 1499835668
totalUnsupportedObservables: 0
totalInvalidObservables: 0
subscribedCollections:
- collectionPollIntervalInMinutes: 0
collectionName: guest.EmergingThreats_rules
collectionDescription: guest.EmergingThreats_rules
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
downloadOn: true
runNow: false
feedStatus: downloading
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 0
feedType: stix
feedContent: stix
delivery: taxii
refresh: 1440
passwd: password
property:
ttl: 90
allowlist: false
expirationTime: 1507611664
publish: true
action: monitor
username: username
id: sourceUUID
type: source
name: Test TAXII Feed
description: Test TAXII Feed
- uri: http://hailataxii.com/taxii-discovery-service
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
job: b5618ed7-e029-4ae3-a616-eda7f538d678
pollInterval: "86400"
pollTimeStamp: "1498738348"
statusMsg:
"305":
info: 'Source Parser: Invalid observable(s).'
"308":
info: 'Source Parser: Unsupported observable type.'
nextRun: 1498824000
consumedUnsupportedObservables: 9335
lastRun: 1498738346
totalUnsupportedObservables: 9335
totalInvalidObservables: 274
subscribedCollections:
- collectionPollIntervalInMinutes: 0
collectionName: guest.dataForLast_7daysOnly
collectionDescription: guest.dataForLast_7daysOnly
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
downloadOn: false
runNow: false
feedStatus: completed_with_errors
finishTime: 1498756750
consumedIndicators: 66052
totalIndicators: 66052
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 274
consumedObservables: 103919
feedType: stix
feedContent: stix
delivery: taxii
refresh: 1440
username: username
password: password
property:
ttl: 90
allowlist: false
expirationTime: 1506514346
publish: true
action: monitor
id: sourceUUID
type: source
name: Test TAXII Feed 2
description: Test TAXII Feed 2
paging:
offset: 0
limit: 4
count: 4
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Intelligence
description: '**API Operations on Source objects. _Check the response section for applicable examples (if any)._**'
operationId: createRESTTidSource
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Source object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
examples:
'Example 1 : POST /fmc_tid/v1/domain/domainUUID/tid/source ( POST example with taxii )':
value:
startHour: 2
name: Sample TAXII Feed
description: Sample TAXII Feed
feedType: stix
feedContent: stix
delivery: taxii
uri: http://hailataxii.com/taxii-discovery-service
username: username
passwd: password
refresh: 1440
version: 1.0.0
downloadOn: true
subscribedCollections:
- collectionPollIntervalInMinutes: 0
collectionName: guest.MalwareDomainList_Hostlist
collectionDescription: guest.MalwareDomainList_Hostlist
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
property:
ttl: 90
publish: true
action: monitor
'Example 2 : POST /fmc_tid/v1/domain/domainUUID/tid/source ( POST example with URL )':
value:
startHour: 2
name: Test URL Source
description: ""
feedType: flatfile
feedContent: DomainNameObjectType
delivery: url
uri: http://somehost/feeds/domain.txt
refresh: 1440
version: 1.0.0
downloadOn: true
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
property:
ttl: 90
publish: true
action: monitor
'Example 3 : POST /fmc_tid/v1/domain/domainUUID/tid/source ( POST example with HTTPS URL )':
value:
startHour: 2
name: Test URL HTTPS
description: Test URL HTTPS
feedType: flatfile
feedContent: IPV_4_ADDR
delivery: url
uri: https://somehost/feeds/ipv4.block.txt
caCert: ca_cert_here - optional
clientCert: client_cert_here - optional
clientPrivateKey: key_cert_here - optional
refresh: 1440
version: 1.0.0
downloadOn: true
params:
selfSignedServerCertificate: "true"
hostnameVerifier: allow_all
property:
ttl: 90
publish: true
action: block
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTTidSource'
examples:
'Example 1 : POST /fmc_tid/v1/domain/domainUUID/tid/source ( POST example with taxii )':
value:
uri: http://hailataxii.com/taxii-discovery-service
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
nextRun: 0
consumedUnsupportedObservables: 0
lastRun: 0
totalUnsupportedObservables: 0
totalInvalidObservables: 0
subscribedCollections:
- collectionPollIntervalInMinutes: 0
collectionName: guest.MalwareDomainList_Hostlist
collectionDescription: guest.MalwareDomainList_Hostlist
collectionProtocolBinding: urn:taxii.mitre.org:protocol:https:1.0
collectionAddress: http://hailataxii.com:80/taxii-data
collectionMessageBinding: '[urn:taxii.mitre.org:message:xml:1.1]'
type: taxii_collections
downloadOn: true
runNow: false
feedStatus: new
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 0
feedType: stix
feedContent: stix
delivery: taxii
refresh: 1440
property:
ttl: 90
allowlist: false
expirationTime: 1507613046
publish: true
action: monitor
username: username
links:
self: /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID
description: Sample TAXII Feed
id: sourceUUID
type: source
name: Sample TAXII Feed
'Example 2 : POST /fmc_tid/v1/domain/domainUUID/tid/source ( POST example with URL )':
value:
uri: http://somehost/feeds/domain.txt
params:
selfSignedServerCertificate: "false"
hostnameVerifier: allow_all
nextRun: 0
consumedUnsupportedObservables: 0
lastRun: 0
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: true
runNow: false
feedStatus: new
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 0
feedType: flatfile
feedContent: DomainNameObjectType
delivery: url
refresh: 1440
property:
ttl: 90
allowlist: false
expirationTime: 1507612829
publish: true
action: monitor
links:
self: /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID
id: sourceUUID
type: source
name: Test URL Source
'Example 3 : POST /fmc_tid/v1/domain/domainUUID/tid/source ( POST example with HTTPS URL )':
value:
uri: https://somehost/feeds/ipv4.block.txt
params:
selfSignedServerCertificate: "true"
hostnameVerifier: allow_all
nextRun: 0
consumedUnsupportedObservables: 0
lastRun: 0
totalUnsupportedObservables: 0
totalInvalidObservables: 0
downloadOn: true
runNow: false
feedStatus: new
consumedIndicators: 0
totalIndicators: 0
discardedIndicators: 0
totalDiscardedIndicators: 0
totalObservables: 0
invalidObservables: 0
consumedObservables: 0
feedType: flatfile
feedContent: IPV_4_ADDR
delivery: url
refresh: 1440
property:
ttl: 90
allowlist: false
expirationTime: 1507614000
publish: true
action: block
links:
self: /fmc_tid/v1/domain/domainUUID/tid/source/sourceUUID
caCert: ca_cert_here - optional
clientCert: client_cert_here - optional
clientPrivateKey: key_cert_here - optional
description: Test URL HTTPS
id: sourceUUID
type: source
name: Test URL HTTPS
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_tid/v1/domain/{domainUUID}/tid/settings/{objectId}:
get:
tags:
- Intelligence
description: '**API Operations on Settings objects.**'
operationId: getRESTSettings
parameters:
- name: objectId
in: path
description: Unique identifier of the Settings object.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTSettings'
examples:
'Example 1 : GET /fmc_tid/v1/domain/domainUUID/tid/settings/publish_observables ( Get a single Settings instance )':
value:
id: publish_observables
type: settings
version: 1.0.0
settings:
publish_observables: true
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Intelligence
description: '**API Operations on Settings objects. _Check the response section for applicable examples (if any)._**'
operationId: updateRESTSettings
parameters:
- name: objectId
in: path
description: Unique identifier of the Settings object.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Settings object model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTSettings'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/settings/publish_observables ( PUT operation on Settings model )':
value:
id: publish_observables
type: settings
settings:
publish_observables: false
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTSettings'
examples:
'Example 1 : PUT /fmc_tid/v1/domain/domainUUID/tid/settings/publish_observables ( PUT operation on Settings model )':
value:
id: publish_observables
type: settings
settings:
publish_observables: false
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RESTSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/search/global:
get:
tags:
- Search
description: '**Search for objects and policies matching specified text or IP address**'
operationId: getGlobalSearch
parameters:
- name: filter
in: query
description: Text or IP address used for filtering
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/GlobalSearchListContainer'
examples:
'Example 1 : GET /api/fmc_config/v1/domain/default/search/global ( GET ALL search )':
value:
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/global?offset=0&limit=4&filter=any&expanded=true
items:
- category: OBJECT
name: any
type: NetworkGroup
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/networkgroups/69fa2a3a-4487-4e3c-816f-4098f684826e
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: 69fa2a3a-4487-4e3c-816f-4098f684826e
- category: OBJECT
name: ANY
type: ISESecurityGroupTag
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/isesecuritygrouptags/5fce8cce-aa67-11e5-816b-95eb712b72a1
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: 5fce8cce-aa67-11e5-816b-95eb712b72a1
- category: OBJECT
value: 0.0.0.0/0
name: any-ipv4
type: Network
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/networks/cb7116e8-66a6-480b-8f9b-295191a0940a
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: cb7116e8-66a6-480b-8f9b-295191a0940a
paging:
offset: 0
limit: 4
count: 3
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/search/object:
get:
tags:
- Search
description: '**Search for objects matching specified text or IP address**'
operationId: getGlobalObjectSearch
parameters:
- name: filter
in: query
description: Text or IP address used for filtering
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/GlobalObjectSearchListContainer'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/object?offset=0&limit=25&filter=any&expanded=true ( GET list of objects matching filter text "any" )'
: value:
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/object?offset=0&limit=25&filter=any&expanded=true
items:
- category: OBJECT
name: ANY
type: ISESecurityGroupTag
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/isesecuritygrouptags/5fce8cce-aa67-11e5-816b-95eb712b72a1
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: 5fce8cce-aa67-11e5-816b-95eb712b72a1
- category: OBJECT
name: any
type: NetworkGroup
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/networkgroups/69fa2a3a-4487-4e3c-816f-4098f684826e
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: 69fa2a3a-4487-4e3c-816f-4098f684826e
- category: OBJECT
value: 0.0.0.0/0
name: any-ipv4
type: Network
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/networks/cb7116e8-66a6-480b-8f9b-295191a0940a
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: cb7116e8-66a6-480b-8f9b-295191a0940a
- category: OBJECT
value: ::/0
name: any-ipv6
type: Host
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/hosts/dde11d62-288b-4b4c-92e0-1dad0496f14b
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: dde11d62-288b-4b4c-92e0-1dad0496f14b
- category: OBJECT
value: 192.88.99.0/24
name: IPv6-to-IPv4-Relay-Anycast
type: Network
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/object/networks/04ea3f1f-f5a9-4eca-b051-487ebeb4c97f
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: 04ea3f1f-f5a9-4eca-b051-487ebeb4c97f
paging:
offset: 0
limit: 25
count: 5
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/search/policy:
get:
tags:
- Search
description: '**Search for policies matching specified text or IP address (literal values in policies)**'
operationId: getGlobalPolicySearch
parameters:
- name: filter
in: query
description: Text or IP address used for filtering
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/GlobalPolicySearchListContainer'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/policy?offset=0&limit=25&filter=global&expanded=true ( GET list of policies matching filter text "global" )'
: value:
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/policy?offset=0&limit=200&filter=text:global
items:
- category: POLICY
type: PrefilterPolicy
id: 005056A9-9066-0ed3-0000-249108103339
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/prefilterpolicies/005056A9-9066-0ed3-0000-249108103339
name: Global Prefilter
- category: POLICY
type: AccessPolicy
id: 005056A9-9066-0ed3-0000-038654705727
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/005056A9-9066-0ed3-0000-038654705727
name: Global ACP
- category: POLICY
type: FTDNatPolicy
id: 005056A9-9066-0ed3-0000-403726925915
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftdnatpolicies/005056A9-9066-0ed3-0000-403726925915
name: Global FTD NAT
paging:
offset: 0
limit: 200
count: 3
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/search/device:
get:
tags:
- Search
description: '**Search for devices matching specified text**'
operationId: getGlobalDeviceSearch
parameters:
- name: filter
in: query
description: Text used for filtering
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/GlobalDeviceSearchListContainer'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/device?offset=0&limit=25&filter=FTD&expanded=true ( GET list of devices matching filter text "FTD" )'
: value:
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/search/device?offset=0&limit=200&filter=text:FTD
items:
- category: DEVICE
id: dd6e4972-360b-11ec-a044-85805db90dcf
name: FTD01
type: Device
value: Cisco Firepower Threat Defense for VMware
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/dd6e4972-360b-11ec-a044-85805db90dcf
- category: DEVICE
id: 2c455506-1b44-463f-9276-17969d566f3c
name: FTD02
type: Device
value: Cisco Firepower Threat Defense for VMware
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/devices/devicerecords/2c455506-1b44-463f-9276-17969d566f3c
paging:
offset: 0
limit: 200
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/domain/{domainUUID}/audit/auditrecords/{objectId}:
get:
tags:
- Audit
description: '**API Operations on audit objects.**'
operationId: getAuditModel
parameters:
- name: objectId
in: path
description: Unique identifier of the object.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AuditModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/devicegroups/devicegrouprecords/{objectId}:
get:
tags:
- Device Groups
description: '**Retrieves, deletes, creates, or modifies the device group associated with the specified ID. If no ID is specified for a GET, retrieves list of all device groups.**'
operationId: getDeviceGroup
parameters:
- name: objectId
in: path
description: Identifier for a device group.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
examples:
'Example 1 : GET /fmc_config/v1/domain/domainUUID/devicegroups/devicegrouprecords/deviceGroupUUID ( Test GET of device group )':
value:
id: deviceGroupUUID
type: DeviceGroup
name: zoom2
links:
self: /fmc_config/v1/domain/domainUUID/devicegroups/devicegrouprecords/deviceGroupUUID
members:
- id: deviceUUID
type: Device
name: deviceName
links:
self: /api/fmc_config/v1/domain/default/devices/devicerecords/deviceUUID
metadata:
domain:
id: domainUUID
type: Domain
name: Global
lastUser:
name: admin
id: userUUID
type: User
readOnly:
state: true
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Device Groups
description: '**Retrieves, deletes, creates, or modifies the device group associated with the specified ID. If no ID is specified for a GET, retrieves list of all device groups. _Check the response section for applicable examples (if any)._**'
operationId: updateDeviceGroup
parameters:
- name: objectId
in: path
description: Identifier for a device group.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of device group.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/domainUUID/devicegroups/devicegrouprecords/deviceGroupUUID ( Test PUT of network object to update record )'
: value:
name: zoom3_upd
type: DeviceGroup
id: deviceGroupUUID
members:
- id: deviceUUID
type: Device
name: deviceName
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Device Groups
description: '**Retrieves, deletes, creates, or modifies the device group associated with the specified ID. If no ID is specified for a GET, retrieves list of all device groups. _Check the response section for applicable examples (if any)._**'
operationId: deleteDeviceGroup
parameters:
- name: objectId
in: path
description: Identifier for a device group.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/domainUUID/devicegroups/devicegrouprecords/devicegroupUUID ( Test DELETE of Device Group )'
: value:
name: test1
type: DeviceGroup
id: devicegroupUUID
links:
self: /fmc_config/v1/domain/domainUUID/devicegroups/devicegrouprecords/devicegroupUUID
members:
- id: deviceUUID
type: Device
name: deviceName
links:
self: /api/fmc_config/v1/domain/default/devices/devicerecords/deviceUUID
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/devicegroups/devicegrouprecords:
get:
tags:
- Device Groups
description: '**Retrieves, deletes, creates, or modifies the device group associated with the specified ID. If no ID is specified for a GET, retrieves list of all device groups.**'
operationId: getAllDeviceGroup
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroupListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/object/devicegroups/devicegrouprecords ( Get all paginated network objects without offset and limit )'
: value:
links:
self: /fmc_config/v1/domain/domainUUID/object/devicegroups/devicegrouprecords?offset=0&limit=3
items:
- name: test1
id: devicegroupUUID
type: DeviceGroup
links:
self: /fmc_config/v1/domain/domainUUID/object/devicegroups/devicegrouprecords/devicegroupUUID
- name: test2
id: devicegroupUUID
type: DeviceGroup
links:
self: /fmc_config/v1/domain/domainUUID/object/devicegroups/devicegrouprecords/devicegroupUUID
- name: test3
id: devicegroupUUID
type: DeviceGroup
links:
self: /fmc_config/v1/domain/domainUUID/object/devicegroups/devicegrouprecords/devicegroupUUID
paging:
offset: number
limit: number
count: number
pages: number
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Device Groups
description: '**Retrieves, deletes, creates, or modifies the device group associated with the specified ID. If no ID is specified for a GET, retrieves list of all device groups. _Check the response section for applicable examples (if any)._**'
operationId: createDeviceGroup
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of device group.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/domainUUID/devicegroups/devicegrouprecords ( Test adding of device group to create a new record )'
: value:
name: zoom
type: DeviceGroup
members:
- id: deviceUUID
type: Device
name: deviceName
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DeviceGroup'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftddevicecluster/{objectId}:
get:
tags:
- Device Clusters
description: '**Retrieves or modifies the Firewall Threat Defense Cluster record associated with the specified ID. If no ID is specified for a GET, retrieves list of all Firewall Threat Defense Clusters.**'
operationId: getRestFTDClusterDeviceContainer
parameters:
- name: objectId
in: path
description: Identifier of a Firewall Threat Defense Cluster.
required: true
schema:
type: string
- name: liveStatus
in: query
description: Boolean to specify if live status of cluster nodes is required.
required: false
schema:
type: string
- name: includeMTUValues
in: query
description: Boolean to specify if cluster control link and data interface MTU values are required
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test GET method for a specific FTD Cluster Container Device. )'
: value:
id: 35874370-9957-11e8-af35-2038dcb5d0fa
type: DeviceCluster
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster?offset=0&limit=1&expanded=true
name: <cluster_name>
controlDevice:
deviceDetails:
id: <control_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
priority: 1
siteId: 0
cclIp: <cclip>
dataDevices:
- deviceDetails:
id: <data1_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
priority: 2
siteId: 0
cclIp: <cclip>
- deviceDetails:
id: <data2_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
priority: 3
siteId: 0
cclIp: <cclip>
- deviceDetails:
id: <data3_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
priority: 4
siteId: 0
cclIp: <cclip>
metadata:
clusterDeviceGroup:
id: <device_group_id>
type: DeviceGroup
name: <device_group_name>
lastUser:
name: admin
type: User
domain:
id: <domain_uuid>
type: Domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Device Clusters
description: '**Retrieves or modifies the Firewall Threat Defense Cluster record associated with the specified ID. If no ID is specified for a GET, retrieves list of all Firewall Threat Defense Clusters. _Check the response section for applicable examples (if any)._**'
operationId: updateRestFTDClusterDeviceContainer
parameters:
- name: objectId
in: path
description: Identifier of a Firewall Threat Defense Cluster.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Firewall Threat Defense Cluster.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test PUT method to create a FTD Cluster Container Device. )'
: value:
id: 35874370-9957-11e8-af35-2038dcb5d0fa
type: DeviceCluster
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster?offset=0&limit=1&expanded=true
name: <cluster_name>
controlDevice:
deviceDetails:
id: <control_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 1
dataDevices:
- deviceDetails:
id: <data1_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 2
- deviceDetails:
id: <data2_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 3
- deviceDetails:
id: <data3_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 4
ftdClusterBootstrap:
clusterGroupName: <cluster_group_name>
clusterControlLink: <cluster_control_link>
clusterKey: <cluster_key>
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Test PUT(Cluster name change) of cluster container object. Cluster container UUID should be passed as Object id. The name field should contain the new cluster name )'
: value:
id: <cluster_uuid>
name: <new_cluster_name>
action: UPDATE_CLUSTER_NAME
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test PUT method to create a FTD Cluster Container Device. )'
: value:
id: 93cfc470-4f09-11ea-90d0-ec0bf4b0ebe5
name: string
description: Cluster updated successfully
controlDevice:
type: Device
keepLocalEvents: false
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Test PUT(Cluster name change) of cluster container object. Cluster container UUID should be passed as Object id. The name field should contain the new cluster name )'
: value:
id: <cluster_uuid>
type: DeviceCluster
name: <new_cluster_name>
action: UPDATE_CLUSTER_NAME
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Device Clusters
description: '**Retrieves or modifies the Firewall Threat Defense Cluster record associated with the specified ID. If no ID is specified for a GET, retrieves list of all Firewall Threat Defense Clusters. _Check the response section for applicable examples (if any)._**'
operationId: deleteRestFTDClusterDeviceContainer
parameters:
- name: objectId
in: path
description: Identifier of a Firewall Threat Defense Cluster.
required: true
schema:
type: string
- name: filter
in: query
description: Filter to retrieve or delete clusters based upon filter parameters specified. <br/><br/> To delete specific nodes we need <code>"dataDeviceIds:dataDeviceId1,dataDeviceId2,.."</code>. If no filter is provided, whole cluster will be deleted from management center. <br/><br/>For fetching clusters, filter criteria shall be <code>clusterBootstrapSupported:{true|false};analyticsOnly:{true|false}</code> <br/><br/><code>clusterBootstrapSupported</code> -- Allowed values are <code>{true|false}</code><br/><br/><code>analyticsOnly</code> -- Allowed values are <code>{true|false}</code><br/><br/>
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test DELETE method to delete FMC bootstrapped clusters(TPK/VMware/KVM) )'
: value:
id: 35874370-9957-11e8-af35-2038dcb5d0fa
type: DeviceCluster
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster?offset=0&limit=1&expanded=true
name: <cluster_name>
controlDevice:
deviceDetails:
id: <control_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 1
dataDevices:
- deviceDetails:
id: <data1_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 2
- deviceDetails:
id: <data2_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 3
- deviceDetails:
id: <data3_device_UUID>
type: Device
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <cclip>
siteId: 1
priority: 4
ftdClusterBootstrap:
clusterGroupName: <cluster_group_name>
clusterControlLink: <cluster_control_link>
clusterKey: <cluster_key>
? 'Example 2 : DELETE /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test DELETE method to delete FMC managed clusters(9330/4100/AWS/GCP) )'
: value:
id: 31298d34-2ade-11ed-b3d1-d1afe42d9868
type: DeviceCluster
name: <cluster_name>
controlDevice:
deviceDetails:
id: <control_device_UUID>
name: <host_name>
type: Device
dataDevices:
- deviceDetails:
id: <data1_device_UUID>
name: <host_name>
type: Device
- deviceDetails:
id: <data2_device_UUID>
name: <host_name>
type: Device
metadata:
analyticsOnly: false
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftddevicecluster:
get:
tags:
- Device Clusters
description: '**Retrieves or modifies the Firewall Threat Defense Cluster record associated with the specified ID. If no ID is specified for a GET, retrieves list of all Firewall Threat Defense Clusters.**'
operationId: getAllRestFTDClusterDeviceContainer
parameters:
- name: filter
in: query
description: Filter to retrieve or delete clusters based upon filter parameters specified. <br/><br/> To delete specific nodes we need <code>"dataDeviceIds:dataDeviceId1,dataDeviceId2,.."</code>. If no filter is provided, whole cluster will be deleted from management center. <br/><br/>For fetching clusters, filter criteria shall be <code>clusterBootstrapSupported:{true|false};analyticsOnly:{true|false}</code> <br/><br/><code>clusterBootstrapSupported</code> -- Allowed values are <code>{true|false}</code><br/><br/><code>analyticsOnly</code> -- Allowed values are <code>{true|false}</code><br/><br/>
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainerListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Get all paginated FTD Cluster container objects without offset and limit )'
: value:
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster?offset=0&limit=1&expanded=true
items:
- id: <container_uuid>
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/<container_uuid>
name: <cluster_name>
- id: <container_uuid>
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/<container_uuid>
name: <cluster_name>
- id: <container_uuid>
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/<container_uuid>
name: <cluster_name>
paging:
offset: 0
limit: 3
count: 3
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Device Clusters
description: '**Retrieves or modifies the Firewall Threat Defense Cluster record associated with the specified ID. If no ID is specified for a GET, retrieves list of all Firewall Threat Defense Clusters. _Check the response section for applicable examples (if any)._**'
operationId: createRestFTDClusterDeviceContainer
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Firewall Threat Defense Cluster.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test POST method to create a FTD Cluster Container Device. )'
: value:
type: DeviceCluster
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster?offset=0&limit=1&expanded=true
name: <cluster_name>
controlDevice:
deviceDetails:
id: <control_device_UUID>
type: Device
name: <Device_name>
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <127.2.0.1>
siteId: 1
priority: 1
dataDevices:
- deviceDetails:
id: <data1_device_UUID>
type: Device
name: <Device_name>
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <127.2.0.2>
siteId: 2
priority: 2
- deviceDetails:
id: <data2_device_UUID>
type: Device
name: <Device_name>
clusterNodeBootstrap:
localUnit: <localUnit>
cclIp: <127.2.0.3>
siteId: 3
priority: 3
commonBootstrap:
clusterKey: <cluster_key>
cclNetwork: <subnet_mask>
cclInterface:
id: <Interface_UUID>
type: PhysicalInterface
name: <Ethernetx/x>
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster ( Success: Test POST method to create a FTD Cluster Container Device. )'
: value:
id: 93cfc470-4f09-11ea-90d0-ec0bf4b0ebe5
name: test Cluster
description: Cluster IN Progress
controlDevice:
type: Device
keepLocalEvents: false
metadata:
task:
id: "30064773125"
type: TaskStatus
taskType: NGFW_CLUSTER_OPERATIONS
message: <Container Created>
status: IN_PROGRESS
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/RestFTDClusterDeviceContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
? /v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftddevicecluster/{containerUUID}/clusterhealthmonitorsettings/{clusterUuid}
: get:
tags:
- Device Clusters
description: '**Represents health check monitor settings of Firewall Threat Defense Cluster.**'
operationId: getClusterHealthMonitorSettingsModel
parameters:
- name: clusterUuid
in: path
description: Identifier of a Firewall Threat Defense Cluster.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ClusterHealthMonitorSettingsModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/{clusterUuid}/clusterhealthmonitorsettings/{clusterUuid} ( Success:GET method to update health check monitor settings of FTD Cluster )'
: value:
id: clusterUuid
type: ClusterHealthMonitorSetting
holdTime: 3
isHealthCheckEnabled: true
interfaceAutoRejoin:
dataInterface:
attempts: 3
interval: 5
nextInterval: 2
clusterInterface:
attempts: 3
interval: 5
nextInterval: 1
systemAutoRejoin:
attempts: 3
interval: 5
nextInterval: 2
monitorInterface:
debounceTime: 500
isServiceApplicationEnabled: false
unMonitorInterface:
- GigabitEthernet0/1
- GigabitEthernet0/2
? 'Example 2 : GET /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/{clusterUuid}/clusterhealthmonitorsettings/{clusterUuid} ( Success:GET response when health check is disabled )'
: value:
id: clusterUuid
type: ClusterHealthMonitorSetting
isHealthCheckEnabled: false
systemAutoRejoin:
attempts: 3
interval: 5
nextInterval: 2
monitorInterface:
debounceTime: 5000
isServiceApplicationEnabled: true
unMonitorInterface:
- GigabitEthernet0/1
- GigabitEthernet0/2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Device Clusters
description: '**Represents health check monitor settings of Firewall Threat Defense Cluster. _Check the response section for applicable examples (if any)._**'
operationId: updateClusterHealthMonitorSettingsModel
parameters:
- name: clusterUuid
in: path
description: Identifier of a Firewall Threat Defense Cluster.
required: true
schema:
type: string
- name: partialUpdate
in: query
description: This is a query parameter. Default value is <code>false</code>. This field specifies whether to change the entire object or only certain attributes of it. When its value is <code>false</code> the whole object will change, and if the value is <code>true</code> then only the attributes that are specified will change.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Firewall Threat Defense Cluster health check monitor settings.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ClusterHealthMonitorSettingsModel'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ClusterHealthMonitorSettingsModel'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/{clusterUuid}/clusterhealthmonitorsettings/{clusterUuid}?partialUpdate=false ( Success:PUT method to update health check settings )'
: value:
id: clusterUuid
type: ClusterHealthMonitorSetting
holdTime: 3
isHealthCheckEnabled: true
interfaceAutoRejoin:
dataInterface:
attempts: 3
interval: 5
nextInterval: 2
clusterInterface:
attempts: 3
interval: 5
nextInterval: 1
systemAutoRejoin:
attempts: 3
interval: 5
nextInterval: 2
monitorInterface:
debounceTime: 500
isServiceApplicationEnabled: false
unMonitorInterface:
- GigabitEthernet0/1
- GigabitEthernet0/2
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/{clusterUuid}/clusterhealthmonitorsettings/{clusterUuid}?partialUpdate=false ( Success:PUT method to disable health check )'
: value:
id: clusterUuid
type: ClusterHealthMonitorSetting
holdTime: 3
isHealthCheckEnabled: false
interfaceAutoRejoin:
dataInterface:
attempts: 3
interval: 5
nextInterval: 2
clusterInterface:
attempts: 3
interval: 5
nextInterval: 1
systemAutoRejoin:
attempts: 3
interval: 5
nextInterval: 2
monitorInterface:
debounceTime: 500
isServiceApplicationEnabled: false
unMonitorInterface:
- GigabitEthernet0/1
- GigabitEthernet0/2
? 'Example 3 : PUT /fmc_config/v1/domain/DomainUUID/deviceclusters/ftddevicecluster/{clusterUuid}/clusterhealthmonitorsettings/{clusterUuid}?partialUpdate=true ( Success:PUT method with partialUpdate filter to update specific attributes )'
: value:
id: clusterUuid
type: ClusterHealthMonitorSetting
holdTime: 33
isHealthCheckEnabled: true
interfaceAutoRejoin:
clusterInterface:
attempts: 40
interval: 10
monitorInterface:
debounceTime: 5000
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ClusterHealthMonitorSettingsModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/ftdclusterreadinesscheck:
post:
tags:
- Device Clusters
description: '**Represents Cluster compatibility status for control(Readiness to become control) and data devices(compatible with control). This Readiness check is for platforms that support cluster bootstrap from Firewall Management Center (for e.g.4200) _Check the response section for applicable examples (if any)._**'
operationId: createFTDClusterDeviceReadinessContainer
parameters:
- name: skipControlReadiness
in: query
description: 'This is a query parameter, if given as true (skipControlReadiness=true) skips control readiness check and performs data devices compatibility with control. '
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of device details for control and data devices.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDClusterDeviceReadinessContainer'
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDClusterDeviceReadinessContainer'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDClusterDeviceReadinessContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/deviceclusters/{containerUUID}/operational/ftdclusterdevicecommands:
post:
tags:
- Device Clusters
description: '**Executes given command on the Firewall Threat Defense Cluster. For eg: enable cluster, disable cluster, make control. _Check the response section for applicable examples (if any)._**'
operationId: createFTDClusterDeviceCommandContainer
parameters:
- name: filter
in: query
description: Filter are <code>operation</code> and <code>deviceUUID</code>. Value of filter is of format:<code>deviceUUID:device uuid;operation:{enable|disable|control}</code>. <code>'deviceUUID'</code> is UUID of device and is a mandatory field. <code>'operation'</code> is the command that needs to be executed on device and is a mandatory field.
required: true
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDClusterDeviceCommandContainer'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/deviceclusters/ContainerUUID/operational/ftdclusterdevicecommands?filter=deviceUUID:device_uuid;operation:enable ( Success:POST method to execute commands on FTD Cluster )'
: value:
id: clusterUuid
name: clusterName
command: enable
type: DeviceCluster
links:
self: /fmc_config/v1/domain/DomainUUID/deviceclusters/ContainerUUID/operational/ftdclusterdevicecommands?filter=deviceUUID:device_uuid;operation:enable
metadata:
task:
id: <50014672387>
type: TaskStatus
taskType: FTD_CLUSTER_COMMAND
message: Cluster enabling is in progress
status: RUNNING
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDClusterDeviceCommandContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/info/serverversion/{objectId}:
get:
tags:
- System Information
description: '**API Operation for Server Version.**'
operationId: getServerVersion
parameters:
- name: objectId
in: path
description: Unique identifier of the object.
required: true
schema:
type: string
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ServerVersion'
examples:
'Example 1 : GET /fmc_platform/v1/info/serverversion ( Success: Test GET success of a Server Version )':
value:
type: ServerVersion
description: System Version
serverversion: Version Number
links:
self: https://example.cisco.com/api/fmc_platform/v1/info/serverversion
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/api/fmc_platform/v1/info/domain/{domainUUID}/{objectId}:
get:
tags:
- System Information
description: '**API Operation for Domains.**'
operationId: getDomain
parameters:
- name: objectId
in: path
description: Unique identifier of the domain.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Domain'
examples:
'Example 1 : GET /fmc_platform/v1/info/domain ( Success: Test GET success of All Domains )':
value:
type: Domain
Description: List of domains
name: Name of the domain
uuid: UUID of the domain
links:
self: https://example.cisco.com/api/fmc_platform/v1/info/domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the access control policy associated with the specified ID.**'
operationId: getAccessPolicy
parameters:
- name: objectId
in: path
description: Identifier for access control policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyuuid ( Test GET Success of AccessPolicy policy )'
: value:
type: AccessPolicy
name: AccessPolicy1_updated
description: policy to test FMC implementation
defaultAction:
id: id_of_default_action
type: AccessPolicyDefaultAction
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the access control policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateAccessPolicy
parameters:
- name: objectId
in: path
description: Identifier for access control policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the access control policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteAccessPolicy
parameters:
- name: objectId
in: path
description: Identifier for access control policy.
required: true
schema:
type: string
- name: ignoreWarning
in: query
description: Shows any warnings when deleting an access policy, if set to false. If not specified, value is set to true and warnings are ignored. Allowed values are true and false.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
examples:
'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/accesspolicies ( Test DELETE success of AccessPolicy policy )':
value:
type: AccessPolicy
name: AccessPolicy1_updated
description: policy to test FMC implementation
defaultAction:
id: id_of_default_action
type: AccessPolicyDefaultAction
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies:
get:
tags:
- Policy
description: '**Retrieves list of all access control policies.**'
operationId: getAllAccessPolicy
parameters:
- name: name
in: query
description: If parameter is specified, only the policy matching with the specified name will be displayed.
required: false
schema:
type: string
- name: filter
in: query
description: 'Value is of format (including quotes): <code>"locked:{true|false}"</code><br/><code>locked</code>query parameter when set to ''true'' returns list of Access Policies which are locked and when set to ''false'' returns policies which are unlocked.'
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies ( Test GET ALL Success of AccessPolicy policy )':
value:
links: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies?offset=0&limit=2
items:
- type: AccessPolicy
name: AccessPolicy1_updated
description: policy to test FMC implementation
defaultAction:
id: id_of_default_action
type: AccessPolicyDefaultAction
- type: AccessPolicy
name: AccessPolicy2_updated
description: policy to test FMC implementation
defaultAction:
id: id_of_default_action
type: AccessPolicyDefaultAction
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates an access control policy. _Check the response section for applicable examples (if any)._**'
operationId: createAccessPolicy
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of access control policy.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies ( Success: POST method for AccessPolicy with minimum required fields )'
: value:
type: AccessPolicy
name: AccessPolicy1
defaultAction:
action: BLOCK
'Example 2 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies ( Success: Test POST method for AccessPolicy )':
value:
type: AccessPolicy
name: AccessPolicy1
description: policy to test FMC implementation
defaultAction:
intrusionPolicy:
id: id_of_existing_or_new_intrusion_policy
type: IntrusionPolicy
variableSet:
id: id_of_variableSet_to_be_added
type: VariableSet
snmpConfig:
id: id_of_snmpConfig_object
type: SNMPAlert
syslogConfig:
id: id_of_syslog_object
type: SyslogAlert
type: AccessPolicyDefaultAction
logBegin: true/false
logEnd: true/false
sendEventsToFMC: true/false
action: any_allowed_action_enum
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/accessrules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the access control rule associated with the specified policy ID and rule ID.**'
operationId: getAccessRule
parameters:
- name: objectId
in: path
description: Unique identifier of an access control rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessruleUUID ( Success: Test GET method for Access rule )'
: value:
metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessruleUUID
action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
ipsPolicy:
name: Connectivity Over Security
id: ipsPolicyUUID
type: IntrusionPolicy
timeRangeObjects:
- type: TimeRange
name: TestTimeRange
id: TimeRangeUUID
originalSourceNetworks: {}
id: accessruleUUID
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: vlanTagUUID
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: categoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: sourceZoneObjectUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: destinationZonesUUID
type: SecurityZone
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: variableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
applications:
applications:
- id: "1553"
type: Application
name: 1&1 Internet
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the access control rule associated with the specified policy ID and rule ID. _Check the response section for applicable examples (if any)._**'
operationId: updateAccessRule
parameters:
- name: objectId
in: path
description: Unique identifier of an access control rule.
required: true
schema:
type: string
- name: partialUpdate
in: query
description: This field specifies whether to change the entire object or only certain attributes of it. When its value is false the whole object will change, and if the value is true then only the attributes that are specified will change. The default value of this field is false.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID1 ( Test PUT of access rule )'
: value:
action: ALLOW
enabled: false
type: AccessRule
name: Rule2
sendEventsToFMC: false
id: accessRuleUUID1
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true ( PUT Bulk update of Access rules )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the access control rule associated with the specified policy ID and rule ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteAccessRule
parameters:
- name: objectId
in: path
description: Unique identifier of an access control rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID ( Test DELETE of Access rule )'
: value:
metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID
action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
ipsPolicy:
name: Connectivity Over Security
id: IntrusionPolicyUUID
type: IntrusionPolicy
originalSourceNetworks: {}
id: accessRuleUUID
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
applications:
applications:
- id: "1553"
type: Application
name: 1&1 Internet
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/accessrules:
get:
tags:
- Policy
description: '**Retrieves list of all access rules associated with the specified policy ID.**'
operationId: getAllAccessRule
parameters:
- name: filter
in: query
description: For GetAll Filter criteria can be specified using the format <code>"name:filterName;timeRange:true;action:filterAction;sourceNetworks:filterValue1,filterValue2...."</code>.<br/>Supported filter criteria are "name","timeRange","action","sourceNetworks","destinationNetworks","sourcePorts","destinationPorts","sourceZones","destinationZones","applications","sourceDynamicObjects","destinationDynamicObjects","vlanTags","comments","users","urls","intrusionPolicy","sourceSecurityGroupTags","fts".
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRuleListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules ( Success: Test GET ALL success )'
: value:
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?offset=0&limit=1
items:
- links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID1
type: AccessRule
name: Rule1
id: accessRuleUUID1
- links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID2
type: AccessRule
name: Rule2
id: accessRuleUUID2
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?expanded=true ( Success: Test GET ALL success with expanded=true )'
: value:
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?offset=0&limit=2
items:
- metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID2
action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
originalSourceNetworks: {}
id: accessRuleUUID2
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID
sourceNetworks: {}
destinationNetworks: {}
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
- metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID1
action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
ipsPolicy:
name: Connectivity Over Security
id: IntrusionPolicyUUID
type: IntrusionPolicy
originalSourceNetworks: {}
id: accessRuleUUID1
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZone
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZone
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
applications:
applications:
- id: applictaionUUID
type: Application
name: 1&1 Internet
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies all the access rules. _Check the response section for applicable examples (if any)._**'
operationId: updateMultipleAccessRule
parameters:
- name: bulk
in: query
description: This parameter specifies that bulk put operation is being used in the query. This parameter is required for bulk edit rule operations.
required: true
schema:
type: boolean
- name: partialUpdate
in: query
description: This field specifies whether to change the entire object or only certain attributes of it. When its value is false the whole object will change, and if the value is true then only the attributes that are specified will change. The default value of this field is false.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID1 ( Test PUT of access rule )'
: value:
action: ALLOW
enabled: false
type: AccessRule
name: Rule2
sendEventsToFMC: false
id: accessRuleUUID1
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true ( PUT Bulk update of Access rules )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates access control rules. _Check the response section for applicable examples (if any)._**'
operationId: createMultipleAccessRule
parameters:
- name: bulk
in: query
description: This parameter specifies that bulk operation is being used in the query. This parameter is required for bulk rule operations.
required: false
schema:
type: boolean
- name: insertAfter
in: query
description: This parameter specifies that the rules will be inserted after the specified rule index. If no section or category is specified, the rules will be added to the section or category after the insertion point. insertBefore takes precedence over insertAfter - if both are specified, the insertBefore parameter will apply.
required: false
schema:
type: number
- name: insertBefore
in: query
description: This parameter specifies that the rules will be inserted before the specified rule index. If no section or category is specified, the rules will be added to the section or category before the insertion point. insertBefore takes precedence over insertAfter - if both are specified, the insertBefore parameter will apply.
required: false
schema:
type: number
- name: section
in: query
description: This parameter specifies the section into which the rules will be added. If this parameter is not used the section will be the default section. Only mandatory and default are allowed values. If a section is specified, a category cannot be specified.
required: false
schema:
type: string
- name: category
in: query
description: This parameter specifies the category into which the rules will be added. If a category is specified it must exist or the request will fail. If a section is specified, a category cannot be specified.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input access control rule model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
examples:
'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules ( Test POST of Access rule )':
value:
action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 2 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true ( POST Bulk insert of Access rules )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 3 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true&amp;section={mandatory | default} ( POST Bulk insert of Access rules into mandatory or default section )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 4 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true&amp;section={mandatory | default}&insertAfter=RuleIndex ( POST Bulk insert of Access rule into section after an index )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 5 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true&amp;section={mandatory | default}&insertBefore=RuleIndex ( POST Bulk insert of Access rule into section before an index )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 6 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true&category=NameOfCategory ( POST Bulk insert of Access rule into a category )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 7 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true&category=NameOfCategory&insertAfter=RuleIndex ( POST Bulk insert of Access rule into category after an index )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
timeRangeObjects:
- type: TimeRange
name: TestTimeRange
id: TimeRangeUUID
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 8 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true&category=NameOfCategory&insertBefore=RuleIndex ( POST Bulk insert of Access rule into category before an index )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
timeRangeObjects:
- type: TimeRange
name: TestTimeRange
id: TimeRangeUUID
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 9 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules?bulk=true ( POST Bulk insert of Access rules )'
: value:
- action: ALLOW
enabled: true
type: AccessRule
name: Rule1
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
timeRangeObjects:
- type: TimeRange
name: TestTimeRange
id: TimeRangeUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
- action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
ipsPolicy:
type: IntrusionPolicy
id: ipsPolicyUuid
name: ipsPlicyName
filePolicy:
type: FilePolicy
id: filePolicyUuid
name: filePolicyName
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes all the access control rules. _Check the response section for applicable examples (if any)._**'
operationId: deleteMultipleAccessRule
parameters:
- name: bulk
in: query
description: This parameter specifies that bulk delete operation is being used in the query. This parameter is required for bulk delete rule operations.
required: true
schema:
type: boolean
- name: filter
in: query
description: 'For bulk delete needs the filter="ids:" and with <code>bulk=true</code> flag, Value is of format (including quotes): <code>"ids:id1,id2,..."</code>.<br/><code>ids</code> is a comma-separated list of rule IDs to be deleted.<br/>Supported filter criteria are "name","timeRange","action","sourceNetworks","destinationNetworks","sourcePorts","destinationPorts","sourceZones","destinationZones","applications","sourceDynamicObjects","destinationDynamicObjects","vlanTags","comments","users","urls","intrusionPolicy","sourceSecurityGroupTags","fts".'
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessRule'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID ( Test DELETE of Access rule )'
: value:
metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/accessrules/accessRuleUUID
action: ALLOW
enabled: true
type: AccessRule
name: Rule2
sendEventsToFMC: false
ipsPolicy:
name: Connectivity Over Security
id: IntrusionPolicyUUID
type: IntrusionPolicy
originalSourceNetworks: {}
id: accessRuleUUID
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID
urls:
urlCategoriesWithReputation:
- type: UrlCategoryAndReputation
category:
name: Weapons
id: URLCategoryUUID
type: URLCategory
reputation: BENIGN_SITES_WITH_SECURITY_RISKS
sourceZones:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationZones:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourceDynamicObjects:
objects:
- name: SourceDynamicObject
id: dynamicObjectUUID
type: DynamicObject
destinationDynamicObjects:
objects:
- name: destinationDynamicObject
id: dynamicObjectUUID
type: DynamicObject
logFiles: false
logBegin: false
logEnd: false
variableSet:
name: Default Set
id: VariableSetUUID
type: VariableSet
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
applications:
applications:
- id: "1553"
type: Application
name: 1&1 Internet
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/defaultactions/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the default action associated with the specified access control policy ID and default action ID.**'
operationId: getDefaultAction
parameters:
- name: objectId
in: path
description: Unique identifier of a default action.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DefaultAction'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/ac_pol_uuid/defaultactions?expanded=true ( Test GET Success of AccessPolicy default action )'
: value:
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/defaultactions?offset=0&limit=1
items:
- variableSet:
name: Default Set
id: variableSetUUID
type: VariableSet
action: PERMIT
type: AccessPolicyDefaultAction
intrusionPolicy:
name: Balanced Security and Connectivity
id: instrusionPolicyUUID
type: IntrusionPolicy
sendEventsToFMC: true
logBegin: true
logEnd: true
snmpConfig:
name: snmp_alert1
id: snmpConfigUUID
type: SNMPAlert
id: defaultActionUUID
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the default action associated with the specified access control policy ID and default action ID. _Check the response section for applicable examples (if any)._**'
operationId: updateDefaultAction
parameters:
- name: objectId
in: path
description: Unique identifier of a default action.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DefaultAction'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DefaultAction'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DefaultAction'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/loggingsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves logging setting associated with the specified access control policy ID and default action ID.**'
operationId: getAccessPolicyLoggingSettingModel
parameters:
- name: objectId
in: path
description: Unique identifier of a logging setting.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyLoggingSettingModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/ac_pol_uuid/loggingsettings?expanded=true ( Test GET Success of AccessPolicy logging settings )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/accesspolicies/ac_policy_id/loggingsettings?offset=0&limit=1&expanded=true
items:
- metadata:
timestamp: 0
syslogConfigFromPlatformSetting: true
severityForPlatformSettingSyslogConfig: CRIT
syslogConfig:
name: test
id: 8014f0d4-6a33-11e8-8755-90aed85e80f0
type: SyslogAlert
enableFileAndMalwareSyslog: true
fileAndMalwareSyslogSeverity: ALERT
fileAndMalwareSyslogConfig:
name: test
id: 3f7ce75e-fd1b-11e8-8a68-ca0898f23acf
type: SyslogAlert
type: LoggingSetting
id: 005056A9-9F80-0ed3-0000-030064771231
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the logging setting associated with the specified access control policy ID and default action ID. _Check the response section for applicable examples (if any)._**'
operationId: updateAccessPolicyLoggingSettingModel
parameters:
- name: objectId
in: path
description: Unique identifier of a logging setting.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyLoggingSettingModel'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyLoggingSettingModel'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyLoggingSettingModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/operational/hitcounts:
get:
tags:
- Policy
description: '**[DEV ERROR: Missing description]**'
operationId: getHitCount
parameters:
- name: filter
in: query
description: '[DEV ERROR: Missing description]'
required: true
schema:
type: string
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/HitCountListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true ( Success: Test GET ALL method for HitCount )'
: value:
link:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true
items:
- metadata:
policy:
type: AccessPolicy
name: <Access Policy Name>
id: id_of_access_policy
domain:
name: Global
id: id_of_global_domain
type: Domain
deviceRuleId: access_rule_id_on_ftd
ruleIndex: access_rule_name
link:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId};ids:{id_of_access_rule_1}"&expanded=true
lastFetchTimeStamp: "1997-07-16T19:20:30Z"
type: AccessRule
hitCount: 90
rule:
id: id_of_access_rule_1
type: AccessRule
name: <Access Rule Name 1>
firstHitTimeStamp: "1997-07-16T19:20:30Z"
lastHitTimeStamp: "1997-07-16T19:20:30Z"
- metadata:
policy:
type: AccessPolicy
name: <Access Policy Name>
id: id_of_access_policy
domain:
name: Global
id: id_of_global_domain
type: Domain
deviceRuleId: access_rule_id_on_ftd
ruleIndex: access_rule_name
link:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId};ids:{id_of_access_rule_2}"&expanded=true
lastFetchTimeStamp: "1997-07-16T19:20:30Z"
hitCount: 0
rule:
id: id_of_access_rule_2
type: AccessRule
name: <Access Rule Name 2>
firstHitTimeStamp: "1997-07-16T19:20:30Z"
lastHitTimeStamp: "1997-07-16T19:20:30Z"
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**[DEV ERROR: Missing description] _Check the response section for applicable examples (if any)._**'
operationId: updateHitCount
parameters:
- name: filter
in: query
description: '[DEV ERROR: Missing description]'
required: true
schema:
type: string
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/HitCount'
examples:
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="{filterString}";expanded=true ( Test PUT (Refresh) of HitCount )'
: value:
link:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true
metadata:
task:
id: task_id
type: TaskStatus
links:
self: link_to_task_status
type: HitCount
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/HitCount'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="{filterString}";expanded=true ( Test PUT (Refresh) of HitCount )'
: value:
link:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true
metadata:
task:
id: task_id
type: TaskStatus
links:
self: link_to_task_status
type: HitCount
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**[DEV ERROR: Missing description] _Check the response section for applicable examples (if any)._**'
operationId: deleteHitCount
parameters:
- name: filter
in: query
description: '[DEV ERROR: Missing description]'
required: true
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/HitCount'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/containerUUID/operational/hitcounts?filter="{filterString}";expanded=true ( Test DELETE (Clear) of HitCount )'
: value: {}
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/categories/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the category associated with the specified policy ID.**'
operationId: getAccessPolicyCategory
parameters:
- name: objectId
in: path
description: Unique identifier of a category.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories/categoryUUID ( Test GET of AccessPolicyCategory to get a record )'
: value:
id: id_of_category
type: Category
name: Category0001
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories/categoryUUID
metadata:
section: Section Name
startIndex: index of the first Access Rule inside the category
endIndex: index of the last Access Rule inside the category
accessPolicy:
name: access_policy_name
type: AccessPolicy
id: id_of_access_policy
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the category associated with the specified policy ID. _Check the response section for applicable examples (if any)._**'
operationId: updateAccessPolicyCategory
parameters:
- name: objectId
in: path
description: Unique identifier of a category.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories/categoryUUID ( Test PUT of AccessPolicyInheritanceSetting to update the record )'
: value:
id: id_of_category
type: Category
name: Category0001
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the category associated with the specified policy ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteAccessPolicyCategory
parameters:
- name: objectId
in: path
description: Unique identifier of a category.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories/categoryUUID ( Test DELETE of AccessPolicyCategory to delete a record )'
: value:
id: id_of_category
type: Category
name: Category0001
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories/categoryUUID
metadata:
section: Section Name
startIndex: index of the first Access Rule inside the category
endIndex: index of the last Access Rule inside the category
accessPolicy:
name: access_policy_name
type: AccessPolicy
id: id_of_access_policy
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/categories:
get:
tags:
- Policy
description: '**Retrieves the list of all categories associated with the specified policy ID.**'
operationId: getAllAccessPolicyCategory
parameters:
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategoryListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories?expanded=true ( Test GET ALL Success of AccessPolicyCategory )'
: value:
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories?offset=0&limit=1
items:
- id: id_of_category
type: Category
name: Category0001
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories/categoryUUID
metadata:
section: Section Name
startIndex: index of the first Access Rule inside the category
endIndex: index of the last Access Rule inside the category
accessPolicy:
name: access_policy_name
type: AccessPolicy
id: id_of_access_policy
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates a list of all categories associated with the specified policy ID. _Check the response section for applicable examples (if any)._**'
operationId: createAccessPolicyCategory
parameters:
- name: section
in: query
description: Retrieves, creates or modifies category in given section. Allowed value is mandatory and default.
required: false
schema:
type: string
- name: aboveCategory
in: query
description: creates category above specified category.
required: false
schema:
type: string
- name: insertBefore
in: query
description: creates category above given rule index.
required: false
schema:
type: string
- name: insertAfter
in: query
description: creates category below given rule index.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input category model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/categories ( Test POST of AccessPolicyCategory to create new record )'
: value:
type: Category
name: Category0001
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyCategory'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/inheritancesettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the inheritance settings associated with specified Access Policy.**'
operationId: getAccessPolicyInheritanceSetting
parameters:
- name: objectId
in: path
description: Unique identifier of the Access Policy Inheritance Setting.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyInheritanceSetting'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/inheritancesettings/inheritanceSettingUUID ( Test GET of AccessPolicyInheritanceSetting to get a record )'
: value:
type: AccessPolicyInheritanceSetting
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/inheritancesettings/inheritanceSettingUUID
basePolicy:
type: AccessPolicy
id: id_of_base_policy
name: Base Policy Name
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/basePolicyUUID/
metadata:
timestamp: 12345678
id: inheritanceSettingUUID
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the inheritance settings associated with specified Access Policy. _Check the response section for applicable examples (if any)._**'
operationId: updateAccessPolicyInheritanceSetting
parameters:
- name: objectId
in: path
description: Unique identifier of the Access Policy Inheritance Setting.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyInheritanceSetting'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/inheritancesettings/inheritanceSettingUUID ( Test PUT of AccessPolicyInheritanceSetting to update the record )'
: value:
type: AccessPolicyInheritanceSetting
id: id_of_inheritance_settings
basePolicy:
type: AccessPolicy
id: id_of_base_policy
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyInheritanceSetting'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicyInheritanceSetting'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/accesspolicies/{containerUUID}/securityintelligencepolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the security intelligence policy associated with the specified Access Policy.**'
operationId: getAccessPolicySecurityIntelligencePolicy
parameters:
- name: objectId
in: path
description: Unique identifier of the Security Intelligence policy associated with an Access Policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/AccessPolicySecurityIntelligencePolicy'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/securityintelligencepolicies/securityintelligencepolicyUUID ( Test GET of AccessPolicySecurityIntelligencePolicies to get a record )'
: value:
type: SecurityIntelligencePolicy
id: securityIntelligencePolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/accesspolicies/accesspolicyUUID/securityintelligencepolicies/securityintelligencepolicyUUID
urls:
allowlist:
- sourceZone:
name: SecurityZone
id: SecurityZoneUUID
type: SecurityZone
links:
self: /fmc_config/v1/domain/DomainUUID/object/securityzones/SecurityZoneUUID
url:
name: SIURLListObject
id: SIURLListObjectUUID
type: SIURLList
links:
self: /fmc_config/v1/domain/DomainUUID/object/siurllists/SIURLListObjectUUID
blocklist:
- sourceZone:
name: SecurityZone
id: SecurityZoneUUID
type: SecurityZone
links:
self: /fmc_config/v1/domain/DomainUUID/object/securityzones/SecurityZoneUUID
url:
name: SIURLFeed
id: SIURLFeedUUID
type: SIURLFeed
links:
self: /fmc_config/v1/domain/DomainUUID/object/siurlfeeds/SIURLFeedUUID
blocklistLogging:
enableLogging: false
sendLogsToSyslogServer: true
sendLogsToEventViewer: true
networks:
allowlist:
- network:
name: SINetworkList
id: SINetworkListUUID
type: SINetworkList
links:
self: /fmc_config/v1/domain/DomainUUID/object/sinetworklists/SINetworkListUUID
blocklist:
- network:
name: Network
id: NetworkUUID
type: Network
links:
self: /fmc_config/v1/domain/DomainUUID/object/networks/NetworkUUID
blocklistLogging:
enableLogging: false
sendLogsToSyslogServer: true
sendLogsToEventViewer: true
metadata:
timestamp: 1601475473350
dnsPolicy:
blocklistLogging:
enableLogging: false
sendLogsToSyslogServer: true
sendLogsToEventViewer: true
links:
self: /fmc_config/v1/domain/DomainUUID/policy/dnspolicies/DNSPolicyUUID
type: DNSPolicy
name: name of the DNS policy
id: DNSPolicyUUID
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the NAT policy associated with the specified ID.**'
operationId: getFTDNatPolicy
parameters:
- name: objectId
in: path
description: Identifier for NAT policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid ( Example payloads for GET on NAT policy. )'
: value:
type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1
rules:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1/natrules
name: NatPol
description: nat policy for testing
id: natPolUuid1
'Example 2 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies ( Example payloads for GET listing on NAT policy. )':
value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies?offset=0&limit=2
items:
- type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1
name: NatPol
id: natPolUuid1
- type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid2
name: NatPol2
id: natPolUuid2
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 3 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies?expanded=true ( Example payload for GET on NAT policy with expanded=true )'
: value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies?offset=0&limit=2&expanded=true
items:
- type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1
rules:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1/natrules
name: NatPol
description: nat policy 1 for testing
id: natPolUuid1
- type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid2
rules:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid2/natrules
name: NatPol2
description: Some description
id: natPolUuid2
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the NAT policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDNatPolicy
parameters:
- name: objectId
in: path
description: Identifier for NAT policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the NAT policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFTDNatPolicy
parameters:
- name: objectId
in: path
description: Identifier for NAT policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
examples:
? 'Example 1 : DELETE /api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolicyUuid ( Example payload for DELETE on NAT policy. )'
: value:
type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/natpolicies/natPolicyUuid
rules:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/natpolicies/natPolicyUuid/natrules
name: UpdatedNatPolName
description: Updated description
id: natPolicyUuid
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies:
get:
tags:
- Policy
description: '**Retrieves list of all NAT policies.**'
operationId: getAllFTDNatPolicy
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicyListContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Create a new NAT policy. _Check the response section for applicable examples (if any)._**'
operationId: createFTDNatPolicy
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of NAT policy.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
examples:
'Example 1 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies ( Example payloads for POST on NAT policy. )':
value:
type: FTDNatPolicy
name: NatPol5
description: nat policy for testing rest api
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatPolicy'
examples:
'Example 1 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies ( Example payloads for POST on NAT policy. )':
value:
type: FTDNatPolicy
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1
rules:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftdnatpolicies/natPolUuid1/natrules
name: NatPol5
description: nat policy for testing rest api
id: natPolUuid1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/autonatrules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the Auto NAT rule associated with the specified ID.**'
operationId: getFTDAutoNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of an Auto NAT rule.
required: true
schema:
type: string
- name: section
in: query
description: Retrieves Auto NAT rule in given section. Allowed value is auto.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid1 ( Example payload for GET request on auto NAT rules. )'
: value:
metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid
name: IPv4-Multicast
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid
name: IPv4-Link-Local
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
id: autoNatRuleUuid
? 'Example 2 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for GET listing on auto NAT rules )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?offset=0&limit=6
items:
- links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDAutoNatRule
id: autoNatRuleUuid1
- links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDAutoNatRule
id: autoNatRuleUuid2
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the Auto NAT rule associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDAutoNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of an Auto NAT rule.
required: true
schema:
type: string
- name: partialUpdate
in: query
description: This field specifies whether to change the entire object or only certain attributes of it. When its value is false the whole object will change, and if the value is true then only the attributes that are specified will change. The default value of this field is false.
required: false
schema:
type: boolean
- name: section
in: query
description: Modifies auto NAT rule in given section. Allowed value is auto.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules )'
: value:
originalNetwork:
type: Network
id: Network object uuid
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules with PAT options. )'
: value:
originalNetwork:
type: Network
id: Network object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
id: autoNatRuleUuid
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true ( Example payload for BULK PUT request on Auto NAT rules with bulk=true )'
: value:
- originalNetwork:
type: Network
id: Network object uuid1
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid1
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
- originalNetwork:
type: Network
id: Network object uuid2
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid2
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=false ( Example payload for BULK PUT request on Auto NAT rules with bulk=false )'
: value:
originalNetwork:
type: Network
id: Network object uuid1
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid1
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules with PAT options. )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true ( Example payload for BULK PUT request on Auto NAT rules with bulk=true )'
: value:
- metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid1
originalNetwork:
type: Network
id: Network object uuid1
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
- metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid2
originalNetwork:
type: Network
id: Network object uuid2
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=false ( Example payload for BULK PUT request on Auto NAT rules with bulk=false )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid1
originalNetwork:
type: Network
id: Network object uuid1
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the Auto NAT rule associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFTDAutoNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of an Auto NAT rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for DELETE request on Auto NAT rules with PAT options. )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 2 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:networkObj1;ids:autoNatRuleUuid1,autoNatRuleUuid2" ( Example payload for DELETE on Auto NAT rules with ?bulk=true and filter with originalSource and id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:networkObj1;ids:autoNatRuleUuid1,autoNatRuleUuid2"
items:
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid2
name: networkObj2
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid1
name: networkObj1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid3
name: networkObj3
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid1
name: networkObj1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid2
? 'Example 3 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2" ( Example payload for DELETE on Auto NAT rules with ?bulk=true and filter with originalSource )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2"
items:
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid1
name: translatedNetworkName1
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid2
name: originalSourceName1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid
name: translatedNetworkName2
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid3
name: originalSourceName2
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
id: autoNatRuleUuid2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/autonatrules:
get:
tags:
- Policy
description: '**Retrieves list of all Auto NAT rules.**'
operationId: getAllFTDAutoNatRule
parameters:
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;translatedSource:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;translatedSourcePort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to fetch</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>'
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRuleListContainer'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?expanded=true ( Example payload for GET ALL listing with ?expanded=true )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?offset=0&limit=2&expanded=true
items:
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid
name: IPv4-Multicast
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid
name: IPv4-Link-Local
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
id: autoNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489032251323
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
originalNetwork:
type: Network
id: networkObjUuid
name: IPv4-Multicast
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
id: autoNatRuleUuid2
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?filter="ids:autoNatRuleUuid1,autoNatRuleUuid2"&expanded=true ( Example payload for GET ALL listing with ?expanded=true and filter with ids )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?offset=0&limit=25&filter="ids:autoNatRuleUuid1,autoNatRuleUuid2"&expanded=true
items:
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid
name: IPv4-Multicast
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid
name: IPv4-Link-Local
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
id: autoNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489032251323
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
originalNetwork:
type: Network
id: networkObjUuid
name: IPv4-Multicast
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
id: autoNatRuleUuid2
paging:
offset: 0
limit: 25
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies multiple Auto NAT rules. _Check the response section for applicable examples (if any)._**'
operationId: updateMultipleFTDAutoNatRule
parameters:
- name: bulk
in: query
description: Enables bulk modify actions for Auto NAT rules.
required: false
schema:
type: boolean
- name: partialUpdate
in: query
description: This field specifies whether to change the entire object or only certain attributes of it. When its value is false the whole object will change, and if the value is true then only the attributes that are specified will change. The default value of this field is false.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules )'
: value:
originalNetwork:
type: Network
id: Network object uuid
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules with PAT options. )'
: value:
originalNetwork:
type: Network
id: Network object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
id: autoNatRuleUuid
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true ( Example payload for BULK PUT request on Auto NAT rules with bulk=true )'
: value:
- originalNetwork:
type: Network
id: Network object uuid1
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid1
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
- originalNetwork:
type: Network
id: Network object uuid2
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid2
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=false ( Example payload for BULK PUT request on Auto NAT rules with bulk=false )'
: value:
originalNetwork:
type: Network
id: Network object uuid1
translatedNetwork:
type: Network
id: Network object uuid
id: autoNatRuleUuid1
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for PUT request on Auto NAT rules with PAT options. )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true ( Example payload for BULK PUT request on Auto NAT rules with bulk=true )'
: value:
- metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid1
originalNetwork:
type: Network
id: Network object uuid1
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
- metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid2
originalNetwork:
type: Network
id: Network object uuid2
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=false ( Example payload for BULK PUT request on Auto NAT rules with bulk=false )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid1
originalNetwork:
type: Network
id: Network object uuid1
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates Auto NAT rules. _Check the response section for applicable examples (if any)._**'
operationId: createMultipleFTDAutoNatRule
parameters:
- name: bulk
in: query
description: Enables bulk create actions for Auto NAT rules.
required: false
schema:
type: boolean
- name: section
in: query
description: Creates auto NAT rule in given section. Allowed value is auto.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Auto NAT rule model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for POST request on auto NAT rules. )'
: value:
originalNetwork:
type: Network
id: Network object uuid
translatedNetwork:
type: Network
id: Network object uuid
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 2 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for POST request on auto NAT rules with PAT block-allocation. )'
: value:
originalNetwork:
type: Network
id: Network object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: false
roundRobin: true
extendedPat: false
flatPortRange: false
blockAllocation: true
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 3 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for POST request on auto NAT rules with interface in translated network )'
: value:
originalNetwork:
type: Network
id: Network object uuid
interfaceInTranslatedNetwork: true
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
? 'Example 4 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true ( Example payload for bulk POST on auto NAT rules )'
: value:
- type: FTDAutoNatRule
originalNetwork:
type: Network
name: net_obj_name
id: net_obj_id
serviceProtocol: TCP
originalPort: 123
translatedNetwork:
type: Network
name: net_obj_name
id: net_obj_id
translatedPort: 234
interfaceInTranslatedNetwork: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
fallThrough: false
natType: STATIC
sourceInterface:
name: sec_zone_name
id: sec_zone_id
type: SecurityZone
interfaceIpv6: false
destinationInterface:
name: sec_zone_name
id: sec_zone_id
type: SecurityZone
- type: FTDAutoNatRule
originalNetwork:
type: Network
name: net_obj_name
id: net_obj_id
originalPort: 0
translatedPort: 0
interfaceInTranslatedNetwork: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
fallThrough: false
patOptions:
roundRobin: false
patPoolAddress:
type: Network
name: net_obj_name
id: net_obj_id
interfacePat: false
includeReserve: false
flatPortRange: true
extendedPat: false
natType: DYNAMIC
sourceInterface:
name: sec_zone_name
id: sec_zone_id
type: SecurityZone
interfaceIpv6: false
destinationInterface:
name: sec_zone_name
id: sec_zone_id
type: SecurityZone
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for POST request on auto NAT rules. )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
translatedNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 2 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for POST request on auto NAT rules with PAT block-allocation. )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: false
roundRobin: true
extendedPat: false
flatPortRange: false
blockAllocation: true
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 3 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules ( Example payload for POST request on auto NAT rules with interface in translated network )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
interfaceInTranslatedNetwork: true
type: FTDAutoNatRule
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes all Auto NAT rules. _Check the response section for applicable examples (if any)._**'
operationId: deleteMultipleFTDAutoNatRule
parameters:
- name: bulk
in: query
description: Enables bulk delete actions for Auto NAT rules.
required: true
schema:
type: boolean
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;translatedSource:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;translatedSourcePort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to delete</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>'
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDAutoNatRule'
examples:
? 'Example 1 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid ( Example payload for DELETE request on Auto NAT rules with PAT options. )'
: value:
metadata:
section: AUTO
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: autoNatRuleUuid
originalNetwork:
type: Network
id: Network object uuid
name: Network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
sourceInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
destinationInterface:
id: security zone uuid
type: SecurityZone
name: Security zone object name
type: FTDAutoNatRule
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
? 'Example 2 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:networkObj1;ids:autoNatRuleUuid1,autoNatRuleUuid2" ( Example payload for DELETE on Auto NAT rules with ?bulk=true and filter with originalSource and id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:networkObj1;ids:autoNatRuleUuid1,autoNatRuleUuid2"
items:
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid2
name: networkObj2
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid1
name: networkObj1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid3
name: networkObj3
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid1
name: networkObj1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid2
? 'Example 3 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2" ( Example payload for DELETE on Auto NAT rules with ?bulk=true and filter with originalSource )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2"
items:
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid1
name: translatedNetworkName1
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid2
name: originalSourceName1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid
name: translatedNetworkName2
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid3
name: originalSourceName2
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
id: autoNatRuleUuid2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/manualnatrules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the Manual NAT rule associated with the specified ID.**'
operationId: getFTDManualNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of a Manual NAT rule.
required: true
schema:
type: string
- name: section
in: query
description: Retrieves manual NAT rule in given section. Allowed value is before_auto and after_auto.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1 ( Example payload for GET on Manual NAT rules. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: any
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid2
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid1
? 'Example 2 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for GET listing on manual NAT rules. )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?offset=0&limit=6
items:
- links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDManualNatRule
id: manualNatRuleUuid1
- links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDManualNatRule
id: manualNatRuleUuid2
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the Manual NAT rule associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDManualNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of a Manual NAT rule.
required: true
schema:
type: string
- name: partialUpdate
in: query
description: This field specifies whether to change the entire object or only certain attributes of it. When its value is false the whole object will change, and if the value is true then only the attributes that are specified will change. The default value of this field is false.
required: false
schema:
type: boolean
- name: section
in: query
description: Modifies manual NAT rule in given section. Allowed value is before_auto and after_auto.
required: false
schema:
type: string
- name: targetIndex
in: query
description: Modifies manual NAT rule at given targetIndex. It takes an integer value.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid ( Example payload for PUT on manual NAT rules. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true ( Example payload for PUT on manual NAT rules with bulk=true. )'
: value:
- originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid1
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid1
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
- originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid2
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid2
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=false ( Example payload for BULK PUT on manual NAT rules with bulk=false. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5 ( Example payload for PUT on manual NAT rules with ''targetIndex'' query param. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: true
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 5 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5&amp;section=before_auto ( Example payload for PUT on manual NAT rules with ''targetIndex'' and ''section'' query param. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: true
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid ( Example payload for PUT on manual NAT rules. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true ( Example payload for PUT on manual NAT rules with bulk=true. )'
: value:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid1
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid2
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=false ( Example payload for BULK PUT on manual NAT rules with bulk=false. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5 ( Example payload for PUT on manual NAT rules with ''targetIndex'' query param. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
unidirectional: true
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 5 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5&amp;section=before_auto ( Example payload for PUT on manual NAT rules with ''targetIndex'' and ''section'' query param. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
unidirectional: true
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the Manual NAT rule associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFTDManualNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of a Manual NAT rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid ( Example payload for DELETE on manual NAT rule. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/?bulk=true&filter="originalSource:originalSourceName1;ids:manualNatRuleUuid1,manualNatRuleUuid2" ( Example payload for DELETE ALL on NAT rules with ?bulk=true and filter with original source and id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/?bulk=true&filter="originalSource:originalSourceName1;ids:manualNatRuleUuid1,manualNatRuleUuid2"
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid1
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore2
id: secZoneObjUuid2
type: SecurityZone
id: ids:manualNatRuleUuid1
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid1
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual3
id: secZoneObjUuid3
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore4
id: secZoneObjUuid4
type: SecurityZone
id: ids:manualNatRuleUuid2
? 'Example 3 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2" ( Example payload for DELETE ALL on Manual NAT rules with ?bulk=true and filter with originalSource )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2"
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid1
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: originalSourceName2
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/manualnatrules:
get:
tags:
- Policy
description: '**Retrieves list of all Manual NAT rules.**'
operationId: getAllFTDManualNatRule
parameters:
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;originalDestination:name1/value1,name2/value2,...;<br/>translatedSource:name1/value1,name2/value2,...;translatedDestination:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;originalDestinationPort:name1/value1,name2/value2,...;<br/>translatedSourcePort:name1/value1,name2/value2,...;translatedDestinationPort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to fetch/delete</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalDestination:Network object configured as Destination source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedDestination:Network object configured as translated Destination object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>originalDestinationPort:Port object configured as Original Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedDestinationPort:Port object configured as Translated Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given"<br/>'
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRuleListContainer'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?expanded=true ( Example payload for GET ALL on manual NAT rules with ?expanded=true )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?offset=0&limit=2&expanded=true
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: any
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid1
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1488950602096
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: false
translatedSource:
type: Network
id: networkObjUuid
name: any
originalSource:
type: Network
id: networkObjUuid
name: any
interfaceInOriginalDestination: false
interfaceInTranslatedSource: false
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneUuid
type: SecurityZone
description: manual nat rule 2
id: manualNatRuleUuid2
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?filter="ids:manualNatRuleUuid1,manualNatRuleUuid2"&expanded=true ( Example payload for GET ALL on manual NAT rules with ?expanded=true and filter with ids )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?offset=0&limit=25&filter="ids:manualNatRuleUuid1,manualNatRuleUuid2"&expanded=true
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: any
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid1
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1488950602096
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: false
translatedSource:
type: Network
id: networkObjUuid
name: any
originalSource:
type: Network
id: networkObjUuid
name: any
interfaceInOriginalDestination: false
interfaceInTranslatedSource: false
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual
id: secZoneUuid
type: SecurityZone
description: manual nat rule 2
id: manualNatRuleUuid2
paging:
offset: 0
limit: 25
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies all the Manual NAT rules. _Check the response section for applicable examples (if any)._**'
operationId: updateMultipleFTDManualNatRule
parameters:
- name: bulk
in: query
description: Enables bulk actions for Manual NAT rules.
required: false
schema:
type: boolean
- name: partialUpdate
in: query
description: This field specifies whether to change the entire object or only certain attributes of it. When its value is false the whole object will change, and if the value is true then only the attributes that are specified will change. The default value of this field is false.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid ( Example payload for PUT on manual NAT rules. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true ( Example payload for PUT on manual NAT rules with bulk=true. )'
: value:
- originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid1
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid1
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
- originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid2
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid2
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=false ( Example payload for BULK PUT on manual NAT rules with bulk=false. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5 ( Example payload for PUT on manual NAT rules with ''targetIndex'' query param. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: true
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 5 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5&amp;section=before_auto ( Example payload for PUT on manual NAT rules with ''targetIndex'' and ''section'' query param. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: true
originalDestination:
type: Network
id: network object uuid
id: manualNatRuleUuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid ( Example payload for PUT on manual NAT rules. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true ( Example payload for PUT on manual NAT rules with bulk=true. )'
: value:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid1
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid2
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 3 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=false ( Example payload for BULK PUT on manual NAT rules with bulk=false. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 4 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5 ( Example payload for PUT on manual NAT rules with ''targetIndex'' query param. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
unidirectional: true
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 5 : PUT /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid?targetIndex=5&amp;section=before_auto ( Example payload for PUT on manual NAT rules with ''targetIndex'' and ''section'' query param. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
unidirectional: true
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates all the Manual NAT rules. _Check the response section for applicable examples (if any)._**'
operationId: createMultipleFTDManualNatRule
parameters:
- name: bulk
in: query
description: Enables bulk actions for Manual NAT rules.
required: false
schema:
type: boolean
- name: section
in: query
description: Creates manual NAT rule in given section. Allowed value is before_auto and after_auto.
required: false
schema:
type: string
- name: targetIndex
in: query
description: Creates manual NAT rule at given targetIndex. It takes an integer value.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input Manual NAT rule model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules with interface in translated source. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
originalDestination:
type: Network
id: network object uuid
unidirectional: false
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 3 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules with interface in original destination )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
interfaceInOriginalDestination: true
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 4 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?section=before_auto&targetIndex=2 ( Example payload for POST on manual NAT rules with ''section'' and ''targetIndex'' query params. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 5 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?section=after_auto&targetIndex=2 ( Example payload for POST on manual NAT rules with ''section'' and ''targetIndex'' query param. )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 6 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true&amp;section=after_auto&targetIndex=2 ( Example payload for bulk POST on manual NAT rules with ''section'' and ''targetIndex'' query param. )'
: value:
- originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
- originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
translatedSource:
type: Network
id: network object uuid
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: false
originalDestination:
type: Network
id: network object uuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
? 'Example 7 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules with PAT with block-allocation . )'
: value:
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
originalSource:
type: Network
id: Network object uuid
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
translatedDestination:
type: Network
id: Network object uuid
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: false
roundRobin: true
extendedPat: false
flatPortRange: false
blockAllocation: true
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
unidirectional: true
originalDestination:
type: Network
id: network object uuid
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
id: security zone uuid
type: SecurityZone
destinationInterface:
id: security zone uuid
type: SecurityZone
description: description of nat rule
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules with interface in translated source. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalDestination:
type: Network
id: network object uuid
name: network object name
unidirectional: false
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 3 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules with interface in original destination )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
translatedSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
unidirectional: false
interfaceInOriginalDestination: true
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 7 : POST /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules ( Example payload for POST on manual NAT rules with PAT with block-allocation . )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
blockAllocation: true
unidirectional: true
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: DYNAMIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes all the Manual NAT rules. _Check the response section for applicable examples (if any)._**'
operationId: deleteMultipleFTDManualNatRule
parameters:
- name: bulk
in: query
description: Enables bulk actions for Manual NAT rules.
required: true
schema:
type: boolean
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;originalDestination:name1/value1,name2/value2,...;<br/>translatedSource:name1/value1,name2/value2,...;translatedDestination:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;originalDestinationPort:name1/value1,name2/value2,...;<br/>translatedSourcePort:name1/value1,name2/value2,...;translatedDestinationPort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to fetch/delete</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalDestination:Network object configured as Destination source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedDestination:Network object configured as translated Destination object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>originalDestinationPort:Port object configured as Original Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedDestinationPort:Port object configured as Translated Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given"<br/>'
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDManualNatRule'
examples:
? 'Example 1 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid ( Example payload for DELETE on manual NAT rule. )'
: value:
metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1493371106718
domain:
name: Global
id: global_domain_uuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/global_domain_uuid/policy/ftdnatpolicies/natPolicyUuid/natrules
id: manualNatRuleUuid
originalDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
originalSource:
type: Network
id: network object uuid
name: network object name
originalSourcePort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedDestination:
type: Network
id: network object uuid
name: network object name
translatedDestinationPort:
type: ProtocolPortObject
id: protocol port object uuid
name: port object name
translatedSource:
type: Network
id: network object uuid
name: network object name
patOptions:
patPoolAddress:
type: Host
id: Host object uuid
name: NW1
interfacePat: false
includeReserve: true
roundRobin: true
extendedPat: true
flatPortRange: true
unidirectional: false
originalDestination:
type: Network
id: network object uuid
name: network object name
interfaceInOriginalDestination: false
type: FTDManualNatRule
enabled: true
natType: STATIC
interfaceIpv6: false
fallThrough: false
dns: false
routeLookup: false
noProxyArp: false
netToNet: false
sourceInterface:
name: sec zone object name
id: security zone uuid
type: SecurityZone
destinationInterface:
name: sec zone object name
id: sec zone object uuid
type: SecurityZone
description: description of nat rule
? 'Example 2 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/?bulk=true&filter="originalSource:originalSourceName1;ids:manualNatRuleUuid1,manualNatRuleUuid2" ( Example payload for DELETE ALL on NAT rules with ?bulk=true and filter with original source and id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/?bulk=true&filter="originalSource:originalSourceName1;ids:manualNatRuleUuid1,manualNatRuleUuid2"
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid1
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore2
id: secZoneObjUuid2
type: SecurityZone
id: ids:manualNatRuleUuid1
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid1
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual3
id: secZoneObjUuid3
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore4
id: secZoneObjUuid4
type: SecurityZone
id: ids:manualNatRuleUuid2
? 'Example 3 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2" ( Example payload for DELETE ALL on Manual NAT rules with ?bulk=true and filter with originalSource )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules?bulk=true&filter="originalSource:originalSourceName1,originalSourceName2"
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid1
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid1
- metadata:
section: BEFORE_AUTO
index: 2
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid2
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid
name: originalSourceName2
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual
id: secZoneObjUuid
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore
id: secZoneObjUuid
type: SecurityZone
id: manualNatRuleUuid2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/natrules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the NAT rule (manual and auto) associated with the specified policy ID.**'
operationId: getFTDNatRule
parameters:
- name: objectId
in: path
description: Unique identifier of a NAT rule.
required: true
schema:
type: string
- name: section
in: query
description: Retrieves NAT rule in given section. Allowed value is before_auto, auto and after_auto.
required: false
schema:
type: string
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;originalDestination:name1/value1,name2/value2,...;<br/>translatedSource:name1/value1,name2/value2,...;translatedDestination:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;originalDestinationPort:name1/value1,name2/value2,...;<br/>translatedSourcePort:name1/value1,name2/value2,...;translatedDestinationPort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to fetch/delete</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalDestination:Network object configured as Destination source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedDestination:Network object configured as translated Destination object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>originalDestinationPort:Port object configured as Original Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedDestinationPort:Port object configured as Translated Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given"<br/>'
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatRule'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/natrules ( Example payload for GET on NAT rules )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules?offset=0&limit=2
items:
- links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDManualNatRule
id: manualNatRuleUuid
- links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDAutoNatRule
id: autoNatRuleUuid
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftdnatpolicies/{containerUUID}/natrules:
get:
tags:
- Policy
description: '**Retrieves list of all NAT rules (manual and auto).**'
operationId: getAllFTDNatRule
parameters:
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;originalDestination:name1/value1,name2/value2,...;<br/>translatedSource:name1/value1,name2/value2,...;translatedDestination:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;originalDestinationPort:name1/value1,name2/value2,...;<br/>translatedSourcePort:name1/value1,name2/value2,...;translatedDestinationPort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to fetch/delete</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalDestination:Network object configured as Destination source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedDestination:Network object configured as translated Destination object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>originalDestinationPort:Port object configured as Original Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedDestinationPort:Port object configured as Translated Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given"<br/>'
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatRuleListContainer'
examples:
? 'Example 1 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/natrules?expanded=true ( Example payload for GET ALL on NAT rules with ?expanded=true )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules?offset=0&limit=2&expanded=true
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid1
name: networkObj1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore2
id: secZoneObjUuid2
type: SecurityZone
id: manualNatRuleUuid
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid1
name: networkObj1
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid2
name: networkObj2
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual5
id: secZoneObjUuid5
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual4
id: secZoneObjUuid4
type: SecurityZone
id: autoNatRuleUuid
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/natrules?filter="ids:manualNatRuleUuid,autoNatRuleUuid"&expanded=true ( Example payload for GET ALL on NAT rules with ?expanded=true and filter with id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules?offset=0&limit=25&filter="ids:manualNatRuleUuid,autoNatRuleUuid"&expanded=true
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid2
name: networkObj2
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual3
id: secZoneObjUuid3
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore1
id: secZoneObjUuid1
type: SecurityZone
id: manualNatRuleUuid
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid3
name: networkObj3
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid2
name: networkObj2
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid
paging:
offset: 0
limit: 25
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes all the NAT rules (manual and auto). _Check the response section for applicable examples (if any)._**'
operationId: deleteMultipleFTDNatRule
parameters:
- name: bulk
in: query
description: Enables bulk actions for NAT rules.
required: true
schema:
type: boolean
- name: filter
in: query
description: 'Value is of format : <code>"ids:id1,id2,...;sourceInterface:name1,name2,...;destinationInterface:name1,name2,...;<br/>originalSource:name1/value1,name2/value2,...;originalDestination:name1/value1,name2/value2,...;<br/>translatedSource:name1/value1,name2/value2,...;translatedDestination:name1/value1,name2/value2,...;<br/>originalSourcePort:name1/value1,name2/value2,...;originalDestinationPort:name1/value1,name2/value2,...;<br/>translatedSourcePort:name1/value1,name2/value2,...;translatedDestinationPort:name1/value1,name2/value2,...;"</code><br/><br/>ids:id1,id2,...etc. This ids is a comma-separated list of rule ids to fetch/delete</br>sourceInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>destinationInterface:SecurityZone/Interface group name (sec_zone_name1) can be given as value to fetch/delete NAT rule<br/>originalSource: Network object configured as Original source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalDestination:Network object configured as Destination source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedSource:Network object configured as translated source object name (object_name) or the value (10.1.2.3) of the object can be given<br/>translatedDestination:Network object configured as translated Destination object name (object_name) or the value (10.1.2.3) of the object can be given<br/>originalSourcePort:Port object configured as Original Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>originalDestinationPort:Port object configured as Original Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedSourcePort:Port object configured as Translated Source Port object name (http) or value of the object as port no or protocol (tcp/80) can be given<br/>translatedDestinationPort:Port object configured as Translated Destination Port object name (http) or value of the object as port no or protocol (tcp/80) can be given"<br/>'
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDNatRule'
examples:
? 'Example 1 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/natrules?bulk=true&filter="ids:manualNatRuleUuid,autoNatRuleUuid" ( Example payload for DELETE ALL on NAT rules with ?bulk=true and filter with id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules?bulk=true&filter="ids:manualNatRuleUuid,autoNatRuleUuid"
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid2
name: originalSourceName2
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore1
id: secZoneObjUuid1
type: SecurityZone
id: manualNatRuleUuid
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid1
name: translatedNetworkName1
translatedPort: 1234
originalNetwork:
type: Network
id: networkObjUuid1
name: networkObj1
originalPort: 345
type: FTDAutoNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid
? 'Example 2 : DELETE /api/fmc_config/v1/domain/DomainUUID/policy/ftdnatpolicies/natPolicyUuid/natrules?bulk=true&filter="originalSource:originalSourceName1;ids:manualNatRuleUuid1,autoNatRuleUuid2" ( Example payload for DELETE ALL on NAT rules with ?bulk=true and filter with originalSource )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules?bulk=true&filter="originalSource:originalSourceName1;ids:manualNatRuleUuid1,autoNatRuleUuid2"
items:
- metadata:
section: BEFORE_AUTO
index: 1
timestamp: 1488950245960
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/manualnatrules/manualNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
unidirectional: true
originalSource:
type: Network
id: networkObjUuid1
name: originalSourceName1
interfaceInOriginalDestination: false
interfaceInTranslatedSource: true
enabled: true
type: FTDManualNatRule
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: DYNAMIC
sourceInterface:
name: seczonebefore2
id: secZoneObjUuid2
type: SecurityZone
id: manualNatRuleUuid1
- metadata:
section: AUTO
timestamp: 1489053023583
domain:
name: Global
id: domainUuid
type: Domain
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/autonatrules/autoNatRuleUuid
parent: <fmc_url>/api/fmc_config/v1/domain/domainUuid/policy/ftdnatpolicies/natPolicyUuid/natrules
type: FTDAutoNatRule
originalPort: 80
serviceProtocol: TCP
translatedNetwork:
type: Network
id: networkObjUuid2
name: translatedNetworkName2
translatedPort: 443
originalNetwork:
type: Network
id: networkObjUuid1
name: originalSourceName1
destinationInterface:
name: seczonemanual1
id: secZoneObjUuid1
type: SecurityZone
dns: false
interfaceIpv6: false
noProxyArp: false
netToNet: false
natType: STATIC
sourceInterface:
name: seczonemanual2
id: secZoneObjUuid2
type: SecurityZone
id: autoNatRuleUuid2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the intrusion policy associated with the specified ID.**'
operationId: getIntrusionPolicy
parameters:
- name: includeCount
in: query
description: Boolean value if the count of rules should be calculated in the response.
required: false
schema:
type: boolean
- name: ruleFilter
in: query
description: Query Param to return rule counts based on the filter. Value is of format <code>fts:browser</code>.
required: false
schema:
type: string
- name: objectId
in: path
description: Identifier for intrusion policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID ( Test GET of intrusion policy for a uuid )'
: value:
name: Security Over Connectivity
id: intrusionPolicyUUID
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
metadata:
readOnly:
state: true
domain:
id: DomainUUID
type: Domain
name: Global
lastUser:
name: admin
id: userUUID
type: User
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the intrusion policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateIntrusionPolicy
parameters:
- name: objectId
in: path
description: Identifier for intrusion policy.
required: true
schema:
type: string
- name: replicateInspectionMode
in: query
description: Flag to replicate inspection mode from Snort 3 version to Snort 2 version.
required: false
schema:
type: string
- name: ruleRecommendationAction
in: query
description: This is a query parameter. Based on this value, the rule recommendation configuration is set against Snort3 Intrusion Policy.<br/>GENERATE - Generates the rule recommendation for the given recommendedSecurityLevel value and network objects per Snort3 Intrusion Policy.<br/> GENERATE_AND_ACCEPT - Generates the rule recommendation for the given recommendedSecurityLevel value and network objects per Snort3 Intrusion Policy and accepts it against the Snort3 Intrusion Policy. <br/> REFRESH - Refreshes the rule recommendation for already given recommendedSecurityLevel value and network objects per Snort3 Intrusion Policy. <br/> REMOVE - Removes all rule recommendations and ruleRecommendation config per Snort3 Intrusion Policy. <br/> ACCEPT - Accepts the rule recommendation for which rule recommendation is already generated for the given recommendedSecurityLevel value and network objects against the given Snort3 Intrusion Policy
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID ( Test PUT of intrusion policy to update record )'
: value:
basePolicy:
name: test1
id: intrusionPolicyUUID
type: IntrusionPolicy
description: description
inspectionMode: PREVENTION
name: test1
type: IntrusionPolicy
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID ( Test PUT of intrusion policy to update record )'
: value:
basePolicy:
name: test1
id: intrusionPolicyUUID
type: IntrusionPolicy
description: description
inspectionMode: PREVENTION
name: test1
type: IntrusionPolicy
ruleRecommendation:
securityLevel: LEVEL_2
networks:
- name: network_obj_1
id: <network_object_uuid>
type: Network
- name: network_obj_2
id: <network_object_uuid>
type: Network
acceptDisabledRules: "TRUE"
recommendationInUse: "FALSE"
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID ( Test PUT of intrusion policy to update record )'
: value:
basePolicy:
name: test1
id: intrusionPolicyUUID
type: IntrusionPolicy
description: description
inspectionMode: PREVENTION
name: test1
type: IntrusionPolicy
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID ( Test PUT of intrusion policy to update record )'
: value:
basePolicy:
name: test1
id: intrusionPolicyUUID
type: IntrusionPolicy
description: description
inspectionMode: PREVENTION
name: test1
type: IntrusionPolicy
ruleRecommendation:
securityLevel: LEVEL_2
networks:
- name: network_obj_1
id: <network_object_uuid>
type: Network
- name: network_obj_2
id: <network_object_uuid>
type: Network
acceptDisabledRules: "TRUE"
recommendationInUse: "FALSE"
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the intrusion policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteIntrusionPolicy
parameters:
- name: objectId
in: path
description: Identifier for intrusion policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
examples:
'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID ( Test DELETE of device )':
value:
basePolicy:
name: test1
id: intrusionPolicyUUID
type: IntrusionPolicy
description: description
inspectionMode: PREVENTION
name: test1
type: IntrusionPolicy
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies:
get:
tags:
- Policy
description: '**Retrieves list of all intrusion policies.**'
operationId: getAllIntrusionPolicy
parameters:
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicyListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/object/policy/intrusionpolicies ( Get all paginated intrusion policy without offset and limit )'
: value:
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies?offset=0&limit=5
items:
- name: No Rules Active
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Maximum Detection
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Connectivity Over Security
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Balanced Security and Connectivity
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Security Over Connectivity
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: No Rules Active
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Maximum Detection
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Connectivity Over Security
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Balanced Security and Connectivity
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
- name: Security Over Connectivity
id: intrusionPolicyUUID
links:
self: /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies/intrusionPolicyUUID
type: IntrusionPolicy
snortEngine: SNORT2 | SNORT3
inspectionMode: DETECTION | PREVENTION
isSystemDefined: true
paging:
offset: 0
limit: 10
count: 10
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates intrusion policies. _Check the response section for applicable examples (if any)._**'
operationId: createIntrusionPolicy
parameters:
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of intrusion policy.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
examples:
'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/intrusionpolicies ( Test intrusion policy creation )':
value:
basePolicy:
name: test1
id: intrusionPolicyUUID
type: IntrusionPolicy
description: Created via automation
inspectionMode: PREVENTION
name: test1
type: IntrusionPolicy
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/IntrusionPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies/{containerUUID}/intrusionrulegroups/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the per-policy behaviour of the specified intrusion rule ID for the target intrusion policy ID.**'
operationId: getSnort3IntrusionRuleGroups
parameters:
- name: objectId
in: path
description: Identifier of a Snort 3 rule group.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups/Snort3IntrusionRuleGroups-UUID ( Success: Test GET method for Snort3IntrusionRuleGroups )'
: value:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
isSystemDefined: true
description: Rules for detecting exploits targeting network servers
links:
self: https://u32c01p10-vrouter.cisco.com:10514/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/0050568A-49A6-0ed3-0000-077309413589/intrusionrulegroups/d9953ebd-1b43-5809-94b8-e34b33fa0d11
childGroups:
- name: Other
id: 3267bf7b-348d-535f-b42a-fe369b2a5f85
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against miscellaneous servers
totalRuleCount: 2615
canonicalName: Rule Categories::Server::Other
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Apache
id: f58ecfed-c8ec-5ffe-bf68-d33324e22289
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against Apache servers
totalRuleCount: 168
canonicalName: Rule Categories::Server::Apache
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Microsoft IIS
id: a321ff02-5f53-58b6-bf32-7cc7144aa55a
type: IntrusionRuleGroup
defaultSecurityLevel: DISABLED
isSystemDefined: true
description: Rules for detecting attacks against Microsoft Internet Information Systems servers
totalRuleCount: 200
canonicalName: Rule Categories::Server::Microsoft IIS
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Oracle
id: 686e6146-c2f7-5ba2-9715-ab15cce482ee
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against Oracle servers
totalRuleCount: 491
canonicalName: Rule Categories::Server::Oracle
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Web Applications
id: 7b914935-12af-5a9f-94b2-1a2effcc169e
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against miscellaneous Web applications
totalRuleCount: 6363
canonicalName: Rule Categories::Server::Web Applications
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Samba
id: 0847ef51-cd96-5784-89d2-be4230f8067c
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against SAMBA servers
totalRuleCount: 50
canonicalName: Rule Categories::Server::Samba
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Mail
id: 984464aa-da20-5635-9af5-dfe8f20e4e7a
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against mail servers
totalRuleCount: 204
canonicalName: Rule Categories::Server::Mail
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: MySQL
id: c92868e4-ac0e-5514-9051-7c6d60abbcbc
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against MySQL servers
totalRuleCount: 81
canonicalName: Rule Categories::Server::MySQL
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: SQL Server
id: 73a78ee8-84eb-55e7-904b-eb5e31bf00a6
type: IntrusionRuleGroup
defaultSecurityLevel: LEVEL_2
isSystemDefined: true
description: Rules for detecting attacks against Microsoft SQL servers
totalRuleCount: 70
canonicalName: Rule Categories::Server::SQL Server
parentGroup:
name: Server
id: d9953ebd-1b43-5809-94b8-e34b33fa0d11
type: IntrusionRuleGroup
metadata:
domain:
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
canonicalName: Rule Categories::Server
parentGroup:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
ruleCount:
disabled: 0
alert: 0
block: 0
rewrite: 0
reject: 0
pass: 0
drop: 0
overridden: 0
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the per-policy behaviour of the specified intrusion rule ID for the target intrusion policy ID. _Check the response section for applicable examples (if any)._**'
operationId: updateSnort3IntrusionRuleGroups
parameters:
- name: objectId
in: path
description: Identifier of a Snort 3 rule group.
required: true
schema:
type: string
- name: removeRuleOverrides
in: query
description: Boolean value for removing the rule overrides when excluding a rulegroup from a policy.
required: false
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups/Snort3IntrusionRuleGroups-UUID ( Success: Test PUT method for Snort3IntrusionRuleGroups )'
: value:
name: Group1
id: bb79c3d4-904e-569e-80ba-ad50a8f24a67
type: IntrusionRuleGroup
defaultSecurityLevel: DISABLED
description: A description about Group1 goes here.
overrideSecurityLevel: LEVEL_1
? 'Example 2 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups?bulk=true ( Success: Test Bulk PUT method for Snort3IntrusionRuleGroups )'
: value:
- name: Group1
id: bb79c3d4-904e-569e-80ba-ad50a8f24a67
type: IntrusionRuleGroup
defaultSecurityLevel: DISABLED
description: A description about Group1 goes here.
overrideSecurityLevel: LEVEL_1
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies/{containerUUID}/intrusionrulegroups:
get:
tags:
- Policy
description: '**Retrieves list of all Snort 3 intrusion rule groups.**'
operationId: getAllSnort3IntrusionRuleGroups
parameters:
- name: includeCount
in: query
description: Boolean value if the count of rules should be calculated in the response.
required: false
schema:
type: boolean
- name: filter
in: query
description: 'Value can be any of the formats (including quotes): <code>"name:Browser/Firefox"</code> or <code>"currentSecurityLevel:DISABLED"</code> or <code>"showonlyparents:{true/false}"</code> or <code>"isSystemDefined:{true/false}"</code> or <code>"includeCount:true"</code>.'
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroupsListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups ( Success: Test GET ALL method for Snort3IntrusionRuleGroups )'
: value:
links:
self: https://u32c01p10-vrouter.cisco.com:10514/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/0050568A-49A6-0ed3-0000-077309413589/intrusionrulegroups?offset=1&limit=2&expanded=true
items:
- name: Browser
id: fb1f3030-6070-5633-88eb-027660bbdba5
type: IntrusionRuleGroup
defaultSecurityLevel: DISABLED
isSystemDefined: true
description: Rules for detecting exploits targeting Web browsers
links:
self: https://u32c01p10-vrouter.cisco.com:10514/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/0050568A-49A6-0ed3-0000-077309413589/intrusionrulegroups/fb1f3030-6070-5633-88eb-027660bbdba5
totalRuleCount: 0
canonicalName: Rule Categories::Browser
parentGroup:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
container:
name: Rule Categories
id: c4f4121b-d8e0-5086-9ae3-064062109492
type: IntrusionRuleGroup
- name: Local Rules
id: f2898aac-ee10-11ec-bfc5-67f7aebc82ad
type: IntrusionRuleGroup
isSystemDefined: true
description: Contains the user defined rules
links:
self: https://u32c01p10-vrouter.cisco.com:10514/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/0050568A-49A6-0ed3-0000-077309413589/intrusionrulegroups/f2898aac-ee10-11ec-bfc5-67f7aebc82ad
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
paging:
offset: 1
limit: 2
count: 2
prev:
- https://u32c01p10-vrouter.cisco.com:10514/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/0050568A-49A6-0ed3-0000-077309413589/intrusionrulegroups?offset=0&limit=1&expanded=true
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies all the Snort 3 intrusion rule groups. _Check the response section for applicable examples (if any)._**'
operationId: updateMultipleSnort3IntrusionRuleGroups
parameters:
- name: bulk
in: query
description: '[DEV ERROR: Missing description]'
required: true
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups/Snort3IntrusionRuleGroups-UUID ( Success: Test PUT method for Snort3IntrusionRuleGroups )'
: value:
name: Group1
id: bb79c3d4-904e-569e-80ba-ad50a8f24a67
type: IntrusionRuleGroup
defaultSecurityLevel: DISABLED
description: A description about Group1 goes here.
overrideSecurityLevel: LEVEL_1
? 'Example 2 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups?bulk=true ( Success: Test Bulk PUT method for Snort3IntrusionRuleGroups )'
: value:
- name: Group1
id: bb79c3d4-904e-569e-80ba-ad50a8f24a67
type: IntrusionRuleGroup
defaultSecurityLevel: DISABLED
description: A description about Group1 goes here.
overrideSecurityLevel: LEVEL_1
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IntrusionRuleGroups'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies/{containerUUID}/intrusionrules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the per-policy behaviour of the specified intrusion rule ID for the target intrusion policy ID.**'
operationId: getSnort3IPSRules
parameters:
- name: objectId
in: path
description: Identifier of a Snort 3 intrusion rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules/intrusionRuleUUID ( Success: Test GET method for Snort3IPSRules )'
: value:
type: IntrusionRule
id: 2fa0884a-f666-521f-aa70-55a7d87dd1f6
name: 1:28496
gid: 1
sid: 28496
revision: 4
isSystemDefined: true
msg: BROWSER-IE Microsoft Internet Explorer createRange user after free attempt
ruleData: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any ( msg:"BROWSER-IE Microsoft Internet Explorer createRange user after free attempt"; flow:to_client,established; file_data; content:" document.body.innerHTML +="; content:" document.execCommand|28|",within 100; content:".createRange|28|",distance 0; metadata:policy balanced-ips alert,policy max-detect-ips drop,policy security-ips drop; service:http; reference:cve,2013-3910; reference:url,technet.microsoft.com/en-us/security/bulletin/MS13-088; classtype:attempted-user; sid:28496; rev:4; )
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
defaultSetBy:
- name: Balanced Security and Connectivity
id: 6c66b83c-bc23-55b6-879d-c4d847443503
type: IntrusionPolicy
action: ALERT
defaultState: ALERT
overrideState: DROP
ruleGroups:
- name: Browser/Internet Explorer
id: c705b8ed-f7a9-5b8b-a95a-01450095f131
type: IntrusionRuleGroup
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the per-policy behaviour of the specified intrusion rule ID for the target intrusion policy ID. _Check the response section for applicable examples (if any)._**'
operationId: updateSnort3IPSRules
parameters:
- name: objectId
in: path
description: Identifier of a Snort 3 intrusion rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules/Snort3IPSRules-UUID ( Success: Test PUT method for Snort3IPSRules )'
: value:
sid: 37062
gid: 1
revision: 2
msg: '"APP-DETECT 12P DNS request attempt"'
ruleData: alert udp $HOME_NET any -> any 53 ( msg:"APP-DETECT 12P DNS request attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|03|b32|03|i2p|00|",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:dns; reference:url,geti2p.net; classtype:misc-activity; sid:37062; rev:2; )
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
overrideState: ALERT
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: ALERT
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-1
? 'Example 2 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules?bulk=true ( Success: Test Bulk PUT method for Snort3IPSRules )'
: value:
- sid: 37062
gid: 1
revision: 2
msg: '"APP-DETECT 12P DNS request attempt"'
ruleData: alert udp $HOME_NET any -> any 53 ( msg:"APP-DETECT 12P DNS request attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|03|b32|03|i2p|00|",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:dns; reference:url,geti2p.net; classtype:misc-activity; sid:37062; rev:2; )
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
overrideState: ALERT
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: ALERT
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-1
- sid: 28071
gid: 1
revision: 3
msg: '"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"'
ruleData: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"; flow:to_server,established; http_uri; content:"/login.php?refer=%2F",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:http; reference:url,en.wikipedia.org/wiki/360_Safeguard; reference:url,research.zscaler.com/2011/05/is-360cn-evil.html; reference:url,www.alexa.com/siteinfo/360safe.com; reference:url,www.virustotal.com/en/domain/360safe.com/information/; classtype:trojan-activity; sid:28071; rev:3; )
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
overrideState: ALERT
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: ALERT
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-2
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies/{containerUUID}/intrusionrules:
get:
tags:
- Policy
description: '**Retrieves list of all Snort 3 intrusion rules.**'
operationId: getAllSnort3IPSRules
parameters:
- name: filter
in: query
description: 'Value can be any of the formats (including quotes): <code>"gid:123;sid:456"</code> or <code>"overrides:true;ipspolicy:{uuid1,uuid2,...}</code> or <code>"fts:789"</code> or <code>"isSystemDefined:{true/false}"</code>. <code>ipspolicy</code> is a comma-separated list of Snort 3 Intrusion Policy IDs.'
required: false
schema:
type: string
- name: sort
in: query
description: Sorting parameters to be provided e.g. sid,-sid,gid,-gid,msg,-msg.
required: false
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRulesListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules ( GET ALL )':
value:
links:
self: /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules?offset=0&limit=2
items:
- sid: 37062
gid: 1
revision: 2
msg: '"APP-DETECT 12P DNS request attempt"'
ruleData: alert udp $HOME_NET any -> any 53 ( msg:"APP-DETECT 12P DNS request attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|03|b32|03|i2p|00|",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:dns; reference:url,geti2p.net; classtype:misc-activity; sid:37062; rev:2; )
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
defaultSetBy:
- name: Balanced Security and Connectivity
id: 6c66b83c-bc23-55b6-879d-c4d847443503
type: IntrusionPolicy
action: ALERT
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-1
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules/Snort3IPSRules-UUID-1
- sid: 28071
gid: 1
revision: 3
msg: '"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"'
ruleData: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"; flow:to_server,established; http_uri; content:"/login.php?refer=%2F",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:http; reference:url,en.wikipedia.org/wiki/360_Safeguard; reference:url,research.zscaler.com/2011/05/is-360cn-evil.html; reference:url,www.alexa.com/siteinfo/360safe.com; reference:url,www.virustotal.com/en/domain/360safe.com/information/; classtype:trojan-activity; sid:28071; rev:3; )
metadata:
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
defaultSetBy:
- name: Balanced Security and Connectivity
id: 6c66b83c-bc23-55b6-879d-c4d847443503
type: IntrusionPolicy
action: ALERT
isSystemDefined: "true"
ruleAction:
- defaultState: BLOCK
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"'
id: Snort3IPSRules-UUID-2
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules/Snort3IPSRules-UUID-2
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies all the Snort 3 intrusion rules. _Check the response section for applicable examples (if any)._**'
operationId: updateMultipleSnort3IPSRules
parameters:
- name: bulk
in: query
description: This parameter specifies that bulk operation is being used in the query. This parameter is required for bulk Snort 3 intrusion rule operations.
required: true
schema:
type: boolean
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules/Snort3IPSRules-UUID ( Success: Test PUT method for Snort3IPSRules )'
: value:
sid: 37062
gid: 1
revision: 2
msg: '"APP-DETECT 12P DNS request attempt"'
ruleData: alert udp $HOME_NET any -> any 53 ( msg:"APP-DETECT 12P DNS request attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|03|b32|03|i2p|00|",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:dns; reference:url,geti2p.net; classtype:misc-activity; sid:37062; rev:2; )
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
overrideState: ALERT
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: ALERT
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-1
? 'Example 2 : PUT /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/policyUUID/intrusionrules?bulk=true ( Success: Test Bulk PUT method for Snort3IPSRules )'
: value:
- sid: 37062
gid: 1
revision: 2
msg: '"APP-DETECT 12P DNS request attempt"'
ruleData: alert udp $HOME_NET any -> any 53 ( msg:"APP-DETECT 12P DNS request attempt"; flow:to_server; byte_test:1,!&,0xF8,2; content:"|03|b32|03|i2p|00|",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:dns; reference:url,geti2p.net; classtype:misc-activity; sid:37062; rev:2; )
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
overrideState: ALERT
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: ALERT
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-1
- sid: 28071
gid: 1
revision: 3
msg: '"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"'
ruleData: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS ( msg:"APP-DETECT 360.cn SafeGuard local HTTP management console access attempt"; flow:to_server,established; http_uri; content:"/login.php?refer=%2F",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:http; reference:url,en.wikipedia.org/wiki/360_Safeguard; reference:url,research.zscaler.com/2011/05/is-360cn-evil.html; reference:url,www.alexa.com/siteinfo/360safe.com; reference:url,www.virustotal.com/en/domain/360safe.com/information/; classtype:trojan-activity; sid:28071; rev:3; )
isSystemDefined: false | true
ruleAction:
- defaultState: BLOCK
overrideState: ALERT
policy:
name: Maximum Detection
id: ccbf50d8-b908-5a56-b1a8-099773b904f2
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Balanced Security and Connectivity
id: 6c5fd197-7d58-51cc-b048-40f5a7442f4b
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: ALERT
policy:
name: Connectivity Over Security
id: e90b3402-1dde-58b8-956e-0ba3e73b9c0a
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: DISABLE
policy:
name: No Rules Active
id: 402cd584-98f0-544e-b628-0c4b40903189
type: IntrusionPolicy
inlineDrop: 0
- defaultState: DISABLE
overrideState: BLOCK
policy:
name: Security Over Connectivity
id: eb508df4-58a2-59c3-a610-500d9a9e4423
type: IntrusionPolicy
inlineDrop: 0
name: ' '
description: '"APP-DETECT 12P DNS request attempt"'
id: Snort3IPSRules-UUID-2
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/Snort3IPSRules'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/filepolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the File Policy associated with the specified ID.**'
operationId: getFilePolicy
parameters:
- name: objectId
in: path
description: Unique identifier of a file policy.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-1 ( Success: Test GET method for filepolicy )'
: value:
name: Test-TestDomain
id: File-policy-UUID-1
type: FilePolicy
description: Test-TestDomain
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-1
metadata:
readOnly:
state: true
timestamp: 1460056664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: TestDomain
id: domainUUID
type: domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the File Policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFilePolicy
parameters:
- name: objectId
in: path
description: Unique identifier of a file policy.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/filepolicies/File-policy-UUID-3 ( Update a File Policy )':
value:
name: Test-File-policy_edited
type: FilePolicy
id: File-policy-UUID-3
description: An example File Policy
archiveDepth: 2
archiveDepthAction: true
blockEncryptedArchives: false
cleanList: true
customDetectionList: true
firstTimeFileAnalysis: true
inspectArchives: false
threatScore: MEDIUM
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/filepolicies/File-policy-UUID-3 ( Update a File Policy )':
value:
metadata:
readOnly:
state: false
timestamp: 1460056664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: TestDomain
id: domainUUID
type: domain
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-3
type: FilePolicy
id: File-policy-UUID-3
name: Test-File-policy_edited
description: An example File Policy
archiveDepth: 2
archiveDepthAction: true
blockEncryptedArchives: false
cleanList: true
customDetectionList: true
firstTimeFileAnalysis: true
inspectArchives: false
threatScore: MEDIUM
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the File Policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFilePolicy
parameters:
- name: objectId
in: path
description: Unique identifier of a file policy.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
examples:
'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/filepolicies/File-policy-UUID-3 ( Delete a File Policy )':
value:
metadata:
readOnly:
state: false
timestamp: 1460056664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: TestDomain
id: domainUUID
type: domain
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-3
type: FilePolicy
id: File-policy-UUID-3
name: Test-File-policy_edited
description: An example File Policy
archiveDepth: 2
archiveDepthAction: true
blockEncryptedArchives: false
cleanList: true
customDetectionList: true
firstTimeFileAnalysis: true
inspectArchives: false
threatScore: MEDIUM
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/filepolicies:
get:
tags:
- Policy
description: '**Retrieves list of all File Policies.**'
operationId: getAllFilePolicy
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicyListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/filepolicies ( Success: Test GET ALL success )':
value:
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies?offset=0&limit=2
items:
- name: Test-TestDomain
id: File-policy-UUID-1
type: FilePolicy
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-1
- name: Test-GlobalDomain
id: File-policy-UUID-2
type: FilePolicy
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-2
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET /fmc_config/v1/domain/domainUUID/policy/filepolicies?expanded=true ( Success: Test GET ALL success with expanded=true )'
: value:
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies?offset=0&limit=2
items:
- name: Test-TestDomain
id: File-policy-UUID-1
type: FilePolicy
description: Test-TestDomain
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-1
metadata:
readOnly:
state: true
timestamp: 1460056664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: TestDomain
id: domainUUID
type: domain
- name: Test-GlobalDomain
id: File-policy-UUID-2
type: FilePolicy
description: Test-GlobalDomain
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-2
metadata:
readOnly:
state: false
timestamp: 1460057664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: Global
id: Global-domain-UUID
type: domain
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates File Policies. _Check the response section for applicable examples (if any)._**'
operationId: createFilePolicy
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: The input file policy model.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
examples:
'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/filepolicies ( Create a File policy )':
value:
name: Test-File-policy
type: FilePolicy
description: An example File Policy
archiveDepth: 3
archiveDepthAction: true
blockEncryptedArchives: false
cleanList: true
customDetectionList: true
firstTimeFileAnalysis: true
inspectArchives: false
threatScore: High
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FilePolicy'
examples:
'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/filepolicies ( Create a File policy )':
value:
metadata:
readOnly:
state: false
timestamp: 1460056664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: TestDomain
id: domainUUID
type: domain
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/File-policy-UUID-3
type: FilePolicy
id: File-policy-UUID-3
name: Test-File-policy
description: An example File Policy
archiveDepth: 3
archiveDepthAction: true
blockEncryptedArchives: false
cleanList: true
customDetectionList: true
firstTimeFileAnalysis: true
inspectArchives: false
threatScore: High
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/filepolicies/{containerUUID}/filerules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the file rule associated with the specified ID.**'
operationId: getFileRuleModel
parameters:
- name: objectId
in: path
description: Identifier of a file rule.
required: true
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId ( Success: Test GET success of a file rule )'
: value:
links:
self: https://example.com:443/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId
metadata:
readOnly:
state: false
timestamp: 1673362666
lastUser:
name: admin
id: 68d03c42-d9bd-11dc-89f2-b7961d42c462
type: user
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: exampleFileRuleId
type: FileRule
action: DETECT
protocol: ANY
direction: ANY
fileCategories:
- id: "2"
type: FileCategory
name: Archive
fileTypes:
- id: "19"
type: FileType
name: 7Z
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the file rule associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFileRuleModel
parameters:
- name: objectId
in: path
description: Identifier of a file rule.
required: true
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId ( Success: Test PUT success of a file rule )'
: value:
id: exampleFileRuleId
action: DETECT
protocol: ANY
direction: ANY
fileCategories:
- id: "2"
type: FileCategory
name: Archive
fileTypes:
- id: "19"
type: FileType
name: 7Z
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the file rule associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFileRuleModel
parameters:
- name: objectId
in: path
description: Identifier of a file rule.
required: true
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId ( Success: Test DELETE success of a file rule )'
: value:
links:
self: https://example.com:443/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId
metadata:
readOnly:
state: false
timestamp: 1673362666
lastUser:
name: admin
id: 68d03c42-d9bd-11dc-89f2-b7961d42c462
type: user
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: exampleFileRuleId
type: FileRule
action: DETECT
protocol: ANY
direction: ANY
fileCategories:
- id: "2"
type: FileCategory
name: Archive
fileTypes:
- id: "19"
type: FileType
name: 7Z
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/filepolicies/{containerUUID}/filerules:
get:
tags:
- Policy
description: '**Retrieves a list of all the file rules.**'
operationId: getAllFileRuleModel
parameters:
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModelListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules?limit=2&expanded=true ( Success: Test GET ALL success of all the file rules with expanded=true )'
: value:
links:
self: https://example.com:443/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules?limit=2&expanded=true
items:
- links:
self: https://example.com:443/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId
metadata:
readOnly:
state: false
timestamp: 1673362666
lastUser:
name: admin
id: 68d03c42-d9bd-11dc-89f2-b7961d42c462
type: user
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: exampleFileRuleId1
type: FileRule
action: DETECT
protocol: ANY
direction: ANY
fileCategories:
- id: "2"
type: FileCategory
name: Archive
fileTypes:
- id: "19"
type: FileType
name: 7Z
- links:
self: https://example.com:443/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules/fileruleId
metadata:
readOnly:
state: false
timestamp: 1673362666
lastUser:
name: admin
id: 68d03c42-d9bd-11dc-89f2-b7961d42c462
type: user
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
id: exampleFileRuleId2
type: FileRule
action: DETECT
protocol: ANY
direction: ANY
fileCategories:
- id: "2"
type: FileCategory
name: Archive
fileTypes:
- id: "19"
type: FileType
name: 7Z
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET /fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules?limit=2&expanded=false ( Success: Test GET ALL success of all the file categories with expanded=false )'
: value:
links:
self: https://example.com:443/api/fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules?limit=2&expanded=false
items:
- id: exampleFileRuleId
type: FileRule
links:
self: https://u45c01p01-vrouter.cisco.com:6321/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/filepolicies/1a048a88-8ec4-11ed-acbf-ee690fe4b009/filerules/d200d3c7-267b-2c22-134a-000000000000
- id: exampleFileRuleId2
type: FileRule
links:
self: https://u45c01p01-vrouter.cisco.com:6321/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/filepolicies/1a048a88-8ec4-11ed-acbf-ee690fe4b009/filerules/d200d3c7-267b-2c22-134a-000000000000
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Modifies all the file rules. _Check the response section for applicable examples (if any)._**'
operationId: createFileRuleModel
parameters:
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Request input of a file rule.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/domainUUID/policy/filepolicies/filepolicyUUID/filerules ( Success: Test POST success of a file rule )'
: value:
action: DETECT
protocol: ANY
direction: ANY
fileCategories:
- id: "2"
type: FileCategory
name: Archive
fileTypes:
- id: "19"
type: FileType
name: 7Z
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FileRuleModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/snmpalerts/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the SNMP alert object associated with the specified ID.**'
operationId: getSNMPConfig
parameters:
- name: objectId
in: path
description: Unique identifier of a SNMP alert.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/SNMPConfig'
examples:
'Example 1 : GET /fmc_config/v1/domain/default/policy/snmpalerts/SNMP-alert-UUID-1 ( GET a SNMP alert given UUID )':
value:
name: Test-SNMP-Global-v2
id: SNMP-alert-UUID-1
type: SNMPAlert
version: "2.0"
links:
self: https://somehost.cisco.com/api/fmc_config/v1/domain/default/policy/snmpalerts/SNMP-alert-UUID-1
metadata:
readOnly:
state: true
timestamp: 1460056664
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: Global
id: Global-domain-UUID
type: domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/syslogalerts/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the syslog alert object associated with the specified ID.**'
operationId: getSyslogConfig
parameters:
- name: objectId
in: path
description: Unique identifier of a syslog alert.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/SyslogConfig'
examples:
'Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/syslogalerts/Syslog-alert-UUID-1 ( GET syslog alert by given UUID )':
value:
name: Test-Syslog-Global
id: Syslog-alert-UUID-1
type: SyslogAlert
links:
self: https://somehost.cisco.com/api/fmc_config/v1/domain/default/policy/syslogalerts/Syslog-alert-UUID-1
metadata:
readOnly:
state: true
timestamp: 1460056577
lastUser:
name: admin
id: User-UUID
type: user
domain:
name: Global
id: Global-domain-UUID
type: domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/dynamicaccesspolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the Dynamic Access Policy.**'
operationId: getDynamicAccessPolicy
parameters:
- name: objectId
in: path
description: Identifier for Dynamic Access Policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the Dynamic Access Policy. _Check the response section for applicable examples (if any)._**'
operationId: updateDynamicAccessPolicy
parameters:
- name: objectId
in: path
description: Identifier for Dynamic Access Policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the Dynamic Access Policy. _Check the response section for applicable examples (if any)._**'
operationId: deleteDynamicAccessPolicy
parameters:
- name: objectId
in: path
description: Identifier for Dynamic Access Policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/dynamicaccesspolicies:
get:
tags:
- Policy
description: '**Retrieves list of all Dynamic Access Policies.**'
operationId: getAllDynamicAccessPolicy
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicyListContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates Dynamic Access Policies. _Check the response section for applicable examples (if any)._**'
operationId: createDynamicAccessPolicy
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Dynamic Access Policy.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/DynamicAccessPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the Firewall Threat Defense RA VPN topology associated with the specified ID.**'
operationId: getFTDRAVpnModel
parameters:
- name: objectId
in: path
description: Identifier for Firewall Threat Defense RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns ( Success: Test GET method for RAVpn )':
value:
id: RaVpnNameUUID
type: RaVpn
name: RaVpnName
configureSSL: true
configureIpsec: true
description: RaVpn-Description
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUUID/policy/ravpns
ikev2Policies:
- name: IKEv2PolicyName
id: IKEv2PolicyUUID
type: Ikev2Policy
accessInterfaceSettings:
interfaceSettings:
- accessInterface:
id: outsideInterfaceZoneUUID
type: SecurityZone
name: outsideInterfaceZone
enableIPSecIkev2: true
enableSSL: true
enableDTLS: true
configureInterfaceIDCertificate: false
allowConnectionProfileSelection: true
webPort: 1094
dtlsPort: 1095
sslIdCertificate:
id: sslCert1UUID
type: CertEnrollment
name: sslCert1
ipsecIdCertificate:
id: ipsecCert1UUID
type: CertEnrollment
name: ipsecCert1
bypassACPolicyForDecryptTraffic: true
groupPolicies:
- id: grouppolicy1UUID
type: GroupPolicy
name: grouppolicy1
anyconnectClientImages:
- anyconnectImage:
id: windowsImage47UUID
type: AnyconnectPackage
name: windowsImage47
operatingSystem: WINDOWS
externalBrowserPackage:
name: externalBrowserPackage1
id: externalBrowserPackageUUID
type: AnyconnectExternalBrowserPackage
connectionProfiles:
- refType: list
type: RaVpnConnectionProfile
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/ravpnUUID/connectionProfiles
addressAssignmentSettings:
id: 005056A9-9F80-0ed3-0000-008589935160
type: RaVpnAddressAssignmentSetting
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/ravpnUUID/addressassignmentsettings/addressassignmentsettingUUID
certificateMapSettings:
id: 005056A9-7483-0ed3-0000-012884902862
type: RaVpnCertificateMapSetting
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/ravpnUUID/certificatemapsettings/certificatemapsettingUUID
dapPolicy:
id: dapPolicyUUID
name: name
type: DynamicAccessPolicy
localRealmServer:
id: localRealmUUID
name: name
type: IdentityRealm
metadata: {}
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the Firewall Threat Defense RA VPN topology associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnModel
parameters:
- name: objectId
in: path
description: Identifier for Firewall Threat Defense RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
examples:
'Example 1 : PUT /api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{objectId} ( PUT Request )':
value:
id: UUID
name: Name
type: RAVpn
description: SAMPLE PUT
configureSSL: true
configureIpsec: true
accessInterfaceSettings:
bypassACPolicyForDecryptTraffic: false
interfaceSettings:
- accessInterface:
name: Name
id: UUID
type: SecurityZone
configureInterfaceIDCertificate: false
enableSSL: true
enableIPSecIkev2: true
enableDTLS: true
webPort: 443
sslIdCertificate:
type: CertEnrollment
name: Name
id: UUID
ipsecIdCertificate:
type: CertEnrollment
name: Name
id: UUID
allowConnectionProfileSelection: true
dtlsPort: 443
groupPolicies:
- type: GroupPolicy
name: Name
id: UUID
anyConnectClientImages:
- operatingSystem: Windows
anyconnectImage:
name: Name
type: AnyConnectPackage
id: UUID
externalBrowserPackage:
name: Name
type: AnyConnectExternalBrowserPackage
id: UUID
dapPolicy:
name: Name
id: UUID
type: DynamicAccessPolicy
localRealmServer:
name: Name
id: UUID
type: IdentityRealm
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
examples:
'Example 1 : PUT /api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{objectId} ( PUT Request )':
value:
id: UUID
name: Name
type: RAVpn
description: SAMPLE PUT
configureSSL: true
configureIpsec: true
ikev2Policies:
- name: IKEv2PolicyName
id: IKEv2PolicyUUID
type: Ikev2Policy
accessInterfaceSettings:
bypassACPolicyForDecryptTraffic: false
interfaceSettings:
- accessInterface:
name: Name
id: UUID
type: SecurityZone
configureInterfaceIDCertificate: false
enableSSL: true
enableIPSecIkev2: true
enableDTLS: true
webPort: 443
sslIdCertificate:
type: CertEnrollment
name: Name
id: UUID
ipsecIdCertificate:
type: CertEnrollment
name: Name
id: UUID
allowConnectionProfileSelection: true
dtlsPort: 443
groupPolicies:
- type: GroupPolicy
name: Name
id: UUID
anyConnectClientImages:
- operatingSystem: Windows
anyconnectImage:
name: Name
type: AnyConnectPackage
id: UUID
externalBrowserPackage:
name: Name
type: AnyConnectExternalBrowserPackage
id: UUID
dapPolicy:
name: Name
id: UUID
type: DynamicAccessPolicy
localRealmServer:
id: localRealmUUID
name: name
type: IdentityRealm
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the Firewall Threat Defense RA VPN topology associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFTDRAVpnModel
parameters:
- name: objectId
in: path
description: Identifier for Firewall Threat Defense RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns:
get:
tags:
- Policy
description: '**Retrieves the list of all Firewall Threat Defense RA VPN topologies.**'
operationId: getAllFTDRAVpnModel
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModelListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ravpnaddressassignments ( Success: Test GET ALL success )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/advancedsettings?offset=0&limit=1&expanded=false
items:
- ikev2Policies:
- name: IKEv2PolicyName
id: IKEv2PolicyUUID
type: Ikev2Policy
id: RA-VPNUUID
name: RA-VPN
type: RaVpn
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUUID/policy/ravpns
paging:
offset: 0
limit: 1
count: 1
pages: 1
? 'Example 2 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ravpnaddressassignments?expanded=true ( Success: Test GET ALL success with expanded=true )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/ravpnaddressassignments?offset=0&limit=1&expanded=true
items:
- id: RaVpnNameUUID
type: RaVpn
name: RaVpnName
configureSSL: true
configureIpsec: true
description: RaVpn-Description
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUUID/policy/ravpns
accessInterfaceSettings:
interfaceSettings:
- accessInterface:
id: outsideInterfaceZoneUUID
type: SecurityZone
name: outsideInterfaceZone
enableIPSecIkev2: true
enableSSL: true
enableDTLS: true
configureInterfaceIDCertificate: false
allowConnectionProfileSelection: true
webPort: 1094
dtlsPort: 1095
sslIdCertificate:
id: sslCert1UUID
type: CertEnrollment
name: sslCert1
ipsecIdCertificate:
id: ipsecCert1UUID
type: CertEnrollment
name: ipsecCert1
bypassACPolicyForDecryptTraffic: true
groupPolicies:
- id: grouppolicy1UUID
type: GroupPolicy
name: grouppolicy1
anyconnectClientImages:
- anyconnectImage:
id: windowsImage47UUID
type: AnyconnectPackage
name: windowsImage47
operatingSystem: WINDOWS
connectionProfiles:
- refType: list
type: RaVpnConnectionProfile
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/ravpnUUID/ravpnconnectionprofiles
addressAssignmentSettings:
id: 005056A9-9F80-0ed3-0000-008589935160
type: RaVpnAddressAssignmentSetting
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/ravpnUUID/addressassignmentsettings/addressassignmentsettingUUID
certificateMapSettings:
id: 005056A9-7483-0ed3-0000-012884902862
type: RaVpnCertificateMapSetting
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/ravpnUUID/certificatemapsettings/certificatemapsettingUUID
dapPolicy:
id: dapPolicyUUID
name: name
type: DynamicAccessPolicy
localRealmServer:
id: localRealmUUID
name: name
type: IdentityRealm
metadata: {}
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Modifies all the Firewall Threat Defense RA VPN topologies. _Check the response section for applicable examples (if any)._**'
operationId: createFTDRAVpnModel
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Firewall Threat Defense RA VPN topology.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/addressassignmentsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves Address Assignment Setting inside a VPN RA Topology.**'
operationId: getFTDRAVpnAddressAssignmentSetting
parameters:
- name: objectId
in: path
description: Identifier for Address Assignment Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnAddressAssignmentSetting'
examples:
? 'Example 2 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ravpnaddressassignments ( Get AddressAssignmentSetting object by object id )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/addressassignmentsettings?offset=0&limit=1&expanded=false
items:
- id: 005056A9-097E-0ed3-0000-021474836554
type: RaVpnAddressAssignmentSetting
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/addressassignmentsettings/ravpnaddressassignmentUUID
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies Address Assignment Setting inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnAddressAssignmentSetting
parameters:
- name: objectId
in: path
description: Identifier for Address Assignment Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnAddressAssignmentSetting'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/addressassignmentsettings/ravpnaddressassignmentUUID ( Put operation for AddressAssignmentSetting object )'
: value:
type: RaVpnAddressAssignmentSetting
useAuthorizationServerForIPv4: true
useDHCP: true
useInternalAddressPoolForIPv4: true
ipAddressReuseInterval: 10
useAuthorizationServerForIPv6: true
useInternalAddressPoolForIPv6: true
id: 00505681-968B-0ed3-0000-150323855419
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnAddressAssignmentSetting'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/addressassignmentsettings/ravpnaddressassignmentUUID ( Put operation for AddressAssignmentSetting object )'
: value:
id: 005056A9-097E-0ed3-0000-021474836554
type: RaVpnAddressAssignmentSetting
links:
self: <fmc_url>/api/fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/addressassignmentsettings/ravpnaddressassignmentUUID
useAuthorizationServerForIPv4: true
useDHCP: true
useInternalAddressPoolForIPv4: true
ipAddressReuseInterval: 10
useAuthorizationServerForIPv6: true
useInternalAddressPoolForIPv6: true
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnAddressAssignmentSetting'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/connectionprofiles/{objectId}:
get:
tags:
- Policy
description: '**Retrieves Connection Profile data inside a VPN RA Topology.**'
operationId: getFTDRAVpnConnectionProfileModel
parameters:
- name: objectId
in: path
description: Identifier for Connection Profile in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles/ravpnconnectionprofilesUUID ( Success: Test GET method for FTDRAVpnConnectionProfile )'
: value:
name: PolicyA
id: 00505681-B560-0ed3-0000-008589934853
type: RaVpnConnectionProfile
links:
self: <fmc_url>/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles/ravpnconnectionprofilesUUID
metadata:
parentPolicy:
name: PolicyA
id: 00505681-B560-0ed3-0000-008589934728
type: RAVpn
timestamp: 1604495697993
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
ipv4AddressPool:
- type: IPv4AddressPool
overridable: false
name: 1.1.1.1
id: 00505681-B560-0ed3-0000-012884901896
ipv6AddressPool:
- type: IPv6AddressPool
numberOfAddresses: 0
overridable: false
name: ipv6Test
id: 00505681-B560-0ed3-0000-042949672967
groupAlias:
- aliasName: PolicyA
enabled: true
- aliasName: PolicyB
enabled: false
groupUrl:
- aliasUrl:
name: UrlObject
id: 00505681-B560-0ed3-0000-064424509447
type: URLObject
enabled: false
- aliasUrl:
name: UrlObject
id: 00505681-B560-0ed3-0000-064424509447
type: URLObject
enabled: true
certificateUsernameSettings:
mapPrimaryField: COMMON_NAME
mapSecondaryField: ORGANIZATION_UNIT
mapEntireDNAsUsername: false
prefillUsernameFromCertificate: false
hideUsername: false
secondaryAuthenticationSettings:
promptUsername: true
usePrimaryUsername: false
mapUsernameFromCertificate: false
useSecondaryUsernameforSession: true
accountingServer:
name: RadServer
id: 00505681-B560-0ed3-0000-008589934616
type: AAAGroupServer
authorizationServer:
name: RadServer
id: 00505681-B560-0ed3-0000-008589934616
type: AAAGroupServer
primaryAuthenticationServer:
name: Realm
id: bb0d11ca-1d1f-11eb-ae41-95cfd3b68e35
type: IdentityRealm
authenticationMethod: AAA_ONLY
groupPolicy:
name: DfltGrpPolicy
id: 00505681-B560-0ed3-0000-000000010001
type: ASA_Group_Policy
idpCertOverrideForConnProfile:
name: PKCS-1
id: idpCertOverrideForConnProfileUUID
type: CertEnrollment
allowConnectionOnlyIfAuthorized: true
enableExternalBrowserForSAML: false
stripRealmFromUsername: true
stripGroupFromUsername: true
enablePasswordManagement: true
passwordExpirationNotificationPeriod: 14
notifyUserOnPasswordExpiryDay: false
dhcpServersForAddressAssignment:
- name: dhcp1Test
id: 00505681-B560-0ed3-0000-021474836489
type: NetworkObject
- name: dhcpTest
id: 00505681-B560-0ed3-0000-012884901932
type: NetworkObject
enableMultipleCertificateAuthentication: false
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies Connection Profile data inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnConnectionProfileModel
parameters:
- name: objectId
in: path
description: Identifier for Connection Profile in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles ( PUT Request with <UUID> )':
value:
id: <UUID>
name: <Name>
type: RaVpnConnectionProfile
groupAlias:
- aliasName: <Name>
enabled: true
groupPolicy:
name: <Name>
id: <UUID>
type: GroupPolicy
ipv4AddressPool:
- name: <Name>
id: <UUID>
type: IPv4AddressPool
primaryAuthenticationServer:
name: <Name>
id: <UUID>
type: Realm
dhcpServersForAddressAssignment:
- name: <Name>
id: <UUID>
type: NetworkObject
allowConnectionOnlyIfAuthorized: false
stripRealmFromUsername: false
stripGroupFromUsername: false
enablePasswordManagement: false
useLocalAsPrimaryAuthServer: false
enablePrimaryAuthFallbackToLocal: false
useLocalAsSecondaryAuthServer: false
enableSecondaryAuthFallbackToLocal: false
enableSecondaryAuthentication: false
authenticationMethod: AAA_ONLY
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles ( PUT Request with <UUID> )':
value:
name: <Name>
id: <UUID>
type: RaVpnConnectionProfile
links:
self: <fmc_url>/api/fmc_config/v1/domain/<DomainUUID>/policy/ravpns/<ContainerUUID>/connectionprofiles/<UUID>
metadata:
parentPolicy:
name: <Name>
id: <UUID>
type: RAVpn
timestamp: <timestamp>
lastUser:
name: rest
domain:
name: Global
id: <UUID>
type: Domain
authenticationMethod: AAA_ONLY
useLocalAsPrimaryAuthServer: false
enablePrimaryAuthFallbackToLocal: false
useLocalAsSecondaryAuthServer: false
enableSecondaryAuthFallbackToLocal: false
enableSecondaryAuthentication: false
allowConnectionOnlyIfAuthorized: false
stripRealmFromUsername: false
stripGroupFromUsername: false
enablePasswordManagement: false
dhcpServersForAddressAssignment:
- name: <Name>
id: <UUID>
type: NetworkObject
groupAlias:
- aliasName: <Name>
enabled: true
ipv4AddressPool:
- name: <Name>
id: <UUID>
type: IPv4AddressPool
groupPolicy:
name: <Name>
id: <UUID>
type: GroupPolicy
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes Connection Profile data inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: deleteFTDRAVpnConnectionProfileModel
parameters:
- name: objectId
in: path
description: Identifier for Connection Profile in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles ( DELETE Request with <UUID> )'
: value:
name: <Name>
id: <UUID>
type: RaVpnConnectionProfile
links:
self: <fmc_url>/api/fmc_config/v1/domain/<DomainUUID>/policy/ravpns/<ContainerUUID>/connectionprofiles/<UUID>
metadata:
parentPolicy:
name: <Name>
id: <UUID>
type: RAVpn
timestamp: <timestamp>
lastUser:
name: rest
domain:
name: Global
id: <UUID>
type: Domain
authenticationMethod: AAA_ONLY
useLocalAsPrimaryAuthServer: false
enablePrimaryAuthFallbackToLocal: false
useLocalAsSecondaryAuthServer: false
enableSecondaryAuthFallbackToLocal: false
enableSecondaryAuthentication: false
allowConnectionOnlyIfAuthorized: false
stripRealmFromUsername: false
stripGroupFromUsername: false
enablePasswordManagement: false
dhcpServersForAddressAssignment:
- name: <Name>
id: <UUID>
type: NetworkObject
groupAlias:
- aliasName: <Name>
enabled: true
ipv4AddressPool:
- name: <Name>
id: <UUID>
type: IPv4AddressPool
groupPolicy:
name: <Name>
id: <UUID>
type: GroupPolicy
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/connectionprofiles:
get:
tags:
- Policy
description: '**Retrieves list containing a single Connection Profile entry of the topology.**'
operationId: getAllFTDRAVpnConnectionProfileModel
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModelListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles ( Success: Test GET ALL success )'
: value:
links:
self: <fmc_url>/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles?offset=0&limit=1&expanded=false
items:
- name: PolicyA
id: 00505681-B560-0ed3-0000-008589934853
type: RaVpnConnectionProfile
links:
self: <fmc_url>/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/connectionprofiles
metadata:
parentPolicy:
name: PolicyA
id: 00505681-B560-0ed3-0000-008589934728
type: RAVpn
timestamp: 1604495697993
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
ipv4AddressPool:
- type: IPv4AddressPool
overridable: false
name: 1.1.1.1
id: 00505681-B560-0ed3-0000-012884901896
ipv6AddressPool:
- type: IPv6AddressPool
numberOfAddresses: 0
overridable: false
name: ipv6Test
id: 00505681-B560-0ed3-0000-042949672967
groupAlias:
- aliasName: PolicyA
enabled: true
- aliasName: PolicyB
enabled: false
groupUrl:
- aliasUrl:
name: UrlObject
id: 00505681-B560-0ed3-0000-064424509447
type: URLObject
enabled: false
- aliasUrl:
name: UrlObject
id: 00505681-B560-0ed3-0000-064424509447
type: URLObject
enabled: true
certificateUsernameSettings:
mapPrimaryField: COMMON_NAME
mapSecondaryField: ORGANIZATION_UNIT
mapEntireDNAsUsername: false
prefillUsernameFromCertificate: false
hideUsername: false
secondaryAuthenticationSettings:
promptUsername: true
usePrimaryUsername: false
mapUsernameFromCertificate: false
useSecondaryUsernameforSession: true
accountingServer:
name: RadServer
id: 00505681-B560-0ed3-0000-008589934616
type: AAAGroupServer
authorizationServer:
name: RadServer
id: 00505681-B560-0ed3-0000-008589934616
type: AAAGroupServer
primaryAuthenticationServer:
name: Realm
id: bb0d11ca-1d1f-11eb-ae41-95cfd3b68e35
type: IdentityRealm
authenticationMethod: AAA_ONLY
groupPolicy:
name: DfltGrpPolicy
id: 00505681-B560-0ed3-0000-000000010001
type: ASA_Group_Policy
idpCertOverrideForConnProfile:
name: PKCS-1
id: idpCertOverrideForConnProfileUUID
type: CertEnrollment
allowConnectionOnlyIfAuthorized: true
enableExternalBrowserForSAML: false
stripRealmFromUsername: true
stripGroupFromUsername: true
enablePasswordManagement: true
passwordExpirationNotificationPeriod: 14
notifyUserOnPasswordExpiryDay: false
dhcpServersForAddressAssignment:
- name: dhcp1Test
id: 00505681-B560-0ed3-0000-021474836489
type: NetworkObject
- name: dhcpTest
id: 00505681-B560-0ed3-0000-012884901932
type: NetworkObject
enableMultipleCertificateAuthentication: false
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates Connection Profile data inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: createFTDRAVpnConnectionProfileModel
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Connection Profile in a RA VPN topology.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnConnectionProfileModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/certificatemapsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves Certificate Map Setting inside a VPN RA Topology.**'
operationId: getFTDRAVpnCertificateMapSettings
parameters:
- name: objectId
in: path
description: Identifier for Certificate Map Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnCertificateMapSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies Certificate Map Setting inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnCertificateMapSettings
parameters:
- name: objectId
in: path
description: Identifier for Certificate Map Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnCertificateMapSettings'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/certificatemapsettings/{objectId} ( PUT operation for certificate map settings objects for particuler object ID )'
: value:
type: RaVpnCertificateMapSetting
useGroupURL: true
enableCertificateToConnectionProfileMapping: true
certificateToConnectionProfileMap:
- certificateMap:
id: certMapNameUUID
type: CertificateMap
name: certMapName
connectionProfile:
id: connectionProfileUUID
type: RaVpnConnectionProfile
name: connProfileName
id: 00505681-CCB3-0ed3-0000-017179869352
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnCertificateMapSettings'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/certificatemapsettings/{objectId} ( PUT operation for certificate map settings objects for particuler object ID )'
: value:
metadata:
parentPolicy:
name: RAVPN
id: 00505681-CCB3-0ed3-0000-017179869278
type: RAVpn
timestamp: 1639308661086
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
type: RaVpnCertificateMapSetting
useGroupURL: true
enableCertificateToConnectionProfileMapping: true
certificateToConnectionProfileMap:
- certificateMap:
id: certMapNameUUID
type: CertificateMap
name: certMapName
connectionProfile:
id: connectionProfileUUID
type: RaVpnConnectionProfile
name: connProfileName
id: 00505681-CCB3-0ed3-0000-017179869352
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnCertificateMapSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/ipseccryptomaps/{objectId}:
get:
tags:
- Policy
description: '**Retrieves IPSec Crypto Map Setting inside a VPN RA Topology.**'
operationId: getFTDRAVpnIPSecCryptoMapModel
parameters:
- name: objectId
in: path
description: Identifier for IPSec Crypto Map Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecCryptoMapModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ipseccryptomaps/ravpnipseccryptomapsUUID ( Get RAVpnIpSecCryptoMaps by object id )'
: value:
links:
self: /api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ravpns/ravpnipseccryptomapsUUID
items:
- metadata:
parentPolicy:
name: rapvn_1
id: 00505681-968B-0ed3-0000-008589934794
type: RAVpn
timestamp: 1637562863227
lastUser:
name: rest
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
type: RaVpnIPsecCryptoMap
interfaceObject:
name: sz_1
id: 993f929a-483c-11ec-a4bd-abcd19b0b50c
type: SecurityZone
lifeTimeSeconds: 28801
lifeTimeKilobytes: 4608001
clientServicesPort: 443
tfcPackets:
burstBytes: 0
payloadBytes: 0
timeoutSeconds: 0
enabled: false
enableRRI: false
validateIncomingIcmpErrorMessage: false
ikev2IpsecProposals:
- name: DES_SHA-1
id: 00505681-968B-0ed3-0000-000000002012
type: TransformSet2
doNotFragmentPolicy: Set
enableClientServices: true
perfectForwardSecracy:
enabled: true
modulusGroup: 14
id: 00505681-968B-0ed3-0000-008589934945
paging:
offset: 0
limit: 25
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies IPSec Crypto Map Setting inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnIPSecCryptoMapModel
parameters:
- name: objectId
in: path
description: Identifier for IPSec Crypto Map Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecCryptoMapModel'
examples:
? 'Example 1 : PUT fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/ipseccryptomaps/ipseccryptomapUUID ( Put operation for Radius Server Group )'
: value:
type: RaVpnIPsecCryptoMap
interfaceObject:
name: sz_1
id: 993f929a-483c-11ec-a4bd-abcd19b0b50c
type: SecurityZone
lifeTimeSeconds: 28801
lifeTimeKilobytes: 4608001
clientServicesPort: 443
tfcPackets:
burstBytes: 0
payloadBytes: 0
timeoutSeconds: 0
enabled: false
enableRRI: false
validateIncomingIcmpErrorMessage: false
ikev2IpsecProposals:
- name: DES_SHA-1
id: 00505681-968B-0ed3-0000-000000002012
type: TransformSet2
doNotFragmentPolicy: ' '
enableClientServices: true
perfectForwardSecracy:
enabled: true
modulusGroup: 14
id: 00505681-968B-0ed3-0000-150323855419
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecCryptoMapModel'
examples:
? 'Example 1 : PUT fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/ipseccryptomaps/ipseccryptomapUUID ( Put operation for Radius Server Group )'
: value:
metadata:
parentPolicy:
name: rapvn_1
id: 00505681-968B-0ed3-0000-008589934794
type: RAVpn
timestamp: 1637562863227
lastUser:
name: rest
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
type: RaVpnIPsecCryptoMap
interfaceObject:
name: sz_1
id: 993f929a-483c-11ec-a4bd-abcd19b0b50c
type: SecurityZone
lifeTimeSeconds: 28801
lifeTimeKilobytes: 4608001
clientServicesPort: 443
tfcPackets:
burstBytes: 0
payloadBytes: 0
timeoutSeconds: 0
enabled: false
enableRRI: false
validateIncomingIcmpErrorMessage: false
ikev2IpsecProposals:
- name: DES_SHA-1
id: 00505681-968B-0ed3-0000-000000002012
type: TransformSet2
doNotFragmentPolicy: ' '
enableClientServices: true
perfectForwardSecracy:
enabled: true
modulusGroup: 14
id: 00505681-968B-0ed3-0000-150323855419
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecCryptoMapModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/ipsecadvancedsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves IPSec Advance Setting inside a VPN RA Topology.**'
operationId: getFTDRAVpnIPSecIKEv2AdvanceSettingsModel
parameters:
- name: objectId
in: path
description: Identifier for IPSec Advance Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecIKEv2AdvanceSettingsModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ipsecadvancedsettings/ravpnipsecadvancesettingsUUID ( Get RaVpnIPsecAdvanceSettings object by objectid )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-303E-0ed3-0000-004294968276
type: RAVpn
timestamp: 1638884727013
lastUser:
name: rest
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ipsecadvancedsettings/ravpnipsecadvancesettingsUUID
type: RaVpnIPsecAdvancedSetting
ipsecsettings:
enableFragmentationBeforeEncryption: false
maximumTransmissionUnitAging:
enabled: true
resetIntervalMinutes: 10
ikev2settings:
identitySentToPeer: AUTO_OR_DN
enableNotificationOnTunnelDisconnect: false
doNotRebootUntilSessionsTerminated: false
thresholdToChallengeIncomingCookies: 100
cookieChallenge: CUSTOM
percentageOfSAsAllowedInNegotiation: 100
maximumNumberOfSAsAllowed: 1
natKeepaliveMessageTraversal:
enabled: true
intervalSeconds: 30
id: 00505681-303E-0ed3-0000-004294968328
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies IPSec Advance Setting inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnIPSecIKEv2AdvanceSettingsModel
parameters:
- name: objectId
in: path
description: Identifier for IPSec Advance Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecIKEv2AdvanceSettingsModel'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ipsecadvancedsettings/ravpnipsecadvancesettingsUUID ( PUT operation for RaVpnIPsecAdvanceSettings )'
: value:
type: RaVpnIPsecAdvancedSetting
ipsecsettings:
maximumTransmissionUnitAging:
enabled: false
resetIntervalMinutes: 1
enableFragmentationBeforeEncryption: true
natKeepaliveMessageTraversal:
enabled: true
intervalSeconds: 20
ikev2settings:
cookieChallenge: NEVER
identitySentToPeer: AUTO_OR_DN
enableNotificationOnTunnelDisconnect: false
doNotRebootUntilSessionsTerminated: false
thresholdToChallengeIncomingCookies: 50
percentageOfSAsAllowedInNegotiation: 100
maximumNumberOfSAsAllowed: 1
id: 00505681-968B-0ed3-0000-008589934846
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecIKEv2AdvanceSettingsModel'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ipsecadvancedsettings/ravpnipsecadvancesettingsUUID ( PUT operation for RaVpnIPsecAdvanceSettings )'
: value:
metadata:
parentPolicy:
name: rapvn_1
id: 00505681-968B-0ed3-0000-008589934794
type: RAVpn
timestamp: 1637912031544
lastUser:
name: rest
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
type: RaVpnIPsecAdvancedSetting
ipsecsettings:
enableFragmentationBeforeEncryption: true
maximumTransmissionUnitAging:
enabled: false
resetIntervalMinutes: -1
natKeepaliveMessageTraversal:
enabled: true
intervalSeconds: 20
ikev2settings:
cookieChallenge: NEVER
maximumNumberOfSAsAllowed: 1
identitySentToPeer: AUTO_OR_DN
enableNotificationOnTunnelDisconnect: false
doNotRebootUntilSessionsTerminated: false
thresholdToChallengeIncomingCookies: 0
percentageOfSAsAllowedInNegotiation: 100
id: 00505681-968B-0ed3-0000-008589934846
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnIPSecIKEv2AdvanceSettingsModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/ldapattributemaps/{objectId}:
get:
tags:
- Policy
description: '**Retrieves LDAP Attribute Maps inside a VPN RA Topology.**'
operationId: getFTDRAVpnLDAPAttributeModel
parameters:
- name: objectId
in: path
description: Identifier for LDAP Attribute Maps in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLDAPAttributeModel'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ldapattributemaps/ldapattributemapUUID ( Get LDAP Attribute Maps by object id )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-303E-0ed3-0000-004294968276
type: RAVpn
timestamp: 1639738208636
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: https://fmcip/api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ldapattributemaps/ldapattributemapUUID
type: RaVpnLdapAttributeMap
ldapAttributeMapList:
- realm:
name: realm_1
id: 5dac6c26-5421-11ec-97cd-b79efba416a2
type: Realm
ldapAttributeMaps:
- ldapName: department
ciscoName: Group-Policy
valueMappings:
- type: LdapToGroupPolicyMapping
groupPolicy:
name: group_2
id: 00505681-303E-0ed3-0000-549755813894
type: GroupPolicy
ldapValue: rest
- type: LdapToGroupPolicyMapping
groupPolicy:
name: group_policy_1
id: 00505681-303E-0ed3-0000-098784247856
type: GroupPolicy
ldapValue: test
- ldapName: mail
ciscoName: Banner1
valueMappings:
- type: LdapToCiscoValueMapping
ciscoValue: test banner
ldapValue: attr
- ldapName: memberOf
ciscoName: Firewall-ACL-In
valueMappings:
- type: LdapToAclMapping
acl:
name: acl_1
id: 00505681-303E-0ed3-0000-549755813913
type: ExtendedAccessList
ldapValue: acl
id: 00505681-303E-0ed3-0000-004294968318
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies LDAP Attribute Maps inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnLDAPAttributeModel
parameters:
- name: objectId
in: path
description: Identifier for LDAP Attribute Maps in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLDAPAttributeModel'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ldapattributemaps/ldapattributemapUUID ( PUT LDAP Attribute Maps by object id )'
: value:
type: RaVpnLdapAttributeMap
ldapAttributeMapList:
- realm:
name: realm_1
id: 5dac6c26-5421-11ec-97cd-b79efba416a2
type: Realm
ldapAttributeMaps:
- ldapName: department
ciscoName: Group-Policy
valueMappings:
- type: LdapToGroupPolicyMapping
ldapValue: name
groupPolicy:
name: group_2
id: 00505681-303E-0ed3-0000-549755813894
type: GroupPolicy
- type: LdapToGroupPolicyMapping
ldapValue: test
groupPolicy:
name: group_policy_1
id: 00505681-303E-0ed3-0000-098784247856
type: GroupPolicy
- ldapName: mail
ciscoName: Banner_rest
valueMappings:
- type: LdapToCiscoValueMapping
ciscoValue: test banner
ldapValue: attr
id: 00505681-303E-0ed3-0000-004294968318
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLDAPAttributeModel'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/ldapattributemaps/ldapattributemapUUID ( PUT LDAP Attribute Maps by object id )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-303E-0ed3-0000-004294968276
type: RAVpn
timestamp: 1639738208636
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: https://fmcip/api/fmc_config/v1/domain/domainUUID/policy/ravpns/ContainerUUID/ldapattributemap/ldapattributemapUUID
type: RaVpnLdapAttributeMap
ldapAttributeMapList:
- realm:
name: realm_1
id: 5dac6c26-5421-11ec-97cd-b79efba416a2
type: Realm
ldapAttributeMaps:
- ldapName: department
ciscoName: Group-Policy
valueMappings:
- type: LdapToGroupPolicyMapping
groupPolicy:
name: group_2
id: 00505681-303E-0ed3-0000-549755813894
type: GroupPolicy
ldapValue: name
- type: LdapToGroupPolicyMapping
groupPolicy:
name: group_policy_1
id: 00505681-303E-0ed3-0000-098784247856
type: GroupPolicy
ldapValue: test
- ldapName: mail
ciscoName: Banner_rest
valueMappings:
- type: LdapToCiscoValueMapping
ciscoValue: test banner
ldapValue: attr
id: 00505681-303E-0ed3-0000-004294968318
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLDAPAttributeModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/loadbalancesettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves Load Balance Setting inside a VPN RA Topology.**'
operationId: getFTDRAVpnLoadBalanceSetting
parameters:
- name: objectId
in: path
description: Identifier for Load Balance Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLoadBalanceSetting'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/loadbalancesettings/loadbalancesettingsUUID ( Get RAVpnLoadBalancing by object id )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-66E4-0ed3-0000-012884902000
type: RAVpn
timestamp: 1649850103000
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/loadbalancesettings/ravpnloadbalancesettingsUUID
type: LoadBalanacing
redirectSettings:
redirectUsingFqdn: false
ikev2RedirectPhase: DURING_SA_AUTHENTICATION
groupSettings:
ipsecEncryption:
encryptionKey: test
enable: true
groupIPv4Address: 3.3.3.7
communicationInterface:
name: sz_2
id: e121527c-ba53-11ec-a727-947db73fdfc8
type: SecurityZone
communicationUdpPort: 9024
enableVpnLoadBalancing: true
participatingDevices:
- priority: 5
device:
name: 10.10.0.61
id: 5158c54a-b93a-11ec-9975-c81e12af82f6
name: F1RALoadBalancePolicy
id: 00505681-66E4-0ed3-0000-012884902090
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies Load Balance Setting inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnLoadBalanceSetting
parameters:
- name: objectId
in: path
description: Identifier for Load Balance Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLoadBalanceSetting'
examples:
? 'Example 1 : PUT fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/loadbalancesettings/loadbalancesettingsUUID ( Put operation for Load Balancing )'
: value:
type: LoadBalanacing
redirectSettings:
redirectUsingFqdn: false
ikev2RedirectPhase: DURING_SA_AUTHENTICATION
groupSettings:
ipsecEncryption:
encryptionKey: test
enable: true
groupIPv4Address: 3.3.3.7
communicationInterface:
name: sz_2
id: e121527c-ba53-11ec-a727-947db73fdfc8
type: SecurityZone
communicationUdpPort: 9023
enableVpnLoadBalancing: true
participatingDevices:
- priority: 6
device:
name: 10.10.0.61
id: 5158c54a-b93a-11ec-9975-c81e12af82f6
name: F1RALoadBalancePolicy
id: 00505681-66E4-0ed3-0000-012884902090
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLoadBalanceSetting'
examples:
? 'Example 1 : PUT fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/loadbalancesettings/loadbalancesettingsUUID ( Put operation for Load Balancing )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-66E4-0ed3-0000-012884902000
type: RAVpn
timestamp: 1649854699000
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /api/fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/loadbalancesettings/loadbalancesettingsUUID
type: LoadBalanacing
groupSettings:
ipsecEncryption:
encryptionKey: '****'
enable: true
groupIPv4Address: 3.3.3.7
communicationInterface:
name: sz_2
id: e121527c-ba53-11ec-a727-947db73fdfc8
type: SecurityZone
communicationUdpPort: 9023
enableVpnLoadBalancing: true
participatingDevices:
- priority: 6
device:
name: 10.10.0.61
id: 5158c54a-b93a-11ec-9975-c81e12af82f6
redirectSettings:
ikev2RedirectPhase: DURING_SA_AUTHENTICATION
redirectUsingFqdn: false
name: F1RALoadBalancePolicy
id: 00505681-66E4-0ed3-0000-012884902090
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnLoadBalanceSetting'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ravpns/{containerUUID}/secureclientcustomizationsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves Secure Client Customization Setting inside a VPN RA Topology.**'
operationId: getFTDRAVpnSecureClientCustomizationSetting
parameters:
- name: objectId
in: path
description: Identifier for Secure Client Customization Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnSecureClientCustomizationSetting'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/secureclientcustomizationsettings/secureclientcustomizationsettingsUUID ( Get RaVpnSecureClientCustomization by object id )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-66E4-0ed3-0000-012884902000
type: RAVpn
timestamp: 1649850103000
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /api/fmc_config/v1/domain/DomainUUID/policy/ravpns/containerUUID/secureclientcustomizationsettings/ravpnsecureclientcustomizationsettingsUUID
type: RaVpnSecureClientCustomization
languageTranslations:
- id: 00505681-1EBF-0ed3-0000-523986010132
type: SecureClientCustomization
name: Test-Language-JP
imagesAndIcons:
- name: Test-Icon-About
type: SecureClientCustomization
id: 00505681-1EBF-0ed3-0000-554050781239
scripts:
- name: Test-scipt-mount-drive
type: SecureClientCustomization
id: 00505681-1EBF-0ed3-0000-474050781256
name: AnyConnectCustomizationPolicy
id: 00505681-66E4-0ed3-0000-012884902090
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies Secure Client Customization Setting inside a VPN RA Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDRAVpnSecureClientCustomizationSetting
parameters:
- name: objectId
in: path
description: Identifier for Secure Client Customization Setting in a RA VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnSecureClientCustomizationSetting'
examples:
? 'Example 1 : PUT fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/secureclientcustomizationsettings/secureclientcustomizationsettingsUUID ( Put operation for Secure Client Customization )'
: value:
type: RaVpnSecureClientCustomization
languageTranslations:
- id: 00505681-1EBF-0ed3-0000-523986010132
type: SecureClientCustomization
name: Test-Language-JP
imagesAndIcons:
- name: Test-Icon-About
type: SecureClientCustomization
id: 00505681-1EBF-0ed3-0000-554050781239
scripts:
- name: Test-scipt-mount-drive
type: SecureClientCustomization
id: 00505681-1EBF-0ed3-0000-474050781256
name: AnyConnectCustomizationPolicy
id: 00505681-66E4-0ed3-0000-012884902090
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnSecureClientCustomizationSetting'
examples:
? 'Example 1 : PUT fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/secureclientcustomizationsettings/secureclientcustomizationsettingsUUID ( Put operation for Secure Client Customization )'
: value:
metadata:
parentPolicy:
name: ravpn_1
id: 00505681-66E4-0ed3-0000-012884902000
type: RAVpn
timestamp: 1649854699000
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
type: Domain
links:
self: /api/fmc_config/v1/domain/domainUUID/policy/ravpns/containerUUID/secureclientcustomizationsettings/secureclientcustomizationsettingsUUID
type: RaVpnSecureClientCustomization
languageTranslations:
- id: 00505681-1EBF-0ed3-0000-523986010132
type: SecureClientCustomization
name: Test-Language-JP
imagesAndIcons:
- name: Test-Icon-About
type: SecureClientCustomization
id: 00505681-1EBF-0ed3-0000-554050781239
scripts:
- name: Test-scipt-mount-drive
type: SecureClientCustomization
id: 00505681-1EBF-0ed3-0000-474050781256
name: AnyConnectCustomizationPolicy
id: 00505681-66E4-0ed3-0000-012884902090
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDRAVpnSecureClientCustomizationSetting'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/vpntunnelstatuses:
get:
tags:
- Policy
description: '**Retrieves list of all VPN Tunnel Status.**'
operationId: getAllVpnTunnelStatusModel
parameters:
- name: filter
in: query
description: The filter criteria for which the details have to be fetched. The following filters are supported - deviceId:{deviceId};vpnTopologyId:{topologyId};deployedStatus:{deployedStatus};status:{status}. User can enter one or many filters.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnTunnelStatusModelListContainer'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the Firewall Threat Defense Site to Site VPN topology associated with the specified ID.**'
operationId: getFTDS2SVpnModel
parameters:
- name: objectId
in: path
description: Identifier for Firewall Threat Defense Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the Firewall Threat Defense Site to Site VPN topology associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updateFTDS2SVpnModel
parameters:
- name: objectId
in: path
description: Identifier for Firewall Threat Defense Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/FTDS2SUUID ( Test PUT of FTDS2S )':
value:
name: Cicso_S2S_Vpn
type: FTDS2SVpn
topologyType: POINT_TO_POINT
ikeV1Enabled: true
ikeV2Enabled: false
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/FTDS2SUUID ( Test PUT of FTDS2S )':
value:
name: Cicso_S2S_Vpn
id: 005056A9-9F80-0ed3-0000-008589935332
type: FTDS2SVpn
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935332
endpoints:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935332/endpoints
type: EndPoint
ikeSettings:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935332/ikesettings/005056A9-7483-0ed3-0000-012884902862
id: 005056A9-7483-0ed3-0000-012884902862
type: IkeSettings
ipsecSettings:
id: 005056A9-9F80-0ed3-0000-008589935354
type: IPSecSettings
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935332/ipsecsettings/005056A9-9F80-0ed3-0000-008589935354
advancedSettings:
id: 005056A9-9F80-0ed3-0000-008589935373
type: AdvancedSettings
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935332/advancedSettings/005056A9-9F80-0ed3-0000-008589935373
topologyType: POINT_TO_POINT
ikeV1Enabled: true
ikeV2Enabled: false
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes the Firewall Threat Defense Site to Site VPN topology associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deleteFTDS2SVpnModel
parameters:
- name: objectId
in: path
description: Identifier for Firewall Threat Defense Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
examples:
'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/FTDS2SUUID ( Test Delete of FTDS2SVpn )':
value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-7483-0ed3-0000-012884902862
ipsecSettings:
id: 005056A9-5800-0ed3-0000-008589935770
type: ipsecsettings
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-5800-0ed3-0000-008589935597/ipsecsettings/005056A9-5800-0ed3-0000-008589935770
endpoints:
refType: list
type: EndPoint
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-5800-0ed3-0000-008589935597/endpoints
ikeSettings:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-5800-0ed3-0000-008589935597/ikesettings
id: 005056A9-7483-0ed3-0000-012884902862
type: IkeSettings
topologyType: POINT_TO_POINT
ikeV1Enabled: false
ikeV2Enabled: true
name: tests2s
id: 005056A9-5800-0ed3-0000-008589935597
type: FTDS2SVpn
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns:
get:
tags:
- Policy
description: '**Retrieves list of all Firewall Threat Defense Site to Site VPN topologies.**'
operationId: getAllFTDS2SVpnModel
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModelListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns ( Success: Test GET ALL success )':
value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns?offset=0&limit=2
items:
- links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-7483-0ed3-0000-012884902862
name: tests2s
id: 005056A9-5800-0ed3-0000-008589935597
type: FTDS2SVpn
paging:
offset: 0
limit: 2
count: 1
pages: 1
? 'Example 2 : GET /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns?expanded=true ( Success: Test GET ALL success with expanded=true )'
: value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns?offset=0&limit=1&expanded=true
items:
- name: cisco_s2s_vpn
id: 005056A9-9F80-0ed3-0000-008589935105
type: FTDS2SVpn
topologyType: POINT_TO_POINT
ikeV1Enabled: false
ikeV2Enabled: true
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935105
endpoints:
refType: list
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935105/endpoints
type: EndPoint
ikeSettings:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935105/ikesettings/005056A9-7483-0ed3-0000-012884902862
id: 005056A9-7483-0ed3-0000-012884902862
type: IkeSettings
ipsecSettings:
id: 005056A9-9F80-0ed3-0000-008589935150
type: IPSecSettings
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935105/ipsecsettings/005056A9-9F80-0ed3-0000-008589935150
advancedSettings:
id: 005056A9-9F80-0ed3-0000-008589935160
type: AdvancedSettings
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-9F80-0ed3-0000-008589935105/advancedSettings/005056A9-9F80-0ed3-0000-008589935160
metadata:
timestamp: 1527842213894
lastUser:
name: admin
domain:
name: Global
id: e276abec-e0f2-11e3-8169-6d9ed49b625f
paging:
offset: 0
limit: 1
count: 1
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates the Firewall Threat Defense Site to Site VPN topology. _Check the response section for applicable examples (if any)._**'
operationId: createFTDS2SVpnModel
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Firewall Threat Defense Site to Site VPN topology.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/FTDS2SVpnModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns/{containerUUID}/endpoints/{objectId}:
get:
tags:
- Policy
description: '**Retrieves a specific Endpoint associated with the specified ID inside a VPN Site To Site Topology.**'
operationId: getVpnEndpoint
parameters:
- name: objectId
in: path
description: Identifier for an Endpoint in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies a specific Endpoint associated with the specified ID inside a VPN Site To Site Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateVpnEndpoint
parameters:
- name: objectId
in: path
description: Identifier for an Endpoint in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
examples:
'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/endpoints/endpointUUID ( Test PUT of Endpoint )':
value:
id: 005056A9-6FFE-0ed3-0000-120259084433
type: EndPoint
extranet: false
device:
name: 192.168.0.22
id: 463b5424-2812-11e8-9a5f-89adee70d40d
type: Device
interface:
name: s1
id: 005056A9-6FFE-0ed3-0000-042949673272
connectionType: BIDIRECTIONAL
isLocalTunnelIdEnabled: true
localIdentityType: EMAIL
localIdentityString: bgl-asa-umb-sg@1234-5204-umbrella.com
protectedNetworks:
networks:
- name: IPv4-Private-172.16.0.0-12
id: b7a78a7d-20c5-47b2-b02f-86b4360112ac
peerType: PEER
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
overrideRemoteVpnFilter: false
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes a specific Endpoint associated with the specified ID inside a VPN Site To Site Topology. _Check the response section for applicable examples (if any)._**'
operationId: deleteVpnEndpoint
parameters:
- name: objectId
in: path
description: Identifier for an Endpoint in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns/{containerUUID}/endpoints:
get:
tags:
- Policy
description: '**Retrieves list of all Endpoints of a topology.**'
operationId: getAllVpnEndpoint
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpointListContainer'
examples:
'Example 1 : GET fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUuid/endpoints ( Success: Test GET ALL success )':
value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUuid/endpoints?offset=0&limit=2
items:
- name: 192.168.0.22
id: 005056A9-6FFE-0ed3-0000-120259084433
type: EndPoint
- name: 192.168.0.22
id: endpointId
type: EndPoint
paging:
offset: 0
limit: 2
count: 2
pages: 1
? 'Example 2 : GET fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUuid/endpoints?expanded=true ( Success: Test GET ALL success with expanded=true )'
: value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUuid/endpoints?offset=0&limit=2&expanded=true
items:
- links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUuid/endpoints/005056A9-6FFE-0ed3-0000-120259084433
name: 192.168.0.22
id: 005056A9-6FFE-0ed3-0000-120259084433
type: EndPoint
extranet: false
device:
name: 192.168.0.22
id: 463b5424-2812-11e8-9a5f-89adee70d40d
type: Device
interface:
name: s1
id: 005056A9-6FFE-0ed3-0000-042949673272
protectedNetworks:
networks:
- name: IPv4-Private-172.16.0.0-12
id: b7a78a7d-20c5-47b2-b02f-86b4360112ac
connectionType: BIDIRECTIONAL
dynamicRRIEnabled: false
isLocalTunnelIdEnabled: true
localIdentityType: HOSTNAME
peerType: PEER
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
- links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUuid/endpoints/endpointId
interface:
name: inside
id: 005056A9-6FFE-0ed3-0000-004294967551
name: 192.168.0.22
id: endpointId
type: EndPoint
extranet: false
device:
name: 192.168.0.22
id: 463b5424-2812-11e8-9a5f-89adee70d40d
type: Device
connectionType: ORIGINATE_ONLY
dynamicRRIEnabled: false
isLocalTunnelIdEnabled: true
localIdentityType: EMAIL
localIdentityString: bgl-asa-umb-sg@1234-5204-umbrella.com
protectedNetworks:
networks:
- name: IPv4-Private-172.16.0.0-12
id: b7a78a7d-20c5-47b2-b02f-86b4360112ac
peerType: PEER
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
overrideRemoteVpnFilter: false
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates Endpoints of a topology. _Check the response section for applicable examples (if any)._**'
operationId: createVpnEndpoint
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of Endpoint.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/endpoints ( POST of Endpoint with FMC managed FTD device )'
: value:
peerType: PEER
device:
name: 192.168.0.32
id: 933e077a-64cc-11e8-9be7-da0d15a02570
type: Device
interface:
name: inside
id: 005056A9-9F80-0ed3-0000-008589934781
type: PhysicalInterface
protectedNetworks:
networks:
- name: IPv4-Private-10.0.0.0-8
id: 95916354-5aa1-4057-8eea-b42a5a207abc
type: Network
connectionType: BIDIRECTIONAL
isLocalTunnelIdEnabled: true
localIdentityType: EMAIL
localIdentityString: bgl-asa-umb-sg@1234-5204-umbrella.com
type: EndPoint
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
overrideRemoteVpnFilter: false
'Example 2 : POST /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/endpoints ( POST of Endpoint with extranet )':
value:
peerType: PEER
extranet: true
extranetType: GENERIC
extranetInfo:
name: 10.0.0.1
ipAddress: 10.0.0.1
protectedNetworks:
networks:
- name: IPv4-Private-10.0.0.0-8
id: 95916354-5aa1-4057-8eea-b42a5a207abc
type: Network
type: EndPoint
? 'Example 3 : POST /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/endpoints ( POST of dVTI Endpoint with FMC managed FTD device )'
: value:
peerType: HUB
device:
name: 192.168.0.32
id: 933e077a-64cc-11e8-9be7-da0d15a02570
type: Device
interface:
name: dVTI
id: 0050568C-AE52-0ed3-0000-038654705851
type: VTI
tunnelSourceInterface:
name: outside
id: 0050568C-AE52-0ed3-0000-004294968311
type: PhysicalInterface
tunnelSourceIpv6Address: IPv6Address
sendTunnelInterfaceIpToPeer: true
allowIncomingIKEv2Routes: true
protectedNetworks: {}
connectionType: BIDIRECTIONAL
isLocalTunnelIdEnabled: true
localIdentityType: EMAIL
localIdentityString: bgl-asa-umb-sg@1234-5204-umbrella.com
type: EndPoint
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
overrideRemoteVpnFilter: false
? 'Example 4 : POST /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/endpoints?bulk=true ( bulk POST example for Endpoints in VPN topology )'
: value:
- peerType: PEER
device:
name: 192.168.0.32
id: 933e077a-64cc-11e8-9be7-da0d15a02570
type: Device
interface:
name: inside
id: 005056A9-9F80-0ed3-0000-008589934781
type: PhysicalInterface
protectedNetworks:
networks:
- name: IPv4-Private-10.0.0.0-8
id: 95916354-5aa1-4057-8eea-b42a5a207abc
type: Network
connectionType: BIDIRECTIONAL
isLocalTunnelIdEnabled: false
type: EndPoint
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
overrideRemoteVpnFilter: false
- peerType: PEER
extranet: true
extranetType: GENERIC
extranetInfo:
name: 10.0.0.1
ipAddress: 10.0.0.1
protectedNetworks:
networks:
- name: IPv4-Private-10.0.0.0-8
id: 95916354-5aa1-4057-8eea-b42a5a207abc
type: Network
type: EndPoint
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnEndpoint'
examples:
? 'Example 4 : POST /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/endpoints?bulk=true ( bulk POST example for Endpoints in VPN topology )'
: value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-6FFE-0ed3-0000-004294967298/endpoints?bulk=true
items:
- links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-6FFE-0ed3-0000-004294967298/endpoints/005056A9-6FFE-0ed3-0000-141733920770
id: 005056A9-6FFE-0ed3-0000-141733920770
name: 192.168.0.23
peerType: PEER
device:
name: 192.168.0.32
id: 933e077a-64cc-11e8-9be7-da0d15a02570
type: Device
interface:
name: inside
id: 005056A9-9F80-0ed3-0000-008589934781
type: PhysicalInterface
protectedNetworks:
networks:
- name: IPv4-Private-10.0.0.0-8
id: 95916354-5aa1-4057-8eea-b42a5a207abc
type: Network
connectionType: BIDIRECTIONAL
isLocalTunnelIdEnabled: false
type: EndPoint
vpnFilterAcl:
name: ACL-Ext-1
id: 00505681-0FCA-0ed3-0000-008589934599
type: ExtendedAccessList
- links:
self: <fmc_ip>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-6FFE-0ed3-0000-004294967298/endpoints/005056A9-6FFE-0ed3-0000-141733920771
id: 005056A9-6FFE-0ed3-0000-141733920771
peerType: PEER
extranet: true
extranetType: GENERIC
extranetInfo:
name: 10.0.0.1
ipAddress: 10.0.0.1
protectedNetworks:
networks:
- name: IPv4-Private-10.0.0.0-8
id: 95916354-5aa1-4057-8eea-b42a5a207abc
type: Network
type: EndPoint
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns/{containerUUID}/ipsecsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves IPSec Proposal settings inside a VPN Site To Site Topology.**'
operationId: getVpnIPSecSettings
parameters:
- name: objectId
in: path
description: Identifier for IPSec Proposal settings in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIPSecSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies IPSec Proposal settings inside a VPN Site To Site Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateVpnIPSecSettings
parameters:
- name: objectId
in: path
description: Identifier for IPSec Proposal settings in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIPSecSettings'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/ipsecsettings/ipsecsettingsUUID ( Example PUT of VPN IPSec Settings )'
: value:
tfcPackets:
enabled: false
burstBytes: 0
payloadBytes: 0
timeoutSeconds: 0
cryptoMapType: STATIC
ikeV2Mode: TUNNEL
enableSaStrengthEnforcement: false
enableRRI: true
lifetimeSeconds: 28800
lifetimeKilobytes: 4608000
perfectForwardSecrecy:
enabled: false
validateIncomingIcmpErrorMessage: false
doNotFragmentPolicy: NONE
id: 005056A9-302C-0ed3-0000-017179869924
type: IPSecSettings
links:
self: https://example.cisco.com/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-302C-0ed3-0000-017179869721/ipsecsettings/005056A9-302C-0ed3-0000-017179869924
ikeV2IpsecProposal:
- name: AES-GCM
id: 005056A9-302C-0ed3-0000-000000002010
type: IKEv2IPsecProposal
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIPSecSettings'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/ipsecsettings/ipsecsettingsUUID ( Example PUT of VPN IPSec Settings )'
: value:
tfcPackets:
enabled: false
burstBytes: 0
payloadBytes: 0
timeoutSeconds: 0
cryptoMapType: STATIC
ikeV2Mode: TUNNEL
enableSaStrengthEnforcement: false
enableRRI: true
lifetimeSeconds: 28800
lifetimeKilobytes: 4608000
perfectForwardSecrecy:
enabled: false
modulusGroup: 2
validateIncomingIcmpErrorMessage: false
doNotFragmentPolicy: NONE
type: IPSecSettings
ikeV1IpsecProposal:
- name: tunnel_aes256_sha
id: 005056A9-302C-0ed3-0000-000000002003
type: IKEv1IPsecProposal
ikeV2IpsecProposal:
- name: AES-GCM
id: 005056A9-302C-0ed3-0000-000000002010
type: IKEv2IPsecProposal
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIPSecSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns/{containerUUID}/advancedsettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves Advanced settings inside a VPN Site To Site Topology.**'
operationId: getVpnAdvancedSettings
parameters:
- name: objectId
in: path
description: Identifier for Advanced settings in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnAdvancedSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies Advanced settings inside a VPN Site To Site Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateVpnAdvancedSettings
parameters:
- name: objectId
in: path
description: Identifier for Advanced settings in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnAdvancedSettings'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/ipsecsettings/ipsecsettingsUUID ( Test PUT of Vpn Advanced Settings )'
: value:
id: 005056A9-097E-0ed3-0000-021474836554
type: AdvancedSettings
links:
self: <fmc_url>/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/ftds2svpns/005056A9-097E-0ed3-0000-008589935150/advancedsettings/005056A9-097E-0ed3-0000-021474836554
advancedIkeSetting:
peerIdentityValidation: REQUIRED
thresholdToChallengeIncomingCookies: 50
percentageOfSAsAllowedInNegotiation: 100
enableNotificationOnTunnelDisconnect: false
identitySentToPeer: AUTO_OR_DN
enableAggressiveMode: false
cookieChallenge: CUSTOM
advancedTunnelSetting:
certificateMapSettings:
useCertMapConfiguredInEndpointToDetermineTunnel: false
useCertificateOuToDetermineTunnel: true
useIkeIdentityOuToDetermineTunnel: true
usePeerIpAddressToDetermineTunnel: true
enableSpokeToSpokeConnectivityThroughHub: false
natKeepaliveMessageTraversal:
enabled: true
intervalSeconds: 20
bypassAccessControlTrafficForDecryptedTraffic: false
advancedIpsecSetting:
maximumTransmissionUnitAging:
enabled: false
enableFragmentationBeforeEncryption: true
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnAdvancedSettings'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnAdvancedSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/ftds2svpns/{containerUUID}/ikesettings/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the IKE Settings associated with the specified ID inside a VPN Site To Site Topology.**'
operationId: getVpnIkeSettings
parameters:
- name: objectId
in: path
description: Identifier for an IKE Settings policy in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIkeSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the IKE Settings associated with the specified ID inside a VPN Site To Site Topology. _Check the response section for applicable examples (if any)._**'
operationId: updateVpnIkeSettings
parameters:
- name: objectId
in: path
description: Identifier for an IKE Settings policy in a Site to Site VPN topology.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes.
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIkeSettings'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/ftds2svpns/containerUUID/ikesettings/ikeSettingsUUID ( Test PUT of Ike Settings )'
: value:
links:
self: <fmc_ip>/api/fmc_config/v1/domain/domainUUID/policy/ftds2svpns/topologyUUID/ikesettings/005056A9-7483-0ed3-0000-012884902862
id: 005056A9-7483-0ed3-0000-012884902862
type: IkeSettings
ikeV2Settings:
automaticPreSharedKeyLength: 7
enforceHexBasedPreSharedKeyOnly: true
authenticationType: AUTOMATIC_PRE_SHARED_KEY
policies:
- name: DES-SHA-SHA
id: 005056A9-6FFE-0ed3-0000-000000000402
type: Ike2
- name: AES-SHA-SHA
id: 005056A9-6FFE-0ed3-0000-000000000401
type: Ike2
ikeV1Settings:
automaticPreSharedKeyLength: 7
authenticationType: AUTOMATIC_PRE_SHARED_KEY
policies:
- name: preshared_sha_des_dh5_160
id: 005056A9-6FFE-0ed3-0000-000000000303
type: Ike
- name: preshared_sha_aes256_dh14_3
id: 005056A9-6FFE-0ed3-0000-000000000307
type: Ike
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIkeSettings'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VpnIkeSettings'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/s2svpnsummaries:
get:
tags:
- Policy
description: '**[DEV ERROR: Missing description]**'
operationId: getS2SVpnSummaryModel
parameters:
- name: filter
in: query
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/S2SVpnSummaryModelListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/s2svpnsummaries ( Get S2S VPN summary. )':
value:
items:
- name: DummyData0
id: asdddf0
type: FTDS2SVpn
routeBased: false
ikeV1Enabled: true
ikeV2Enabled: true
totalTunnelCount: 10
activeTunnelCount: 6
downTunnelCount: 4
outOfSync: false
topologyType: HUB_AND_SPOKE
- name: DummyData0
id: asdddf0
type: FTDS2SVpn
routeBased: false
ikeV1Enabled: true
ikeV2Enabled: true
totalTunnelCount: 10
activeTunnelCount: 6
downTunnelCount: 4
outOfSync: false
topologyType: HUB_AND_SPOKE
paging:
pages: 8
offset: 0
limit: 2
count: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/natexemptrules/{deviceId}:
get:
tags:
- Policy
description: '**Retrieves the VPN NatExempt Rules generated by the Site To Site VPN Topology for a device.**'
operationId: getVPNNatExemptModel
parameters:
- name: deviceId
in: path
description: Retrieves NAT Exempt rules for given device.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/VPNNatExemptModel'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/operational/policylocks:
get:
tags:
- Policy
description: '**[DEV ERROR: Missing description]**'
operationId: getPolicyLock
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PolicyLockListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/operational/policylocks ( Success: Test GET ALL method for PolicyLock )':
value:
items:
- policies:
- type: PolicyLock
policy:
name: String
id: String
type: String
links:
self: fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/operational/policylocks
status: LOCKED | UNLOCKED
metadata:
lockedByUser:
name: String
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Locks the policy. Currently supports only Access policy. _Check the response section for applicable examples (if any)._**'
operationId: createPolicyLock
parameters:
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: Input representation of policy lock.
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PolicyLock'
examples:
'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/operational/policylocks ( Success: Test POST method for PolicyLock )':
value:
policies:
- lock: "true"
policy:
id: String
type: AccessPolicy
'Example 2 : POST /fmc_config/v1/domain/DomainUUID/policy/operational/policylocks ( Success: Test POST method for PolicyLock )':
value:
policies:
- lockParentsInHierarchy: Boolean
policy:
id: String
type: String
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PolicyLock'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PolicyLock'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/prefilterpolicies/{objectId}:
get:
tags:
- Policy
description: '**Retrieves prefilter policy associated with the specified ID.**'
operationId: getPrefilterPolicy
parameters:
- name: objectId
in: path
description: Identifier for prefilter policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies ( Test GET Success of Prefilter policy )':
value:
name: PrefilterPolicy1
id: PrefilterPolicyUUID
type: PrefilterPolicy
description: Description of a Prefilter Policy
rules:
refType: list
type: PrefilterRule
links:
self: URL for Prefilter Rules
defaultAction:
type: PrefilterPolicyDefaultAction
id: PrefilterPolicyDefaultActionUUID
action: BLOCK_TUNNELS/ANALYZE_TUNNELS
links:
self: URL for Prefilter Policy Default Action
metadata:
domain:
name: Global
id: DomainUUID
type: Domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies prefilter policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: updatePrefilterPolicy
parameters:
- name: objectId
in: path
description: Identifier for prefilter policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Deletes prefilter policy associated with the specified ID. _Check the response section for applicable examples (if any)._**'
operationId: deletePrefilterPolicy
parameters:
- name: objectId
in: path
description: Identifier for prefilter policy.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
examples:
'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies ( Test DELETE success of Prefilter policy )':
value:
type: PrefilterPolicy
name: PrefilterPolicy1
description: policy to test FMC implementation
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/prefilterpolicies:
get:
tags:
- Policy
description: '**Retrieves list of all prefilter policies.**'
operationId: getAllPrefilterPolicy
parameters:
- name: ticket-id
in: header
description: '[DEV ERROR: Missing description]'
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicyListContainer'
examples:
'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies ( Test GET ALL Success of Prefilter policy )':
value:
items:
- name: PrefilterPolicy1
id: PrefilterPolicyUUID1
type: PrefilterPolicy
description: Description of a Prefilter Policy
rules:
refType: list
type: PrefilterRule
links:
self: URL for Prefilter Rules
defaultAction:
type: PrefilterPolicyDefaultAction
id: PrefilterPolicyDefaultActionUUID
action: BLOCK_TUNNELS/ANALYZE_TUNNELS
links:
self: URL for Prefilter Policy Default Action
metadata:
domain:
name: Global
id: DomainUUID
type: Domain
- name: PrefilterPolicy2
id: PrefilterPolicyUUID2
type: PrefilterPolicy
description: Description of a Prefilter Policy
rules:
refType: list
type: PrefilterRule
links:
self: URL for Prefilter Rules
defaultAction:
type: PrefilterPolicyDefaultAction
id: PrefilterPolicyDefaultActionUUID
action: BLOCK_TUNNELS/ANALYZE_TUNNELS
links:
self: URL for Prefilter Policy Default Action
metadata:
domain:
name: Global
id: DomainUUID
type: Domain
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
post:
tags:
- Policy
description: '**Creates prefilter policies. _Check the response section for applicable examples (if any)._**'
operationId: createPrefilterPolicy
parameters:
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
examples:
? 'Example 1 : POST /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies ( Success: POST method for PrefilterPolicy with minimum required fields )'
: value:
type: PrefilterPolicy
name: PrefilterPolicy1
description: policy to test FMC implementation
? 'Example 2 : POST /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies ( Success: Test POST method for PrefilterPolicy with defaultaction )'
: value:
type: PrefilterPolicy
name: PrefilterPolicy1
description: policy to test FMC implementation
defaultAction:
type: PrefilterPolicyDefaultAction
logBegin: true/false
logEnd: true/false
sendEventsToFMC: true/false
action: BLOCK_TUNNELS/ANALYZE_TUNNELS
syslogConfig:
name: SyslogAlert1
id: SyslogAlertUUID
type: SyslogAlert
snmpConfig:
name: SNMPAlert1
id: SNMPAlertUUID
type: SNMPAlert
required: true
responses:
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
"201":
description: Created
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterPolicy'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/prefilterpolicies/{containerUUID}/operational/hitcounts:
get:
tags:
- Policy
description: '**Retrieves Hit Count**'
operationId: getPrefilterHitCount
parameters:
- name: filter
in: query
description: 'Value is of format (including quotes): <code>"deviceId:{uuid};ids:{uuid1,uuid2,..};fetchZeroHitCount:{true|false};name:{rule or policy name};lastHit:{number of days as per unit};lastHitUnit:{DAYS|WEEKS|MONTHS|YEARS}"</code><br/><br/><code>deviceId</code> is UUID of device and is a mandatory field.<br/><code>ids</code> returns hitcounts of access rules if set to list of rule UUIDs. If this key is not used, all access rules will be returned.<br/><code>fetchZeroHitCount</code> returns only access rules whose hit count is zero if <code>true</code>.<br/><code>name</code> returns only access rule name or policy name matches<code>name</code>.<br/><code>lastHit</code> returns only access rules hit in last specified number of days as per <code>lastHitUnit</code> unit.<br/><code>lastHitUnit</code> unit of number of last hit days - DAYS, WEEKS, MONTHS or YEARS.<br/><br/>(Note that <code>fetchZeroHitCount</code>,<code>name</code>,<code>lastHit</code>,<code>lastHitUnit</code> filters are applicable only in GET operation and if <code>ids</code> filter is not used)'
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
- name: offset
$ref: '#/components/parameters/offset'
- name: limit
$ref: '#/components/parameters/limit'
- name: expanded
$ref: '#/components/parameters/expanded'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterHitCountListContainer'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true ( Success: Test GET ALL method for HitCount )'
: value:
link:
self: /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true
items:
- metadata:
policy:
type: PrefilterPolicy
name: <Prefilter Policy Name>
id: id_of_prefilter_policy
domain:
name: Global
id: id_of_global_domain
type: Domain
deviceRuleId: prefilter_rule_id_on_ftd
ruleIndex: prefilter_rule_name
link:
self: /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId};ids:{id_of_prefilter_rule_1}"&expanded=true
lastFetchTimeStamp: "1997-07-16T19:20:30Z"
type: PrefilterRule
hitCount: 90
rule:
id: id_of_prefilter_rule_1
type: PrefilterRule
name: <Prefilter Rule Name 1>
firstHitTimeStamp: "1997-07-16T19:20:30Z"
lastHitTimeStamp: "1997-07-16T19:20:30Z"
- metadata:
policy:
type: PrefilterPolicy
name: <Prefilter Policy Name>
id: id_of_prefilter_policy
domain:
name: Global
id: id_of_global_domain
type: Domain
deviceRuleId: prefilter_rule_id_on_ftd
ruleIndex: prefilter_rule_name
link:
self: /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId};ids:{id_of_prefilter_rule_2}"&expanded=true
lastFetchTimeStamp: "1997-07-16T19:20:30Z"
hitCount: 0
rule:
id: id_of_prefilter_rule_2
type: PrefilterRule
name: <Prefilter Rule Name 2>
firstHitTimeStamp: "1997-07-16T19:20:30Z"
lastHitTimeStamp: "1997-07-16T19:20:30Z"
paging:
offset: 0
limit: 2
count: 2
pages: 1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Refreshes Hit Count _Check the response section for applicable examples (if any)._**'
operationId: updatePrefilterHitCount
parameters:
- name: filter
in: query
description: 'Value is of format (including quotes): <code>"deviceId:{uuid};ids:{uuid1,uuid2,..};fetchZeroHitCount:{true|false};name:{rule or policy name};lastHit:{number of days as per unit};lastHitUnit:{DAYS|WEEKS|MONTHS|YEARS}"</code><br/><br/><code>deviceId</code> is UUID of device and is a mandatory field.<br/><code>ids</code> returns hitcounts of access rules if set to list of rule UUIDs. If this key is not used, all access rules will be returned.<br/><code>fetchZeroHitCount</code> returns only access rules whose hit count is zero if <code>true</code>.<br/><code>name</code> returns only access rule name or policy name matches<code>name</code>.<br/><code>lastHit</code> returns only access rules hit in last specified number of days as per <code>lastHitUnit</code> unit.<br/><code>lastHitUnit</code> unit of number of last hit days - DAYS, WEEKS, MONTHS or YEARS.<br/><br/>(Note that <code>fetchZeroHitCount</code>,<code>name</code>,<code>lastHit</code>,<code>lastHitUnit</code> filters are applicable only in GET operation and if <code>ids</code> filter is not used)'
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterHitCount'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterHitCount'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="{filterString}";expanded=true ( Test PUT (Refresh) of HitCount )'
: value:
link:
self: /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="deviceId:{deviceId}"&expanded=true
metadata:
task:
id: task_id
type: TaskStatus
links:
self: link_to_task_status
type: HitCount
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
delete:
tags:
- Policy
description: '**Clears Hit Count _Check the response section for applicable examples (if any)._**'
operationId: deletePrefilterHitCount
parameters:
- name: filter
in: query
description: 'Value is of format (including quotes): <code>"deviceId:{uuid};ids:{uuid1,uuid2,..};fetchZeroHitCount:{true|false};name:{rule or policy name};lastHit:{number of days as per unit};lastHitUnit:{DAYS|WEEKS|MONTHS|YEARS}"</code><br/><br/><code>deviceId</code> is UUID of device and is a mandatory field.<br/><code>ids</code> returns hitcounts of access rules if set to list of rule UUIDs. If this key is not used, all access rules will be returned.<br/><code>fetchZeroHitCount</code> returns only access rules whose hit count is zero if <code>true</code>.<br/><code>name</code> returns only access rule name or policy name matches<code>name</code>.<br/><code>lastHit</code> returns only access rules hit in last specified number of days as per <code>lastHitUnit</code> unit.<br/><code>lastHitUnit</code> unit of number of last hit days - DAYS, WEEKS, MONTHS or YEARS.<br/><br/>(Note that <code>fetchZeroHitCount</code>,<code>name</code>,<code>lastHit</code>,<code>lastHitUnit</code> filters are applicable only in GET operation and if <code>ids</code> filter is not used)'
required: true
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterHitCount'
examples:
? 'Example 1 : DELETE /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/operational/hitcounts?filter="{filterString}";expanded=true ( Test DELETE (Clear) of HitCount )'
: value: {}
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/prefilterpolicies/{containerUUID}/defaultactions/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the default action associated with the specified prefilter control policy ID and default action ID. If no default action ID is specified, retrieves list of all default actions associated with the specified prefilter policy ID.**'
operationId: getPrefilterDefaultAction
parameters:
- name: objectId
in: path
description: Unique identifier of a default action.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterDefaultAction'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the default action associated with the specified prefilter control policy ID and default action ID. _Check the response section for applicable examples (if any)._**'
operationId: updatePrefilterDefaultAction
parameters:
- name: objectId
in: path
description: Unique identifier of a default action.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterDefaultAction'
required: true
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterDefaultAction'
"202":
description: Accepted
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterDefaultAction'
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/prefilterpolicies/{containerUUID}/prefilterrules/{objectId}:
get:
tags:
- Policy
description: '**Retrieves the prefilter rule associated with the specified policy ID and rule ID.**'
operationId: getPrefilterRule
parameters:
- name: objectId
in: path
description: Unique identifier of a prefilter rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
responses:
"200":
description: OK
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterRule'
examples:
? 'Example 1 : GET /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules/prefilterruleUUID ( Success: Test GET method for Prefilter rule )'
: value:
metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules/prefilterruleUUID
action: FASTPATH/ANALYZE/BLOCK
enabled: true
type: PrefilterRule
name: Rule2
sendEventsToFMC: false
ruleType: PREFILTER
bidirectional: false
id: prefilterruleUUID
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: vlanTagUUID
timeRangeObjects:
- type: TimeRange
name: TestTimeRange
id: TimeRangeUUID
sourceInterfaces:
objects:
- name: External
id: sourceInterfaceObjectUUID
type: SecurityZone
destinationInterfaces:
objects:
- name: Internal
id: destinationInterfaceUUID
type: SecurityZone
logBegin: false
logEnd: false
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
sourceNetworks:
objects:
- type: Host
id: sourceNetworkObjectUUID
name: Host1
destinationNetworks:
objects:
- type: Host
id: destinationNetworkUUID
name: Host1
? 'Example 2 : GET /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules/prefilterruleUUID ( Success: Test GET method for Tunnel rule )'
: value:
metadata:
readOnly:
state: true
reason: SYSTEM
links:
self: /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules/prefilterruleUUID
action: FASTPATH/ANALYZE/BLOCK
enabled: true
type: PrefilterRule
name: TunnelRule2
sendEventsToFMC: false
ruleType: TUNNEL
bidirectional: true
id: prefilterruleUUID
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: vlanTagUUID
sourceInterfaces:
objects:
- name: External
id: sourceInterfaceObjectUUID
type: SecurityZone
destinationInterfaces:
objects:
- name: Internal
id: destinationInterfaceUUID
type: SecurityZone
logBegin: false
logEnd: false
encapsulationPorts:
- GRE
- IP_IN_IP
- IPV6_IN_IP
- TEREDO
tunnelZone:
objects:
- id: tunnelZoneUUID
type: TunnelTag
name: TunnelZone1
commentHistoryList:
- user:
name: user1
type: User
date: utc-millisec
comment: Prefilter Rule Comments
sourceNetworks:
objects:
- type: Host
id: sourceNetworkObjectUUID
name: Host1
destinationNetworks:
objects:
- type: Host
id: destinationNetworkUUID
name: Host1
default:
description: Error
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/ErrorResponse'
deprecated: false
put:
tags:
- Policy
description: '**Modifies the prefilter rule associated with the specified policy ID and rule ID. _Check the response section for applicable examples (if any)._**'
operationId: updatePrefilterRule
parameters:
- name: objectId
in: path
description: Unique identifier of a prefilter rule.
required: true
schema:
type: string
- name: ticket-id
in: header
description: UUID of the ticket for tracking the configuration changes..
required: false
schema:
type: string
- name: containerUUID
in: path
description: The container id under which this specific resource is contained.
required: true
schema:
type: string
- name: domainUUID
$ref: '#/components/parameters/domainUUID'
requestBody:
description: '[DEV ERROR: Missing description]'
content:
application/json:
schema:
type: object
$ref: '#/components/schemas/PrefilterRule'
examples:
? 'Example 1 : PUT /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules/prefilterruleUUID1 ( Test PUT of Prefilter rule )'
: value:
action: FASTPATH/ANALYZE/BLOCK
enabled: false
type: PrefilterRule
name: Rule2
sendEventsToFMC: false
ruleType: PREFILTER
bidirectional: false
id: prefilterruleUUID1
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
sourceInterfaces:
objects:
- name: External
id: SecurityInterfaceUUID
type: SecurityZone
destinationInterfaces:
objects:
- name: Internal
id: SecurityInterfaceUUID
type: SecurityZone
sourceNetworks:
objects:
- type: Host
id: sourceNetworkObjectUUID
name: Host1
destinationNetworks:
objects:
- type: Host
id: destinationNetworkUUID
name: Host1
logBegin: false
logEnd: false
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
timeRangeObjects:
- type: TimeRange
name: TestTimeRange
id: TimeRangeUUID
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 2 : PUT /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules/prefilterruleUUID1 ( Test PUT of Tunnel rule )'
: value:
action: FASTPATH/ANALYZE/BLOCK
enabled: false
type: PrefilterRule
name: TunnelRule2
sendEventsToFMC: false
ruleType: TUNNEL
bidirectional: true
id: prefilterruleUUID1
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
sourceInterfaces:
objects:
- name: External
id: SecurityInterfaceUUID
type: SecurityZone
destinationInterfaces:
objects:
- name: Internal
id: SecurityInterfaceUUID
type: SecurityZone
sourceNetworks:
objects:
- type: Host
id: sourceNetworkObjectUUID
name: Host1
destinationNetworks:
objects:
- type: Host
id: destinationNetworkUUID
name: Host1
logBegin: false
logEnd: false
encapsulationPorts:
- GRE
- IP_IN_IP
- IPV6_IN_IP
- TEREDO
tunnelZone:
objects:
- id: tunnelZoneUUID
type: TunnelTag
name: TunnelZone2
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
? 'Example 3 : PUT /fmc_config/v1/domain/DomainUUID/policy/prefilterpolicies/containerUUID/prefilterrules?bulk=true ( PUT Bulk update of Prefilter rules )'
: value:
- action: ALLOW
enabled: true
type: PrefilterRule
name: Rule1
sendEventsToFMC: false
ruleType: PREFILTER
bidirectional: false
logBegin: false
logEnd: false
vlanTags:
objects:
- type: VlanTag
name: vlan_tag_1
id: VlanTagUUID1
- type: VlanTag
name: vlan_tag_2
id: VlanTagUUID2
sourceInterfaces:
objects:
- name: External
id: SecurityZoneUUID
type: SecurityZone
destinationInterfaces:
objects:
- name: Internal
id: SecurityZoneUUID
type: SecurityZone
sourcePorts:
objects:
- type: ProtocolPortObject
name: AOL
id: ProtocolPortObjectUUID
destinationPorts:
objects:
- type: ProtocolPortObject
name: Bittorrent
id: ProtocolPortObjectUUID
snmpConfig:
id: snmpConfigUuid
name: snmp_alert1
type: SNMPAlert
syslogConfig:
id: syslogConfigUuid
name: syslog_alert1
type: SyslogAlert
newComments:
- comment1
- comment2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment