Update Firewall Rule

Update Firewall Rule

Updates a specific firewall rule for a given edge gateway.

Request
URI
PUT
https://{api_host}/cloudapi/1.0.0/edgeGateways/{gatewayId}/firewall/rules/{ruleId}
COPY
Path Parameters
string
externalNetworkId
Required

externalNetworkId

string
ruleId
Required

ruleId

string
externalNetworkId
Required

externalNetworkId

string
ruleId
Required

ruleId


Request Body
GatewayFirewallRule of type(s) application/json
Optional
{
    "id": "string",
    "name": "string",
    "description": "string",
    "sourceFirewallGroups": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "sourceFirewallIpAddresses": [
        "string"
    ],
    "destinationFirewallGroups": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "destinationFirewallIpAddresses": [
        "string"
    ],
    "applicationPortProfiles": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "rawPortProtocols": [
        {
            "layer4Item": {
                "protocol": "string",
                "sourcePorts": [
                    "8080",
                    "8090-8095"
                ],
                "destinationPorts": [
                    "20",
                    "21",
                    "139-445"
                ]
            }
        }
    ],
    "ipProtocol": "string",
    "actionValue": "string",
    "direction": "string",
    "logging": false,
    "networkContextProfiles": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "active": false,
    "version": {
        "version": 0
    },
    "comments": "string",
    "appliedTo": {
        "name": "string",
        "id": "string"
    },
    "loggingId": "string",
    "relativePosition": {
        "adjacentRuleId": "string",
        "rulePosition": "string"
    }
}
string
id
Optional

The unique id of this firewall rule. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated.

string
name
Required

Name for the rule.

string
description
Optional

description

sourceFirewallGroups
Optional

List of source groups for firewall rule. It specifies the sources of network traffic for the firewall rule. Null values in both this property and sourceFirewallIpAddresses will be treated as "ANY" For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

array of string
sourceFirewallIpAddresses
Optional

List of source IP addresses, IP Ranges, or CIDRs. This specifies the source of the traffic which the firewall rule will be applied to Null values in both this property and sourceFirewallGroups will be treated as "ANY"

destinationFirewallGroups
Optional

List of source groups for firewall rule. It specifies the destinations of network traffic for the firewall rule. Null values in both this property and destinationFirewallIpAddresses will be treated as "ANY" For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

array of string
destinationFirewallIpAddresses
Optional

List of destination IP addresses, IP Ranges, or CIDRs. This specifies the destination of the traffic which the firewall rule will be applied to Null values in both this property and destinationFirewallGroups will be treated as "ANY"

applicationPortProfiles
Optional

The list of application ports where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all ports.

rawPortProtocols
Optional

A list of raw port-protocol entries where this firewall rule is applicable.

string
ipProtocol
Optional

Type of IP packet that should be matched while enforcing the rule. Default value is IPV4_IPV6.

  • IPV4
  • IPV6
  • IPV4_IPV6
string
actionValue
Optional

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. Property is required if action is not set. Below are valid values.

  • ALLOW permits traffic to go through the firewall.
  • DROP blocks the traffic at the firewall. No response is sent back to the source.
  • REJECT blocks the traffic at the firewall. A response is sent back to the source.
string
direction
Optional

Specifies the direction of the network traffic. Default value is IN_OUT.

  • IN
  • OUT
  • IN_OUT
boolean
logging
Optional

Whether packet logging is active for firewall rule.

networkContextProfiles
Optional

The list of layer 7 network context profiles where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all applications and domains.

boolean
active
Optional

Whether the firewall rule is active.

version
Optional

version

string
comments
Optional

Text for user entered comments on the firewall rule. Length cannot exceed 2048 characters.

appliedTo
Optional

appliedTo

string
loggingId
Optional

Unique ID assigned by the backing NSX-T network provider. Passed all the way down to the datapath, and is used for logging by NSX-T. Only applies to NSX-T.

relativePosition
Optional

relativePosition

Authentication
This operation uses the following authentication methods.
Responses
202

The request have been accepted and the task to monitor the request is in the Location header.

Operation doesn't return any data structure

400

Invalid configuration.

Returns Error of type(s) */*;version=38.1
{
    "minorErrorCode": "string",
    "message": "string",
    "stackTrace": "string"
}
string
minorErrorCode
Required

minorErrorCode

string
message
Required

message

string
stackTrace
Optional

stackTrace


404

The specified resource was not found

Returns Error of type(s) */*;version=38.1
{
    "minorErrorCode": "string",
    "message": "string",
    "stackTrace": "string"
}
string
minorErrorCode
Required

minorErrorCode

string
message
Required

message

string
stackTrace
Optional

stackTrace


Availability
Added in 33.0
Deprecated in 38.1
With alternative: see
See /cloudapi/2.0.0/edgeGateways/{gatewayId}/firewall/rules/{ruleId}. New Model is GatewayFirewallRule.
Edge Gateway Firewall Rule Operations
DELETE
Delete Firewall Rule
GET
Get Firewall Rule
PUT
Update Firewall Rule