To get the list of NSX-T firewall rules assigned to an NSX-T edge gateway, use the following request:

GET /nsxt_edge_gateways/:nsxt_edge_gateway_id/nsxt_firewall_rules.xml
GET /nsxt_edge_gateways/:nsxt_edge_gateway_id/nsxt_firewall_rules.json

XML Request Example

curl -i -X GET http://onapp.test/nsxt_edge_gateways/26/nsxt_firewall_rules.json -u user_email:api_key -H 'Accept: application/json' -H 'Content-Type: application/json'
CODE


JSON Request Example

curl -i -X GET http://onapp.test/nsxt_edge_gateways/26/nsxt_firewall_rules.xml -u user_email:api_key -H 'Accept: application/xml' -H 'Content-Type: application/xml'
CODE


XML Output Example

<vcloud_nsxt_firewall_rules type="array">
  <vcloud_nsxt_firewall_rule>
    <id type="integer">2</id>
    <identifier>D2C67EFD-E7CB-A559-8E24-54E5F2D40E0A</identifier>
    <label>pgyyb2d0ahn1yt87mjt56bw9w69dxslxyks</label>
    <status nil="true"/>
    <description>Qui non ut maiores qui itaque est error unde hic tenetur voluptatibus iusto.</description>
    <direction>OUT</direction>
    <ip_protocol>IPV4</ip_protocol>
    <action>ALLOW</action>
    <rule_type>user_defined_rules</rule_type>
    <enabled type="boolean">false</enabled>
    <logging type="boolean">false</logging>
    <vcloud_nsxt_edge_gateway_id type="integer">14</vcloud_nsxt_edge_gateway_id>
    <created_at type="dateTime">2021-12-29T14:06:12Z</created_at>
    <updated_at type="dateTime">2021-12-29T14:06:12Z</updated_at>
    <version type="integer">4</version>
    <sources type="array">
      <source>
        <type>security_group</type>
        <id type="integer">7</id>
        <identifier>E65C5396-AC03-169D-6D5A-31EB35BB004A</identifier>
      </source>
      <source>
        <type>security_group</type>
        <id type="integer">8</id>
        <identifier>EE41418C-343B-4692-2ABC-6EC70CC0B0F5</identifier>
      </source>
      <source>
        <type>security_group</type>
        <id type="integer">9</id>
        <identifier>757CA033-9DDA-BC38-FF37-2EB4210F3ABC</identifier>
      </source>
    </sources>
    <destinations type="array">
      <destination>
        <type>security_group</type>
        <id type="integer">10</id>
        <identifier>894B12C9-58B4-6B5F-D92E-05773E862C93</identifier>
      </destination>
      <destination>
        <type>security_group</type>
        <id type="integer">11</id>
        <identifier>DA021570-5927-EBB6-B699-79650C68B48E</identifier>
      </destination>
      <destination>
        <type>security_group</type>
        <id type="integer">12</id>
        <identifier>5DE7FC6D-ABC0-D54E-8E23-F0824DF94949</identifier>
      </destination>
    </destinations>
    <applications type="array">
      <application>
        <id type="integer">4</id>
        <identifier>4FA86424-783C-8465-105C-F9101909FA07</identifier>
      </application>
      <application>
        <id type="integer">5</id>
        <identifier>322D9318-1B37-B717-A370-00E48BDCE634</identifier>
      </application>
      <application>
        <id type="integer">6</id>
        <identifier>9679210F-DB2B-278B-CF7C-4F858D23E522</identifier>
      </application>
    </applications>
  </vcloud_nsxt_firewall_rule>
</vcloud_nsxt_firewall_rules>
CODE


Where:

vcloud_nsxt_firewall_rules - the array of firewalls rules assigned to the NSX-T edge gateway

    id - the ID of the firewall rule
    identifier - the identifier of the firewall rule, which is used to synchronize the firewall rules between vCloud and OnApp
    label - the name of the firewall rule
    status - the parameter imported from the VCD side, is always nil
    description - the parameter imported from the VCD side
    direction - the direction of traffic from the point of view of the destination object. It can be IN, OUT, and IN_OUT; the default value is IN_OUT. IN means that only traffic to the object is checked, OUT means
that only traffic from the object is checked, and IN_OUT means that traffic in both directions is checked
    ip_protocol - the Internet Protocol version, only IPv4 is supported
    action - the action applied by the rule. It can be ALLOW or DROP. The default is ALLOW
    rule_type - the type of the firewall rule in OnApp. It can be only user_defined, created on the OnApp side
    enabledtrue, if the service is enabled; otherwise, false
    logging - true, if logging is enabled for this rule; otherwise, false
    vcloud_nsxt_edge_gateway_id - the ID of the NSX-T edge gateway
    created_at - the date when the firewall service was created in the [YYYY][MM][DD]T[hh][mm][ss]Z format
    updated_at - the date when the firewall service was updated in the [YYYY][MM][DD]T[hh][mm][ss]Z format
    version - the version of the firewall rule. It is 0 when a rule is just created, 1 if it has been edited once, 2 if it has been edited twice, and so on
    (lightbulb) sources - the array of IP sets and security groups

        type - the type of the source, can be either ip_set or security_group
         id - the ID of the source
        identifier - the identifier of the source

    (lightbulb) destinations - the array of destinations for the rule

      type - the type of the destination, can be either security_group or ip_set
       id - the ID of the destination
       identifier - the identifier of the destination

   (lightbulb)  applications -  the array of application port profiles used for the rule

      id - the ID of the application
       identifier - the identifier of the application


Page History

v 6.7 Edge 1

  • Added the following arrays and parameters:
    • sources
      • type
      • id
      • identifier
    • destinations
      • type
      • id
      • identifier
    • applications
      • id
      • identifier