NSX-T Data Center REST API

List of VpcSecurityStrategies

Retrieves a paginated collection of all available Security Strategies that can be used in VPC Security Profiles.
Each security strategy in the response contains detailed rule template definitions that specify distributed
firewall rules for various security scenarios. The strategies are pre-created during system initialization
under the default project and are automatically shared across all projects for consumption in security profiles.
The API returns comprehensive information including rule templates with traffic flow specifications, actions,
service definitions, and placeholder references for dynamic resource resolution. Available strategies typically
include patterns for VPC isolation, external connectivity, vpc isolation with essential services access, secure connections.
The response supports pagination and sorting for efficient data retrieval and includes metadata about each strategy's purpose and rule composition.

Request:

Method:

GET

URI Path(s):

/policy/api/v1/orgs/{org-id}/projects/{project-id}/security-strategies

Request Headers:

n/a

Query Parameters:

SecurityStrategyListRequestParameters+

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending	If true, results are sorted in ascending order	boolean
sort_by	Field by which records are sorted	string

Request Body:

n/a

Example Request:

GET https://<policy-mgr>/policy/api/v1/orgs/default/projects/default/security-strategies

Successful Response:

Response Code:

200 OK

Response Headers:

Content-type: application/json

Response Body:

SecurityStrategyListResult+

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	SecurityStrategy list results	array of SecurityStrategy	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Example Response:

{ "results": [ { "resource_type": "SecurityStrategy", "id": "none", "display_name": "None", "description": "'None' security strategy implies the attached VPC would not have any security strategy attached to it. This strategy will be marked as the 'Default' security strategy by the system by default", "path": "/orgs/default/projects/default/security-strategies/none", "relative_path": "none", "parent_path": "/orgs/default/projects/default", "remote_path": "", "unique_id": "dcff2c17-0315-4f59-952c-91a35505cd87", "realization_id": "dcff2c17-0315-4f59-952c-91a35505cd87", "owner_id": "3ae63613-323b-4465-bf36-14274fd591e3", "marked_for_delete": false, "overridden": false, "_system_owned": true, "_protection": "NOT_PROTECTED", "_create_time": 1757926994647, "_create_user": "system", "_last_modified_time": 1757926994647, "_last_modified_user": "system", "_revision": 0 }, { "rule_templates": [ { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "JUMP_TO_APPLICATION", "services": [ "DHCP", "ICMP", "DNS", "NTP" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow-Essential-Services", "description": "Allow-Essential-Services" }, { "source": [ "{VPC_DEFAULT_GROUP}" ], "destination": [ "ANY" ], "action": "JUMP_TO_APPLICATION", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow-OUT", "description": "Allow-OUT" }, { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "DROP", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Deny-All", "description": "Deny-All" } ], "resource_type": "SecurityStrategy", "id": "vpc-external-connectivity", "display_name": "VPC External Connectivity", "description": "Allow only Outgoing Communications, deny all incoming connections. VPC to VPC communication is blockedy.strategy.external.connectivity.description=Allow only Outgoing Communications, deny all incoming connections. VPC to VPC communication is blocked", "path": "/orgs/default/projects/default/security-strategies/vpc-external-connectivity", "relative_path": "vpc-external-connectivity", "parent_path": "/orgs/default/projects/default", "remote_path": "", "unique_id": "1f0f9650-bad8-4710-891c-718adce4a66a", "realization_id": "1f0f9650-bad8-4710-891c-718adce4a66a", "owner_id": "3ae63613-323b-4465-bf36-14274fd591e3", "marked_for_delete": false, "overridden": false, "_system_owned": true, "_protection": "NOT_PROTECTED", "_create_time": 1757926994760, "_create_user": "system", "_last_modified_time": 1757926994760, "_last_modified_user": "system", "_revision": 0 }, { "rule_templates": [ { "source": [ "{VPC_DEFAULT_GROUP}" ], "destination": [ "{VPC_DEFAULT_GROUP}" ], "action": "JUMP_TO_APPLICATION", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow-within-VPC", "description": "Allow-within-VPC" }, { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "DROP", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Deny-All", "description": "Deny-All" } ], "resource_type": "SecurityStrategy", "id": "vpc-isolation", "display_name": "VPC Isolation", "description": "Deny any communication between VPCs within the project. All workloads within the VPC to be allowed to communicate", "path": "/orgs/default/projects/default/security-strategies/vpc-isolation", "relative_path": "vpc-isolation", "parent_path": "/orgs/default/projects/default", "remote_path": "", "unique_id": "b9d17af5-986c-4edc-a83a-b12dfc91452c", "realization_id": "b9d17af5-986c-4edc-a83a-b12dfc91452c", "owner_id": "3ae63613-323b-4465-bf36-14274fd591e3", "marked_for_delete": false, "overridden": false, "_system_owned": true, "_protection": "NOT_PROTECTED", "_create_time": 1757926994794, "_create_user": "system", "_last_modified_time": 1757926994794, "_last_modified_user": "system", "_revision": 0 }, { "rule_templates": [ { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "JUMP_TO_APPLICATION", "services": [ "DHCP", "ICMP", "DNS", "NTP" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow-Essential-Services", "description": "Allow-Essential-Services" }, { "source": [ "{VPC_DEFAULT_GROUP}" ], "destination": [ "{VPC_DEFAULT_GROUP}" ], "action": "JUMP_TO_APPLICATION", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow-within-VPC", "description": "Allow-within-VPC" }, { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "DROP", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Deny-All", "description": "Deny-All" } ], "resource_type": "SecurityStrategy", "id": "vpc-isolation-with-essential-services", "display_name": "VPC Isolation with Essential Services", "description": "Deny all communication to VPCs except for essential services like ICMP, DNS, NTP and DHCP. All workloads within the VPC to be allowed to communicate", "path": "/orgs/default/projects/default/security-strategies/vpc-isolation-with-essential-services", "relative_path": "vpc-isolation-with-essential-services", "parent_path": "/orgs/default/projects/default", "remote_path": "", "unique_id": "805ce889-f94d-4a36-a022-c4033aec6b91", "realization_id": "805ce889-f94d-4a36-a022-c4033aec6b91", "owner_id": "3ae63613-323b-4465-bf36-14274fd591e3", "marked_for_delete": false, "overridden": false, "_system_owned": true, "_protection": "NOT_PROTECTED", "_create_time": 1757926994855, "_create_user": "system", "_last_modified_time": 1757926994855, "_last_modified_user": "system", "_revision": 0 }, { "rule_templates": [ { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "JUMP_TO_APPLICATION", "services": [ "DHCP", "ICMP", "DNS", "NTP" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow-Essential-Services", "description": "Allow-Essential-Services" }, { "source": [ "{PROJECT_DEFAULT_GROUP}" ], "destination": [ "ANY" ], "action": "JUMP_TO_APPLICATION", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Allow_within_Project", "description": "Allow_within_Project" }, { "source": [ "ANY" ], "destination": [ "ANY" ], "action": "DROP", "services": [ "ANY" ], "applied_to": [ "{VPC_DEFAULT_GROUP}" ], "name": "Deny-All", "description": "Deny-All" } ], "resource_type": "SecurityStrategy", "id": "vpc-secure-connection", "display_name": "VPC Secure Connection", "description": "Allow all outgoing communications, deny incoming connections. Allow VPC to VPC within project", "path": "/orgs/default/projects/default/security-strategies/vpc-secure-connection", "relative_path": "vpc-secure-connection", "parent_path": "/orgs/default/projects/default", "remote_path": "", "unique_id": "5c919609-62a4-487b-91c5-3277a0108fc6", "realization_id": "5c919609-62a4-487b-91c5-3277a0108fc6", "owner_id": "3ae63613-323b-4465-bf36-14274fd591e3", "marked_for_delete": false, "overridden": false, "_system_owned": true, "_protection": "NOT_PROTECTED", "_create_time": 1757926994930, "_create_user": "system", "_last_modified_time": 1757926994930, "_last_modified_user": "system", "_revision": 0 } ], "result_count": 5, "sort_by": "display_name", "sort_ascending": true }

NSX-T Data Center REST API

List of VpcSecurityStrategies

Request:

SecurityStrategyListRequestParameters (schema)

Example Request:

Successful Response:

SecurityStrategyListResult (schema)

Example Response:

Required Permissions:

Feature:

Additional Errors: