Create Network Policy Rule (v2.2)
POST/v2.2/api/tenants/:tenant_id/networkpolicysets/:policy_set_id/networkpolicyrules
Create a new network policy rule.
Request
Path Parameters
The tenant ID.
The network policy set ID.
- application/json
Body
Details of the network policy to be created
- Array [
- ]
- Array [
- ]
- Array [
- ]
The app definition IDs that have applied network policy rules. The number of applications for a policy rule is limited to 256.
The description of the network policy rule. Max size = 256.
The destination prefix ID.
The network policy rule based on rules that are enabled.
The network policy rule ID.
The name of the network policy rule. Max size = 128.
The network context applied to the network policy rule. Network context segments network traffic for the purpose of applying different network policy rules for the same application.
The network policy rule order number. The default order number for a policy rule is 1024.
paths_allowed PathsAllowedV2N1required
The paths allowed for the application.
active_paths WANPath[]
The configured active path for the rule.
The label to identify the path.
Possible values: [vpn
, direct
, servicelink
]
The path type.
backup_paths WANPath[]
The configured backup path for the rule.
The label to identify the path.
Possible values: [vpn
, direct
, servicelink
]
The path type.
l3_failure_paths WANPath[]
The configured l3 failure path for the rule.
The label to identify the path.
Possible values: [vpn
, direct
, servicelink
]
The path type.
service_context ServiceContext
Information on the service context.
The configured active service label ID.
Possible values: [CG_TRANSIT
, NON_CG_TRANSIT
, SASE
]
The configured active service label type.
The configured backup service label ID.
Possible values: [CG_TRANSIT
, NON_CG_TRANSIT
, SASE
]
The configured backup service label type.
Possible values: [ALLOWED_TRANSIT
, REQUIRED_TRANSIT
]
The type of service context.
The ID of the source prefixes.
A information field that can be added to identify the network policy rule. Maximum 10 unique tags of length 1024 each are allowed.
user_or_group UserGroup
The details of the user or group.
The user group IDs.
The user IDs.
Responses
- 200
- 400
Successful Operation
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
- Array [
- ]
The app definition IDs that have applied network policy rules. The number of applications for a policy rule is limited to 256.
The description of the network policy rule. Max size = 256.
The destination prefix ID.
The network policy rule based on rules that are enabled.
The network policy rule ID.
The name of the network policy rule. Max size = 128.
The network context applied to the network policy rule. Network context segments network traffic for the purpose of applying different network policy rules for the same application.
The network policy rule order number. The default order number for a policy rule is 1024.
paths_allowed PathsAllowedV2N1required
The paths allowed for the application.
active_paths WANPath[]
The configured active path for the rule.
The label to identify the path.
Possible values: [vpn
, direct
, servicelink
]
The path type.
backup_paths WANPath[]
The configured backup path for the rule.
The label to identify the path.
Possible values: [vpn
, direct
, servicelink
]
The path type.
l3_failure_paths WANPath[]
The configured l3 failure path for the rule.
The label to identify the path.
Possible values: [vpn
, direct
, servicelink
]
The path type.
service_context ServiceContext
Information on the service context.
The configured active service label ID.
Possible values: [CG_TRANSIT
, NON_CG_TRANSIT
, SASE
]
The configured active service label type.
The configured backup service label ID.
Possible values: [CG_TRANSIT
, NON_CG_TRANSIT
, SASE
]
The configured backup service label type.
Possible values: [ALLOWED_TRANSIT
, REQUIRED_TRANSIT
]
The type of service context.
The ID of the source prefixes.
A information field that can be added to identify the network policy rule. Maximum 10 unique tags of length 1024 each are allowed.
user_or_group UserGroup
The details of the user or group.
The user group IDs.
The user IDs.
{
"app_def_ids": [
"string"
],
"destination_prefixes_id": "string",
"enabled": true,
"id": "string",
"name": "string",
"network_context_id": "string",
"order_number": 0,
"paths_allowed": {
"active_paths": [
{
"label": "string",
"path_type": "vpn"
}
],
"backup_paths": [
{
"label": "string",
"path_type": "vpn"
}
],
"l3_failure_paths": [
{
"label": "string",
"path_type": "vpn"
}
]
},
"service_context": {
"active_service_label_id": "string",
"active_service_label_type": "CG_TRANSIT",
"backup_service_label_id": "string",
"backup_service_label_type": "CG_TRANSIT",
"type": "ALLOWED_TRANSIT"
},
"source_prefixes_id": "string",
"tags": [
"string"
],
"user_or_group": {
"user_group_ids": [
"string"
],
"user_ids": [
"string"
]
}
}
Bad Request
- application/json
- Schema
- Example (from schema)
- Example
Schema
- Array [
- ]
_error ErrorResponse[]
The error code.
The error message.
{
"_error": [
{
"code": "string",
"message": "string"
}
]
}
{
"value": {
"_error": [
{
"code": "DUPLICATE_APP_DEF_IDS"
},
{
"code": "APP_DEF_ID_LIST_SIZE_EXCEEDED"
},
{
"code": "INVALID_NETWORK_CONTEXT_ID"
},
{
"code": "INVALID_ORDER_NUMBER_MINIMUM_VAL"
},
{
"code": "INVALID_ORDER_NUMBER_MAXIMUM_VAL"
},
{
"code": "INVALID_SOURCE_PREFIXES_ID"
},
{
"code": "INVALID_DESTINATION_PREFIXES_ID"
},
{
"code": "PATHS_ALLOWED_REQUIRED"
},
{
"code": "INVALID_JSON_EXTRA_ATTRIBUTE"
},
{
"code": "NETWORKPOLICYSET_NOT_PRESENT"
},
{
"code": "POLICYRULE_CREATION_NOT_ALLOWED"
},
{
"code": "INVALID_POLICYSET_STATE"
},
{
"code": "INVALID_DEFAULT_RULE_FLAG"
},
{
"code": "POLICYRULE_CONFIG_DEFAULT_RULE_NAME"
},
{
"code": "POLICYRULE_CONFIG_INVALID_APPDEF_IDS"
},
{
"code": "POLICYRULE_CONFIG_INVALID_NETWORK_CONTEXT"
},
{
"code": "POLICYRULE_CONFIG_INVALID_SOURCE_PREFIX"
},
{
"code": "POLICYRULE_CONFIG_INVALID_DESTINATION_PREFIX"
},
{
"code": "POLICYRULE_CONFIG_ACTIVE_BACKUP_SERVICELABELS_SAME"
},
{
"code": "POLICYRULE_CONFIG_SERVICELABEL_DOES_NOT_EXIST"
},
{
"code": "POLICYRULE_CONFIG_INVALID_SERVICE_LABEL_ALLOWED_TRANSIT"
},
{
"code": "POLICYRULE_CONFIG_INVALID_SERVICE_LABEL_REQUIRED_TRANSIT"
},
{
"code": "POLICYRULE_CONFIG_INVALID_CGTRANSIT_VPNPATH_MISSING"
},
{
"code": "POLICYRULE_CONFIG_DUPLICATE_PATHS_SPECIFIED"
},
{
"code": "POLICYRULE_CONFIG_ALREADY_EXISTS_FOR_THE_APPS"
}
]
}
}