firewall_local_policy_obj

firewall_local_policy_obj

Configuration Editor for API to add, modify, delete, and get configuration for Basic and Advanced Firewall settings resource.

Read/write properties

destination_service_name <String>

The Destination service that the filter will match.

match_type <String>

The Application used as match criteria for this Filter.. Possible values = [ip_protocol,application,application_family,application_objects]

destination_port <Integer>

The Destination Port or Port Range that the Filter will match..

application_objects <String>

The Application used as match criteria for this Filter..

source_port <Integer>

The Source Port or Port Range that the Filter will match..

ip_dscp <String>

The time, in seconds, to wait for new packets before closing a UDP session that has not seen traffic in both directions.. Possible values = [ANY,DEFAULT,af11,af12,af13,af21,af22,af23,af31,af32,af33,af41,af42,af43,cs1,cs2,cs3,cs4,cs5,cs6,cs7,ef]

destination_ip_address <String>

The Destination IP Address and Subnet Mask that the Filter will match..

source_service_type <String>

The Source Service Type that the Filter will match.. Possible values = [any,local,virtual_path,internet,intranet,gre_tunnel,lan_ipsec_tunnel,ip_host,multicast]

track_connection <Boolean>

Whether or not to enable bidirectional connection state tracking for TCP, UDP and ICMP packets matching this Filter. This feature will block flows which appear illegitimate, due to asymmetric routing or failure of checksum, protocol specific validation -- proceed with caution if NetScaler SD-WAN is not fully inline..

log_interval <Integer>

The time, in seconds, between logging the number of packets matching the filter (0 = disabled, valid settings are 60-600)..

destination_service_type <String>

The Destination Service Type that the Filter will match.. Possible values = [any,local,virtual_path,internet,intranet,gre_tunnel,lan_ipsec_tunnel,ip_host,multicast]

id <Integer>

Firewall local policy id.

ip_protocol_num <Integer>

The IP Protocol that the Filter will match..

reverse_also <Boolean>

Click the checkbox to automatically add a copy of this Filter with the Source and Destination settings reversed..

source_ip_address <String>

The Source IP Address and Subnet Mask that the Filter will match..

application_family <String>

The Application used as match criteria for this Filter..

application <String>

The Application used as match criteria for this Filter..

log_connection_end <Boolean>

To generate a log when a Connection matching this Filter is deleted..

to_zones <String>

Select to filter on the zone the packet is destined to. Possible values = [any,default_lan_zone,internet_zone,untrusted_internet_zone]

action <String>

The Action to take for each packet matching the Filter.. Possible values = [allow,drop,reject,count_and_continue]

match_established <Boolean>

To match incoming packets for a Connection to which outgoing packets were allowed..

log_connection_start <Boolean>

To generate a log when a new Connection is created by a packet matching this Filter..

source_service_name <String>

The Source service that the filter will match.

allow_fragments <Boolean>

To allow fragmented packets matching the Filter..

from_zones <String>

Select to filter on the zone the packet originated from. Possible values = [any,default_lan_zone,internet_zone,untrusted_internet_zone]

Read only properties

priority <Integer>

The order/precedence in which Filters are applied (automatically redistributed)..

Operations

add delete get (all) modify

[add]{}

URL: http://<MGMT-IP>/sdwan/nitro/v1/config_editor/firewall_local_policy_obj

Description: Use this operation to add the local firewall policy settings

HTTP Method: POST

Request Payload: JSON

{"firewall_local_policy_obj": { "destination_service_name":<String_value> , "match_type":<String_value> , "destination_port":<Integer_value> , "application_objects":<String_value> , "source_port":<Integer_value> , "ip_dscp":<String_value> , "destination_ip_address":<String_value> , "source_service_type":<String_value> , "track_connection":<Boolean_value> , "log_interval":<Integer_value> , "destination_service_type":<String_value> , "id":<Integer_value> , "ip_protocol_num":<Integer_value> , "reverse_also":<Boolean_value> , "source_ip_address":<String_value> , "application_family":<String_value> , "application":<String_value> , "log_connection_end":<Boolean_value> , "to_zones":<String_value> , "action":<String_value> , "match_established":<Boolean_value> , "log_connection_start":<Boolean_value> , "source_service_name":<String_value> , "allow_fragments":<Boolean_value> , "from_zones":<String_value> }}

Response Payload: JSON

{ "firewall_local_policy_obj":{ "priority":<Integer_value>

, "destination_service_name":<String_value> , "match_type":<String_value> , "destination_port":<Integer_value> , "application_objects":<String_value> , "source_port":<Integer_value> , "ip_dscp":<String_value> , "destination_ip_address":<String_value> , "source_service_type":<String_value> , "track_connection":<Boolean_value> , "log_interval":<Integer_value> , "destination_service_type":<String_value> , "id":<Integer_value> , "ip_protocol_num":<Integer_value> , "reverse_also":<Boolean_value> , "source_ip_address":<String_value> , "application_family":<String_value> , "application":<String_value> , "log_connection_end":<Boolean_value> , "to_zones":<String_value> , "action":<String_value> , "match_established":<Boolean_value> , "log_connection_start":<Boolean_value> , "source_service_name":<String_value> , "allow_fragments":<Boolean_value> , "from_zones":<String_value> }]}

[delete]{}

URL: http://<MGMT-IP>/sdwan/nitro/v1/config_editor/firewall_local_policy_obj/

Description: Use this operation to delete the local firewall policy settings

HTTP Method: DELETE

Response Payload: JSON

{ "errorcode": 0, "message": "Done", "severity": <String;_value> }

[get (all)]{}

URL: http://<MGMT-IP>/sdwan/nitro/v1/config_editor/firewall_local_policy_obj

Description: Use this operation to get the local firewall policy settings

HTTP Method: GET

Response Payload: JSON

{"firewall_local_policy_obj":[{ "priority":<Integer_value>

, "destination_service_name":<String_value> , "match_type":<String_value> , "destination_port":<Integer_value> , "application_objects":<String_value> , "source_port":<Integer_value> , "ip_dscp":<String_value> , "destination_ip_address":<String_value> , "source_service_type":<String_value> , "track_connection":<Boolean_value> , "log_interval":<Integer_value> , "destination_service_type":<String_value> , "id":<Integer_value> , "ip_protocol_num":<Integer_value> , "reverse_also":<Boolean_value> , "source_ip_address":<String_value> , "application_family":<String_value> , "application":<String_value> , "log_connection_end":<Boolean_value> , "to_zones":<String_value> , "action":<String_value> , "match_established":<Boolean_value> , "log_connection_start":<Boolean_value> , "source_service_name":<String_value> , "allow_fragments":<Boolean_value> , "from_zones":<String_value> }]}

[modify]{}

URL: http://<MGMT-IP>/sdwan/nitro/v1/config_editor/firewall_local_policy_obj

Description: Use this operation to modify the local firewall policy settings

HTTP Method: PUT

Request Payload: JSON

{"firewall_local_policy_obj":{ "destination_service_name":<String_value> , "match_type":<String_value> , "destination_port":<Integer_value> , "application_objects":<String_value> , "source_port":<Integer_value> , "ip_dscp":<String_value> , "destination_ip_address":<String_value> , "source_service_type":<String_value> , "track_connection":<Boolean_value> , "log_interval":<Integer_value> , "destination_service_type":<String_value> , "id":<Integer_value> , "ip_protocol_num":<Integer_value> , "reverse_also":<Boolean_value> , "source_ip_address":<String_value> , "application_family":<String_value> , "application":<String_value> , "log_connection_end":<Boolean_value> , "to_zones":<String_value> , "action":<String_value> , "match_established":<Boolean_value> , "log_connection_start":<Boolean_value> , "source_service_name":<String_value> , "allow_fragments":<Boolean_value> , "from_zones":<String_value> }}

Response Payload: JSON

{ "firewall_local_policy_obj":[{ "priority":<Integer_value>

, "destination_service_name":<String_value> , "match_type":<String_value> , "destination_port":<Integer_value> , "application_objects":<String_value> , "source_port":<Integer_value> , "ip_dscp":<String_value> , "destination_ip_address":<String_value> , "source_service_type":<String_value> , "track_connection":<Boolean_value> , "log_interval":<Integer_value> , "destination_service_type":<String_value> , "id":<Integer_value> , "ip_protocol_num":<Integer_value> , "reverse_also":<Boolean_value> , "source_ip_address":<String_value> , "application_family":<String_value> , "application":<String_value> , "log_connection_end":<Boolean_value> , "to_zones":<String_value> , "action":<String_value> , "match_established":<Boolean_value> , "log_connection_start":<Boolean_value> , "source_service_name":<String_value> , "allow_fragments":<Boolean_value> , "from_zones":<String_value> }]}

Was this article helpful?