NSX-T Data Center Global Manager REST API
Associated URIs:
| API Description | API Path |
|---|---|
List security policiesList all security policies for a domain. |
GET /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies
|
Deletes a security policy from this domainDeletes the security policy along with all the rules |
DELETE /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}
|
Read security policyRead security policy for a domain. |
GET /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}
|
Patch security policyPatch the security policy for a domain. If a security policy for the given security-policy-id is not present, the object will get created and if it is present it will be updated. This is a full replace. Performance Note: If you want to edit several rules in a security policy use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. |
PATCH /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}
|
Revise the positioning of security policiesThis is used to set a precedence of a security policy w.r.t others. |
POST /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}?action=revise
|
Create or Update security policyCreate or Update the security policy for a domain. This is a full replace. All the rules are replaced. Performance Note: If you want to edit several rules in a security policy, use this API. It will perform better than several individual rule APIs. Just pass all the rules which you wish to edit as embedded rules to it. |
PUT /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}
|
List rulesList rules |
GET /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules
|
Delete ruleDelete rule |
DELETE /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
|
Read ruleRead rule |
GET /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
|
Patch a rulePatch the rule. If Rule corresponding to the the given rule-id is not present, the object will get created and if it is present it will be updated. This is a full replace. Performance Note: If you want to edit several rules in a security policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains/<domain-id>/security-policies/<security-policy-id> |
PATCH /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
|
Revise the positioning of ruleThis is used to re-order a rule within a security policy. |
POST /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}?action=revise
|
Create or update a ruleUpdate the rule. Create new rule if a rule with the rule-id is not already present. Performance Note: If you wish to edit several rules in a security policy, prefer below mentioned API for optimal performance. Pass all the rules which you wish to edit as embedded rules to it. Use this API - PATCH (or PUT) /infra/domains/<domain-id>/security-policies/<security-policy-id> |
PUT /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}
|
Get rule statisticsGet statistics of a rule. - no enforcement point path specified: Stats will be evaluated on each enforcement point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. |
GET /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/rules/{rule-id}/statistics
|
Get security policy statisticsGet statistics of a security policy. - no enforcement point path specified: Stats will be evaluated on each enforcement point. - {enforcement_point_path}: Stats are evaluated only on the given enforcement point. |
GET /global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}/statistics
|
List policy draftsList policy drafts. |
GET /global-manager/api/v1/global-infra/drafts
|
Delete a manual draftDelete a manual draft. |
DELETE /global-manager/api/v1/global-infra/drafts/{draft-id}
|
Read draftRead a draft for a given draft identifier. |
GET /global-manager/api/v1/global-infra/drafts/{draft-id}
|
Patch a manual draftCreate a new manual draft if the specified draft id does not correspond to an existing draft. Update the manual draft otherwise. Auto draft can not be updated. |
PATCH /global-manager/api/v1/global-infra/drafts/{draft-id}
|
Publish a draftRead a draft and publish it by applying changes onto current configuration. If there are additional changes on top of draft configuration, pass it as a request body, in form of Infra object. Otherwise, if there are no additional changes, then pass empty Infra object as a request body. |
POST /global-manager/api/v1/global-infra/drafts/{draft-id}?action=publish
|
Create or update a manual draftCreate a new manual draft if the specified draft id does not correspond to an existing draft. Update the manual draft otherwise. Auto draft can not be updated. |
PUT /global-manager/api/v1/global-infra/drafts/{draft-id}
|
Get an aggregated configuration for the draftGet an aggregated configuration that will get applied onto current configuration during publish of this draft. The response is a hierarchical payload containing the aggregated configuration differences from the latest auto draft till the specified draft. |
GET /global-manager/api/v1/global-infra/drafts/{draft-id}/aggregated
|
Get paginated aggregated configuration for the draftGet a paginated aggregated configuration of a given draft. This aggregated configuration is the differnece between the current published firewall configuration and a firewall configuration stored in a given draft. For an initial API call, if request_id is present in a response, then this is a paginated aggregated configuration of a given draft, containing all the security policies from the aggregated configuration. Using this request_id, more granular aggregated configuration, at security policy level, can be fetched from subsequent API calls. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination. |
GET /global-manager/api/v1/global-infra/drafts/{draft-id}/aggregated_with_pagination
|
Get a preview of a configuration after publish of a draftGet a preview of a configuration which will be present after publish of a specified draft. The response essentially is a hierarchical payload containing the configuration, which will be in active after a specified draft gets published onto current configuration. |
GET /global-manager/api/v1/global-infra/drafts/{draft-id}/complete
|
Get PolicyFirewallSchedulersGet all PolicyFirewallSchedulers |
GET /global-manager/api/v1/global-infra/firewall-schedulers
|
Delete Policy Firewall SchedulerDeletes the specified PolicyFirewallScheduler. If scheduler is consumed in a security policy, it won't get deleted. |
DELETE /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
|
Get PolicyFirewallSchedulerGet a PolicyFirewallScheduler by id |
GET /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
|
Create or Update PolicyFirewallSchedulerCreates/Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present. |
PATCH /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
|
Create or Update PolicyFirewallSchedulerUpdates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present. |
PUT /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
|
Import K8s network policies to DFW Security PoliciesThis is used to import a set of K8s network policies into DFW security policies |
POST /global-manager/api/v1/global-infra/import-k8s-np-to-dfw
|
Get the information of export taskGet the information of the latest export task. |
GET /global-manager/api/v1/global-infra/settings/firewall/export
|
Download exported fileDownload the exported file generated from the last export task. The request should have proper headers set to download the file. Please add the below two headers, if it is not already present Accept application/json, text/plain, */* Accept-Encoding gzip, deflate, br |
GET /global-manager/api/v1/global-infra/settings/firewall/export?action=download
|
Cancel a running export taskThis operation cancels an export task. Task needs to be in running state. |
POST /global-manager/api/v1/global-infra/settings/firewall/export?action=cancel
|
Invoke export taskInvoke export task. There can be only one export task run at any point of time. Hence invocation of another export task will be discarded, when there exist an already running export task. Exported configuration will be in a CSV format. This CSV file will be zipped into a ZIP file, that can be downloaded after the completion of export task. |
POST /global-manager/api/v1/global-infra/settings/firewall/export
|
Get the information of import taskGet the information of the latest import task. |
GET /global-manager/api/v1/global-infra/settings/firewall/import
|
Invoke import taskInvoke import task. There can be only one import task run at any point of time. Hence invocation of another import task will be discarded, when there exist an already running import task. |
POST /global-manager/api/v1/global-infra/settings/firewall/import
|
Cancel a running import taskThis operation cancels an import task. Task needs to be in running state. |
POST /global-manager/api/v1/global-infra/settings/firewall/import?action=cancel
|
Get dfw firewall configurationGet the current dfw firewall configurations. |
GET /global-manager/api/v1/global-infra/settings/firewall/security
|
Update dfw firewall configurationUpdate dfw firewall related configurations. Turning off distributed services ("enable_firewall": false) will turn off Distributed Firewall, Identity Firewall, Distributed Intrusion Detection and Prevention Service, Distributed Load Balancer. |
PATCH /global-manager/api/v1/global-infra/settings/firewall/security
|
Update dfw firewall configurationUpdate dfw firewall related configurations. Turning off distributed services ("enable_firewall": false) will turn off Distributed Firewall, Identity Firewall, Distributed Intrusion Detection and Prevention Service, Distributed Load Balancer. |
PUT /global-manager/api/v1/global-infra/settings/firewall/security
|
Get the list of distributed firewall dependent servicesGet the list of distributed firewall dependent services |
GET /global-manager/api/v1/global-infra/settings/firewall/security/dependent-services
|
Read security policy exclude listRead exclude list for firewall |
GET /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list
|
Read security policy exclude list including system and user excluded membersRead security policy exclude list including system and user excluded members. |
GET /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list?system_owned=true
|
Patch exclusion list for security policyPatch exclusion list for security policy. |
PATCH /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list
|
Filter the firewall exclude listFilter the firewall exclude list by the given object, to check whether the object is a member of this exclude list. |
POST /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list?action=filter
|
Create or update exclusion list for security policyUpdate the exclusion list for security policy |
PUT /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list
|
Reset firewall rule statisticsSets firewall rule statistics counter to zero. This operation is supported for given category, for example: DFW i.e. for all layer3 firewall (transport nodes only) rules or EDGE i.e. for all layer3 edge firewall (edge nodes only) rules. - no enforcement point path specified: On global manager, it is mandatory to give an enforcement point path. On local manager, reset of stats will be executed for each enforcement point. - {enforcement_point_path}: Reset of stats will be executed only for the given enforcement point. |
POST /global-manager/api/v1/global-infra/settings/firewall/stats?action=reset
|