NSX-T Data Center Global Manager REST API

Associated URIs:

API Description	API Path
List all policy configuration drafts Returns a paginated list of all DFW drafts.	GET /global-manager/api/v1/global-infra/drafts
Delete a manual draft Delete a manual draft.	DELETE /global-manager/api/v1/global-infra/drafts/{draft-id}
Read a policy configuration draft by ID Returns the configuration of a specific NSX policy draft identified by the draft ID. Drafts allow administrators to stage and review configuration changes before publishing them to the live environment.	GET /global-manager/api/v1/global-infra/drafts/{draft-id}
Patch a manual draft Create a new manual draft if the specified draft id does not correspond to an existing draft. Update the manual draft otherwise. Auto draft can not be updated.	PATCH /global-manager/api/v1/global-infra/drafts/{draft-id}
Publish a policy draft and apply its changes Publishes a draft by applying its staged configuration changes onto the live environment. If there are additional changes on top of draft configuration, pass it as a request body, in form of Infra object. Otherwise, if there are no additional changes, then pass empty Infra object as a request body.	POST /global-manager/api/v1/global-infra/drafts/{draft-id}?action=publish
Create or update a manual draft Create a new manual draft if the specified draft id does not correspond to an existing draft. Update the manual draft otherwise. Auto draft can not be updated.	PUT /global-manager/api/v1/global-infra/drafts/{draft-id}
Get an aggregated configuration for the draft Get an aggregated configuration that will get applied onto current configuration during publish of this draft. The response is a hierarchical payload containing the aggregated configuration differences from the latest auto draft till the specified draft.	GET /global-manager/api/v1/global-infra/drafts/{draft-id}/aggregated
Get paginated aggregated configuration for the draft Get a paginated aggregated configuration of a given draft. This aggregated configuration is the differnece between the current published firewall configuration and a firewall configuration stored in a given draft. For an initial API call, if request_id is present in a response, then this is a paginated aggregated configuration of a given draft, containing all the security policies from the aggregated configuration. Using this request_id, more granular aggregated configuration, at security policy level, can be fetched from subsequent API calls. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination.	GET /global-manager/api/v1/global-infra/drafts/{draft-id}/aggregated_with_pagination
Get a preview of a configuration after publish of a draft Get a preview of a configuration which will be present after publish of a specified draft. The response essentially is a hierarchical payload containing the configuration, which will be in active after a specified draft gets published onto current configuration.	GET /global-manager/api/v1/global-infra/drafts/{draft-id}/complete
Get PolicyFirewallSchedulers Get all PolicyFirewallSchedulers	GET /global-manager/api/v1/global-infra/firewall-schedulers
Delete Policy Firewall Scheduler Deletes the specified PolicyFirewallScheduler. If scheduler is consumed in a security policy, it won't get deleted.	DELETE /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
Get PolicyFirewallScheduler Get a PolicyFirewallScheduler by id	GET /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
Create or Update PolicyFirewallScheduler Creates/Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present.	PATCH /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
Create or Update PolicyFirewallScheduler Updates a PolicyFirewallScheduler, which can be set at security policy. Note that at least one property out of "days", "start_date", "time_interval", "end_date" is required if "recurring" field is true. Also "start_time" and "end_time" should not be present. And if "recurring" field is false then "start_date" and "end_date" is mandatory, "start_time" and "end_time" is optional. Also the fields "days" and "time_interval" should not be present.	PUT /global-manager/api/v1/global-infra/firewall-schedulers/{firewall-scheduler-id}
Get dfw firewall configuration Get the current dfw firewall configurations.	GET /global-manager/api/v1/global-infra/settings/firewall/security
Update dfw firewall configuration Update dfw firewall related configurations. Turning off distributed services ("enable_firewall": false) will turn off Distributed Firewall, Identity Firewall, Distributed Intrusion Detection and Prevention Service, Distributed Load Balancer.	PATCH /global-manager/api/v1/global-infra/settings/firewall/security
Update dfw firewall configuration Update dfw firewall related configurations. Turning off distributed services ("enable_firewall": false) will turn off Distributed Firewall, Identity Firewall, Distributed Intrusion Detection and Prevention Service, Distributed Load Balancer.	PUT /global-manager/api/v1/global-infra/settings/firewall/security
Get the list of distributed firewall dependent services Get the list of distributed firewall dependent services	GET /global-manager/api/v1/global-infra/settings/firewall/security/dependent-services
Read the distributed firewall exclude list Read the exclude list for the distributed firewall (DFW). Members in this list are excluded from DFW enforcement.	GET /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list
Read the distributed firewall exclude list including system and user excluded members Read the distributed firewall (DFW) exclude list including both system-owned and user-defined excluded members.	GET /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list?system_owned=true
Patch exclusion list for security policy Patch exclusion list for security policy.	PATCH /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list
Filter the firewall exclude list Filter the firewall exclude list by the given object, to check whether the object is a member of this exclude list.	POST /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list?action=filter
Create or update exclusion list for security policy Update the exclusion list for security policy	PUT /global-manager/api/v1/global-infra/settings/firewall/security/exclude-list

Additional Links

Distributed Firewall Settings

Drafts

Exclusion List

Firewall Scheduler

NSX-T Data Center Global Manager REST API

Associated URIs:

List all policy configuration drafts

Delete a manual draft

Read a policy configuration draft by ID

Patch a manual draft

Publish a policy draft and apply its changes

Create or update a manual draft

Get an aggregated configuration for the draft

Get paginated aggregated configuration for the draft

Get a preview of a configuration after publish of a draft

Get PolicyFirewallSchedulers

Delete Policy Firewall Scheduler

Get PolicyFirewallScheduler

Create or Update PolicyFirewallScheduler

Create or Update PolicyFirewallScheduler

Get dfw firewall configuration

Update dfw firewall configuration

Update dfw firewall configuration

Get the list of distributed firewall dependent services

Read the distributed firewall exclude list

Read the distributed firewall exclude list including system and user excluded members

Patch exclusion list for security policy

Filter the firewall exclude list

Create or update exclusion list for security policy