editAccessPolicy
The editAccessPolicy operation handles configuration related to AccessPolicy model.
Description
This API call is not allowed on the standby unit in an HA pair.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | True | string | A string containing the name of the Access Policy. The string should not contain HTML content. | |||
| defaultAction | False | object | An optional AccessDefaultAction. Provide an AccessDefaultAction object to set a default action to AccessPolicy. | |||
| sslPolicy | False | object | An optional SSLPolicy object. Provide a SSLPolicy object to associate with the given AccessPolicy Allowed types are: [SSLPolicy] |
|||
| certVisibilityEnabled | True | boolean | A Boolean value, TRUE or FALSE (the default). The Certificate Visibility feature provides the ability to make policy decisions on TLS1.3 connections based on information in the TLS certificate without needing to decrypt the traffic. The TRUE value indicates that the Certificate Visibility feature is enabled. A FALSE value indicates that the SSL Certificate Visibility feature is disabled. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| networkAnalysisPolicy | False | object | ||||
| advancedSettings | False | object | Provide an AccessAdvancedSettings object to set dnsReputationEnforcementEnabled to AccessPolicy. | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| identityPolicySetting | False | object | An optional IdentityPolicy object. Provide an IdentityPolicy object to associate with the given AccessPolicy. Allowed types are: [IdentityPolicy] |
|||
| securityIntelligence | False | object | An optional SecurityIntelligencePolicy. Provide a SecurityIntelligencePolicy object to associate with the given AccessPolicy Field level constraints: requires threat license. (Note: Additional constraints might exist) Allowed types are: [SecurityIntelligencePolicy] |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Path Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| objId | True | string | ||||
Example
- name: Execute 'editAccessPolicy' operation
ftd_configuration:
operation: "editAccessPolicy"
data:
version: "{{ version }}"
name: "{{ name }}"
defaultAction: "{{ default_action }}"
sslPolicy: "{{ ssl_policy }}"
certVisibilityEnabled: "{{ cert_visibility_enabled }}"
networkAnalysisPolicy: "{{ network_analysis_policy }}"
advancedSettings: "{{ advanced_settings }}"
id: "{{ id }}"
identityPolicySetting: "{{ identity_policy_setting }}"
securityIntelligence: "{{ security_intelligence }}"
type: "{{ type }}"
path_params:
objId: "{{ obj_id }}"