Create Firewall Rule

Create Firewall Rule

Creates a Firewall Rule on the Edge Gateway.

Request
URI
POST
https://{api_host}/cloudapi/1.0.0/edgeGateways/{gatewayId}/firewall/rules
COPY
Path Parameters
string
externalNetworkId
Required

externalNetworkId

string
externalNetworkId
Required

externalNetworkId


Request Body
GatewayFirewallRule of type(s) application/json
Optional
{
    "id": "string",
    "name": "string",
    "description": "string",
    "sourceFirewallGroups": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "sourceFirewallIpAddresses": [
        "string"
    ],
    "destinationFirewallGroups": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "destinationFirewallIpAddresses": [
        "string"
    ],
    "applicationPortProfiles": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "rawPortProtocols": [
        {
            "layer4Item": {
                "protocol": "string",
                "sourcePorts": [
                    "8080",
                    "8090-8095"
                ],
                "destinationPorts": [
                    "20",
                    "21",
                    "139-445"
                ]
            }
        }
    ],
    "ipProtocol": "string",
    "actionValue": "string",
    "direction": "string",
    "logging": false,
    "networkContextProfiles": [
        {
            "name": "string",
            "id": "string"
        }
    ],
    "active": false,
    "version": {
        "version": 0
    },
    "comments": "string",
    "appliedTo": {
        "name": "string",
        "id": "string"
    },
    "loggingId": "string",
    "relativePosition": {
        "adjacentRuleId": "string",
        "rulePosition": "string"
    }
}
string
id
Optional

The unique id of this firewall rule. If a rule with the ruleId is not already present, a new rule will be created. If it already exists, the rule will be updated.

string
name
Required

Name for the rule.

string
description
Optional

description

sourceFirewallGroups
Optional

List of source groups for firewall rule. It specifies the sources of network traffic for the firewall rule. Null values in both this property and sourceFirewallIpAddresses will be treated as "ANY" For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

array of string
sourceFirewallIpAddresses
Optional

List of source IP addresses, IP Ranges, or CIDRs. This specifies the source of the traffic which the firewall rule will be applied to Null values in both this property and sourceFirewallGroups will be treated as "ANY"

destinationFirewallGroups
Optional

List of source groups for firewall rule. It specifies the destinations of network traffic for the firewall rule. Null values in both this property and destinationFirewallIpAddresses will be treated as "ANY" For Distributed Firewall rules, an entry with an id of urn:vcloud:firewallGroup:internal can be used to specify all internal vDC Group network traffic.

array of string
destinationFirewallIpAddresses
Optional

List of destination IP addresses, IP Ranges, or CIDRs. This specifies the destination of the traffic which the firewall rule will be applied to Null values in both this property and destinationFirewallGroups will be treated as "ANY"

applicationPortProfiles
Optional

The list of application ports where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all ports.

rawPortProtocols
Optional

A list of raw port-protocol entries where this firewall rule is applicable.

string
ipProtocol
Optional

Type of IP packet that should be matched while enforcing the rule. Default value is IPV4_IPV6.

  • IPV4
  • IPV6
  • IPV4_IPV6
string
actionValue
Optional

The action to be applied to all the traffic that meets the firewall rule criteria. It determines if the rule permits or blocks traffic. Property is required if action is not set. Below are valid values.

  • ALLOW permits traffic to go through the firewall.
  • DROP blocks the traffic at the firewall. No response is sent back to the source.
  • REJECT blocks the traffic at the firewall. A response is sent back to the source.
string
direction
Optional

Specifies the direction of the network traffic. Default value is IN_OUT.

  • IN
  • OUT
  • IN_OUT
boolean
logging
Optional

Whether packet logging is active for firewall rule.

networkContextProfiles
Optional

The list of layer 7 network context profiles where this firewall rule is applicable. Null value or an empty list will be treated as "ANY" which means rule applies to all applications and domains.

boolean
active
Optional

Whether the firewall rule is active.

version
Optional

This property describes the current version of the entity. To prevent clients from overwriting each other's changes, update operations must include the version which can be obtained by issuing a GET operation. If the version number on an update call is missing, the operation will be rejected. This is only needed on update calls.

string
comments
Optional

Text for user entered comments on the firewall rule. Length cannot exceed 2048 characters.

appliedTo
Optional

Entity reference used to describe VCD entities

string
loggingId
Optional

Unique ID assigned by the backing NSX-T network provider. Passed all the way down to the datapath, and is used for logging by NSX-T. Only applies to NSX-T.

relativePosition
Optional

Defines a relative position to place a firewall rule.

Authentication
This operation uses the following authentication methods.
Responses
202

The request have been accepted and the task to monitor the request is in the Location header.

Operation doesn't return any data structure

Availability
Added in 38.0
Deprecated in 38.1
With alternative: see
See /cloudapi/2.0.0/edgeGateways/{gatewayId}/firewall/rules. New Model is GatewayFirewallRule.
Edge Gateway Firewall Rules Operations
POST
Create Firewall Rule
DELETE
Delete Firewall Rules
GET
Get Firewall Rules
PUT
Update Firewall Rules