Security Services Platform Firewall Rule Analysis API.
Security Services Platform APIs to manage firewall rule analysis settings and activities.
Overview
Firewall Rule Analysis identifies opportunities to simplify and optimize firewall rule management.
As you deploy more distributed firewall rules over time, it is important to review the firewall ruleset to identify any potential mis-configurations or opportunities for policy optimizations. By optimizing and cleaning up firewall rules that are no longer relevant or necessary, you can improve firewall performance and overall manageability of the rule set.
VMware vDefend Firewall includes an integrated Rule Analysis capability to automatically monitor and report on detections of firewall rules to merge or delete (duplicates, redundancies, consolidations), rules to resolve contradictions (contradictions, shadows), and rules to tighten (permissive, irrelevance).
For more information see: https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/vdefend/security-services-platform/5-1/rule-analysis.html
Rule Analysis APIs
Rule Analysis APIs are defined using the OpenAPI standards. Clients interact with the API using RESTful web service calls over the HTTPS protocol. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified.
Request Authentication
Basic authentication is used for all Security Services Platform APIs and for the features running on the platform.
To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.
For example, to authenticate a request using the credentials of user admin with password admin, include the following header with the request:
The following cURL command will authenticate to the SSP Ingress using basic authentication and will issue a API request:
USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
SSP is the IP address or host name of the Security Services Platform (SSP)
For example:
Note: the -k argument instructs cURL to skip verifying the ssp's self-signed X.509 certificate. It is more secure to verify that the server's certificate is signed by a Certificate Authority (CA) that you trust. To do that, omit the -k argument and use the --cacert <ca-file> option, where <ca-file> is a PEM-formatted file containing the CA certificate to trust.
For example:
Additional cURL examples below use the -k flag, but you can always substitute the --rootca <ca-file> argument for additional security.
In the above examples, USERNAME may be:
- A local user name. For example, "admin".
- A remote user name, of the form "user@domain", for example, "[email protected]". The domain must match a domain for a configured VIDM identity source or a configured LDAP identity source.
Request Failures
It is possible for any request to fail. Errors are reported using standard HTTP response codes. The below table defines the HTTP Status codes these APIs may return
| Status Code | Description | Reason |
| 200 | Ok | API executed successfully. Check the response payload |
| 204 | No Content | API executed successfully. No response payload |
| 400 | Bad Request | If the request is not valid |
| 401 | Unauthorized | Unauthorized user |
| 403 | Forbidden | User is forbidden to perform the operation. |