To get the list of NSX-T firewall rules assigned to an NSX-T edge gateway, use the following request:

GET /nsxt_edge_gateways/:nsxt_edge_gateway_id/nsxt_firewall_rules.xml
GET /nsxt_edge_gateways/:nsxt_edge_gateway_id/nsxt_firewall_rules.json

XML Request Example

curl -i -X GET http://onapp.test/nsxt_edge_gateways/26/nsxt_firewall_rules.json -u user_email:api_key -H 'Accept: application/json' -H 'Content-Type: application/json'

JSON Request Example

curl -i -X GET http://onapp.test/nsxt_edge_gateways/26/nsxt_firewall_rules.xml -u user_email:api_key -H 'Accept: application/xml' -H 'Content-Type: application/xml'

XML Output Example

<vcloud_nsxt_firewall_rules type="array">
    <id type="integer">2</id>
    <status nil="true"/>
    <description>Qui non ut maiores qui itaque est error unde hic tenetur voluptatibus iusto.</description>
    <enabled type="boolean">false</enabled>
    <logging type="boolean">false</logging>
    <vcloud_nsxt_edge_gateway_id type="integer">14</vcloud_nsxt_edge_gateway_id>
    <created_at type="dateTime">2021-12-29T14:06:12Z</created_at>
    <updated_at type="dateTime">2021-12-29T14:06:12Z</updated_at>
    <version type="integer">4</version>
    <sources type="array">
        <id type="integer">7</id>
        <id type="integer">8</id>
        <id type="integer">9</id>
    <destinations type="array">
        <id type="integer">10</id>
        <id type="integer">11</id>
        <id type="integer">12</id>
    <applications type="array">
        <id type="integer">4</id>
        <id type="integer">5</id>
        <id type="integer">6</id>


vcloud_nsxt_firewall_rules - the array of firewalls rules assigned to the NSX-T edge gateway

    id - the ID of the firewall rule
    identifier - the identifier of the firewall rule, which is used to synchronize the firewall rules between vCloud and OnApp
    label - the name of the firewall rule
    status - the parameter imported from the VCD side, is always nil
    description - the parameter imported from the VCD side
    direction - the direction of traffic from the point of view of the destination object. It can be IN, OUT, and IN_OUT; the default value is IN_OUT. IN means that only traffic to the object is checked, OUT means
that only traffic from the object is checked, and IN_OUT means that traffic in both directions is checked
    ip_protocol - the Internet Protocol version, only IPv4 is supported
    action - the action applied by the rule. It can be ALLOW or DROP. The default is ALLOW
    rule_type - the type of the firewall rule in OnApp. It can be only user_defined, created on the OnApp side
    enabledtrue, if the service is enabled; otherwise, false
    logging - true, if logging is enabled for this rule; otherwise, false
    vcloud_nsxt_edge_gateway_id - the ID of the NSX-T edge gateway
    created_at - the date when the firewall service was created in the [YYYY][MM][DD]T[hh][mm][ss]Z format
    updated_at - the date when the firewall service was updated in the [YYYY][MM][DD]T[hh][mm][ss]Z format
    version - the version of the firewall rule. It is 0 when a rule is just created, 1 if it has been edited once, 2 if it has been edited twice, and so on
    (lightbulb) sources - the array of IP sets and security groups

        type - the type of the source, can be either ip_set or security_group
         id - the ID of the source
        identifier - the identifier of the source

    (lightbulb) destinations - the array of destinations for the rule

      type - the type of the destination, can be either security_group or ip_set
       id - the ID of the destination
       identifier - the identifier of the destination

   (lightbulb)  applications -  the array of application port profiles used for the rule

      id - the ID of the application
       identifier - the identifier of the application

Page History

v 6.7 Edge 1

  • Added the following arrays and parameters:
    • sources
      • type
      • id
      • identifier
    • destinations
      • type
      • id
      • identifier
    • applications
      • id
      • identifier