NSX-T Data Center Global Manager REST API

Create or update a distributed firewall security policy

Create or update a distributed firewall (DFW) security policy for a domain.
This is a full replace. All the rules are replaced.
Performance Note: If you want to edit several rules in a security policy,
use this API. It will perform better than several individual rule APIs.
Just pass all the rules which you wish to edit as embedded rules to it.
This API is available when using VMware Cloud (AWS, Dell-EMC, Outpost, Hyperscalers) or VMware NSX.

Request:

Method:
PUT
URI Path(s):
/global-manager/api/v1/global-infra/domains/{domain-id}/security-policies/{security-policy-id}
Request Headers:
n/a
Query Parameters:
n/a
Request Body:
SecurityPolicy+

Example Request:

{ "description": "security policy", "display_name": "application-section-1", "category": "Application", "rules": [ { "description": " rule", "display_name": "ce-1", "sequence_number": 1, "source_groups": [ "/global-infra/domains/vmc/groups/dbgroup" ], "destination_groups": [ "/global-infra/domains/vmc/groups/appgroup" ], "services": [ "/global-infra/services/HTTP", "/global-infra/services/CIM-HTTP" ], "action": "ALLOW" } ] }

Successful Response:

Response Code:
200 OK
Response Headers:
Content-type: application/json
Response Body:
SecurityPolicy+

Example Response:

{ "resource_type": "SecurityPolicy", "description": "security policy", "id": "application-section-1", "display_name": "application-section-1", "path": "/infra/domains/vmc/security-policies/application-section-1", "parent_path": "/infra/domains/vmc", "relative_path": "application-section-1", "rules": [ { "resource_type": "Rule", "description": " rule", "id": "ce-1", "display_name": "ce-1", "path": "/infra/domains/vmc/security-policies/application-section-1/rules/ce-1", "parent_path": "/infra/domains/vmc/security-policies/application-section-1", "relative_path": "ce-1", "sequence_number": 1, "source_groups": [ "/infra/domains/vmc/groups/dbgroup" ], "logged": false, "destination_groups": [ "/infra/domains/vmc/groups/appgroup" ], "scope": [ "ANY" ], "action": "ALLOW", "services": [ "/infra/services/HTTP", "/infra/services/CIM-HTTP" ], "rule_id": 1003, "_create_user": "admin", "_create_time": 1517317382942, "_last_modified_user": "admin", "_last_modified_time": 1517317382962, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 1 } ], "category": "Application", "sequence_number": 0, "internal_sequence_number": 13000000, "_create_user": "admin", "_create_time": 1517317362027, "_last_modified_user": "admin", "_last_modified_time": 1517317362027, "_system_owned": false, "_protection": "NOT_PROTECTED", "_revision": 0 }

Required Permissions:

crud

Feature:

policy_dfw

Additional Errors: