Update a Security Rule
PUT/v1/config/rulestacks/:rulestackname/rulelists/:rulelistname/priorities/:priority
Update a security rule associated a specified rulestack.
Request
Path Parameters
The name of the rulestack.
The name of the rulelist.
The security rule priority.
- application/json
Body
- Array [
- ]
RuleEntry objectrequired
Details of the rule entry.
Possible values: [Allow
, DenySilent
, DenyResetServer
, DenyResetBoth
]
Default value: Allow
Security rule actions: Allow
, DenySilent
, DenyResetServer
, DenyResetBoth
.
Default value: Any
Application details.
Possible values: <= 512 characters
Audit remarks.
Category object
Security rule category.
Specify Intelligence Feed as the source or destination of your security rule.
Specify URL categories in security rules to block or allow access to websites.
Possible values: [SSLOutboundInspection
]
Decryption policy rule.
Possible values: <= 512 characters
Rule entry description.
Max length: 512 characters
, Pattern: Any character ^.*$
.
Destination object
Rule entry destination.
Default value: Any
The CIDR block or range as the destination of your security rule.
Country as the destination of your security rule
Intelligence Feed as the destination of your security rule.
Fully Qualified Domain Name (FQDN) list as the destination of your security rule.
Grouped IP addresses as the destination of your security rule.
Default value: true
Specify whether or not the rule is enabled.
Specify whether or not logging is enabled.
Rule to negate a specified destination.
Rule to negate a specified source.
Default value: application-default
Application protocol.
Possible values: non-empty
and <= 128 characters
, Value must match regular expression ^[a-zA-Z0-9-]+$
Name of the rule entry.
Length: 0-48 characters
, Pattern: ^[a-zA-Z0-9-]+$
.
Source object
Traffic source.
Default value: Any
The CIDR block or range as the source of your security rule.
Country as the source of your security rule
Intelligence Feed as the source of your security rule.
Grouped IP addresses as the source of your security rule.
Tags object[]
Possible values: <= 200
The key:value pairs to associate with a resource.
Possible values: non-empty
and <= 128 characters
A unique identifier in the key-value pair. The constant that defines the data set. .
Possible values: non-empty
and <= 128 characters
The variable that belongs to the data set.
Refresh token.
Responses
- 200
OK
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- InvalidRequestException—Operation failed due to invalid request. For example, unsupported parameter name, value, priority, or length in the request.
- ResourceNotFoundException—Unable to locate a resource using the parameters you provided. For example, RuleListName is not found, Priority is not found.
- ThrottlingException—Operation failed due to throttling limitations.
- InternalServerError—Your request is valid but Cloud NGFW could not perform the operation due to a system issue.
Response object
The priority of the rule.
RuleEntry object
Details of the rule entry.
Possible values: [Allow
, DenySilent
, DenyResetServer
, DenyResetBoth
]
Default value: Allow
Security rule actions: Allow
, DenySilent
, DenyResetServer
, DenyResetBoth
.
Default value: Any
Application details.
Possible values: <= 512 characters
Audit remarks.
Category object
Security rule category.
Possible values: [SSLOutboundInspection
]
Decryption policy rule.
Possible values: <= 512 characters
Rule entry description.
Max length: 512 characters
, Pattern: Any character ^.*$
.
Destination object
Rule entry destination.
Default value: Any
The CIDR block or range as the destination of your security rule.
Country as the destination of your security rule
Intelligence Feed as the destination of your security rule.
Fully Qualified Domain Name (FQDN) list as the destination of your security rule.
Grouped IP addresses as the destination of your security rule.
Default value: true
Specify whether or not the rule is enabled.
Specify whether or not logging is enabled.
Rule to negate a specified destination.
Rule to negate a specified source.
Default value: application-default
Application protocol.
Possible values: non-empty
and <= 128 characters
, Value must match regular expression ^[a-zA-Z0-9-]+$
Name of the rule entry.
Length: 0-48 characters
, Pattern: ^[a-zA-Z0-9-]+$
.
Source object
Traffic source.
Default value: Any
The CIDR block or range as the source of your security rule.
Country as the source of your security rule
Intelligence Feed as the source of your security rule.
Grouped IP addresses as the source of your security rule.
Tags object[]
Possible values: <= 200
The key:value pairs to associate with a resource.
Possible values: non-empty
and <= 128 characters
A unique identifier in the key-value pair. The constant that defines the data set. .
Possible values: non-empty
and <= 128 characters
The variable that belongs to the data set.
Refresh token.
Name of the rule list.
Length: 0-128 characters
, Pattern: ^[a-zA-Z0-9-]+$
.
Name of the rulestack.
ResponseStatus object
Default value: 0
Default value of a successful response is 0. Any other number indicates an error code.
400—HTTP bad request
500—Bad request
The error description.
{
"Response": {
"Priority": 0,
"RuleEntry": {
"Action": "Allow",
"Applications": [
"string"
],
"AuditComment": "string",
"Category": {
"IntelligentFeeds": [
"string"
],
"URLCategoryNames": [
"string"
]
},
"DecryptionRuleType": "SSLOutboundInspection",
"Description": "string",
"Destination": {
"Cidrs": [
"string"
],
"Countries": [
"string"
],
"Feeds": [
"string"
],
"FqdnLists": [
"string"
],
"PrefixLists": [
"string"
]
},
"Enabled": true,
"Logging": false,
"NegateDestination": false,
"NegateSource": false,
"Protocol": "application-default",
"RuleName": "string",
"Source": {
"Cidrs": [
"string"
],
"Countries": [
"string"
],
"Feeds": [
"string"
],
"PrefixLists": [
"string"
]
},
"Tags": [
{
"Key": "string",
"Value": "string"
}
],
"UpdateToken": "string"
},
"RuleListName": "string",
"RuleStackName": "string"
},
"ResponseStatus": {
"ErrorCode": 0,
"Reason": "string"
}
}