addAccessRule
The addAccessRule operation handles configuration related to AccessRule model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| name | True | string | A String object containing the name of the FTDRulebase object. The string can be upto a maximum of 128 characters | ||
| sourceZones | False | [object] | A Set of ZoneBase objects considered as a source zone. Allowed types are: [TunnelZone, SecurityZone] |
||
| destinationZones | False | [object] | A Set of ZoneBase objects considered considered as a destination zone. Allowed types are: [TunnelZone, SecurityZone] |
||
| sourceNetworks | False | [object] | A Set of Network objects considered as a source network. Allowed types are: [Country, Continent, NetworkObject, NetworkObjectGroup, GeoLocation] |
||
| destinationNetworks | False | [object] | A Set of Network objects considered as a destination network. Allowed types are: [Country, Continent, NetworkObject, NetworkObjectGroup, GeoLocation] |
||
| sourcePorts | False | [object] | A Set of PortObjectBase objects considered as a source port. Allowed types are: [ICMPv6PortObject, ProtocolObject, ICMPv4PortObject, TCPPortObject, UDPPortObject, PortObjectGroup] |
||
| destinationPorts | False | [object] | A Set of PortObjectBase objects considered as a destination port. Allowed types are: [ICMPv6PortObject, ProtocolObject, ICMPv4PortObject, TCPPortObject, UDPPortObject, PortObjectGroup] |
||
| ruleAction | False | string | A mandatory AcRuleAction object that defines the Access Control Rule action. Possible values are: PERMIT TRUST DENY |
||
| eventLogAction | False | string | A mandatory EventLogAction object that defines the logging options for the rule. Possible values are: LOG_FLOW_START: (Not supported) LOG_FLOW_END: Log at the end of connection LOG_BOTH: Log at the beginning and end of connection LOG_NONE: Do not log connection |
||
| users | False | [object] | A Set object containing TrafficIdentity objects. A TrafficIdentity object represents a User/Group of an Active Directory(AD). Allowed types are: [User, TrafficUser, TrafficUserGroup, SpecialRealm, LDAPRealm, ActiveDirectoryRealm, LocalIdentitySource] |
||
| embeddedAppFilter | False | object | An optional EmbeddedAppFilter object. Providing an object will make the rule be applied only to traffic matching provided app filter's condition(s). | ||
| urlFilter | False | object | An optional EmbeddedURLFilter object. Providing an object will make the rule be applied only to traffic matching provided url filter's condition(s). | ||
| intrusionPolicy | False | object | An optional IntrusionPolicy object. Specify an IntrusionPolicy object if you would like the traffic passing through the rule be inspected by the IP object. Field level constraints: requires threat license. (Note: Additional constraints might exist) Allowed types are: [IntrusionPolicy] |
||
| filePolicy | False | object | An optional FilePolicy object. Providing an object will make the rul be applied only to traffic matching the provided file policy's condition(s). Field level constraints: requires malware license. (Note: Additional constraints might exist) Allowed types are: [FilePolicy] |
||
| logFiles | False | boolean | An optional Boolean object. Logs files matching to the current rule if set to true. Default option is false | ||
| syslogServer | False | object | An optional SyslogServer object. Specify a syslog server if you want a copy of events matching the current rule to be sent to an external syslog server. Allowed types are: [SyslogServer] |
||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | ||
Path Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| parentId | True | string | |||
Query Parameters
| Parameter | Required | Type | Description | ||
|---|---|---|---|---|---|
| at | False | integer | An integer representing where to add the new object in the ordered list. Use 0 to add it at the beginning of the list. If not specified, it will be added at the end of the list | ||
Example
- name: Execute 'addAccessRule' operation
ftd_configuration:
operation: "addAccessRule"
data:
name: "{{ name }}"
sourceZones: "{{ source_zones }}"
destinationZones: "{{ destination_zones }}"
sourceNetworks: "{{ source_networks }}"
destinationNetworks: "{{ destination_networks }}"
sourcePorts: "{{ source_ports }}"
destinationPorts: "{{ destination_ports }}"
ruleAction: "{{ rule_action }}"
eventLogAction: "{{ event_log_action }}"
users: "{{ users }}"
embeddedAppFilter: "{{ embedded_app_filter }}"
urlFilter: "{{ url_filter }}"
intrusionPolicy: "{{ intrusion_policy }}"
filePolicy: "{{ file_policy }}"
logFiles: "{{ log_files }}"
syslogServer: "{{ syslog_server }}"
type: "{{ type }}"
path_params:
parentId: "{{ parent_id }}"
query_params:
at: "{{ at }}"