Create SASE Config (v3.0)
POST/v3.0/api/tenants/:tenant_id/prismasase_connections/configs
Create a new SASE connection config.
Request
Path Parameters
The tenant ID.
- application/json
Body
- Array [
- ]
- Array [
- ]
The BGP route map deployment mode.
The SASE connection global configuration ID.
ipsec_profile IPSecProfilerequired
The details of the IPSec profile.
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
esp_group ESPGroup
The ESP group defined for the IPsec profile.
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
ike_group IKEGroup
The IKE group defined on the IPsec profile.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
The Prisma SD-WAN BGP AS number.
The security zone ID.
The service link inner IP pool.
Responses
- 200
- 400
Successful Operation
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
Deployment Mode: Required(error = BGP_DEPLOYMENT_MODE_MISSING: Bgp route map deployment mode is missing.)
Id
ipsec_profile IPSecProfilerequired
Ipsec Profile: Required(error = IPSEC_PROFILE_MISSING: IPSec Profile is missing.) Valid
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
esp_group ESPGroup
The ESP group defined for the IPsec profile.
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
ike_group IKEGroup
The IKE group defined on the IPsec profile.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE, MODP768, MODP1024, MODP1536, MODP2048, MODP3072, MODP4096, MODP6144, MODP8192, MODP1024S160, MODP2048S224, MODP2048S256, ECP192, ECP224, ECP256, ECP384, ECP521, ECP224BP, ECP256BP, ECP384BP, ECP512BP, CURVE25519]
The DH group values.
Possible values: [NONE, AES128, AES192, AES256, AES128CTR, AES192CTR, AES256CTR, AES128CCM16, AES128CCM64, AES192CCM64, AES256CCM64, AES128CCM96, AES192CCM96, AES256CCM96, AES128CCM128, AES192CCM128, AES256CCM128, AES128GCM16, AES128GCM64, AES192GCM64, AES256GCM16, AES256GCM64, AES128GCM96, AES192GCM96, AES256GCM96, AES128GCM128, AES192GCM128, AES256GCM128, AES128GMAC, AES192GMAC, AES256GMAC, TRIPLEDES, BLOWFISH128, BLOWFISH192, BLOWFISH256, CAMELLIA128, CAMELLIA192, CAMELLIA256, SERPENT128, SERPENT192, SERPENT256, TWOFISH128, TWOFISH192, TWOFISH256]
The encryption values.
Possible values: [MD5, SHA1, SHA256, SHA384, SHA512, SHA256_96, AESXCBC, AES128GMAC, AES192GMAC, AES256GMAC, NONE]
The hash values.
Prisma Sdwan Bgp As Number: Required(error = PRISMA_ACCESS_BGP_NUMBER_MISSING: Prisma access bgp number missing) Size(max = 256, error = LOCAL_AS_NUM_EXCEEDS_LIMIT: Local as number exceeds limit, min = 0)
Security Zone Id
Tunnel Cidr: Required(error = SERVICE_LINK_INNER_IP_POOL_MISSING: Service link inner ip pool missing) IPAddress(allowEmpty = true, allowLinkLocal = false, allowNull = true, bcast = DENY, defaultRoute = false, dnsCheck = false, error = SERVICE_LINK_INNER_IP_POOL_INVALID: Service link inner ip pool invalid, type = SERVICE_LINK_TUNNEL_IP)
{
"deployment_mode": "string",
"id": "string",
"ipsec_profile": {
"dpd_delay": 0,
"dpd_enable": true,
"esp_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"ike_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
}
},
"prisma_sdwan_bgp_as_number": "string",
"security_zone_id": "string",
"tunnel_cidr": "string"
}
Bad Request
- application/json
- Schema
- Example (from schema)
- Example
Schema
- Array [
- ]
_error ErrorResponse[]
The error code.
The error message.
{
"_error": [
{
"code": "string",
"message": "string"
}
]
}
{
"value": {
"_error": [
{
"code": "INVALID_JSON_EXTRA_ATTRIBUTE"
},
{
"code": "PRISMA_ACCESS_BGP_NUMBER_MISSING"
},
{
"code": "PRISMA_ACCESS_BGP_NUMBER_INVALID"
},
{
"code": "SERVICE_LINK_INNER_IP_POOL_MISSING"
},
{
"code": "SERVICE_LINK_INNER_IP_POOL_INVALID"
},
{
"code": "IPSECCONFIG_INVALID_DPD_DELAY"
},
{
"code": "IPSECCONFIG_INVALID_IKE_LIFETIME"
},
{
"code": "IPSECCONFIG_INVALID_DHGROUPS"
},
{
"code": "IPSECCONFIG_INVALID_ENCRYPTION"
},
{
"code": "IPSECCONFIG_INVALID_HASH"
},
{
"code": "LOCAL_AS_NUM_EXCEEDS_LIMIT"
},
{
"code": "IPSEC_PROFILE_MISSING"
},
{
"code": "BGP_DEPLOYMENT_MODE_MISSING"
},
{
"code": "INVALID_DEPLOYMENT_MODE"
}
]
}
}