Create SASE Config (v3.0)
POST/v3.0/api/tenants/:tenant_id/prismasase_connections/configs
Create a new SASE connection config.
Request
Path Parameters
The tenant ID.
- application/json
Body
- Array [
- ]
- Array [
- ]
The BGP route map deployment mode.
The SASE connection global configuration ID.
ipsec_profile IPSecProfilerequired
The details of the IPSec profile.
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
esp_group ESPGroup
The ESP group defined for the IPsec profile.
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
ike_group IKEGroup
The IKE group defined on the IPsec profile.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
The Prisma SD-WAN BGP AS number.
The security zone ID.
The service link inner IP pool.
Responses
- 200
- 400
Successful Operation
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
- Array [
- ]
Deployment Mode: Required(error = BGP_DEPLOYMENT_MODE_MISSING: Bgp route map deployment mode is missing.)
Id
ipsec_profile IPSecProfilerequired
Ipsec Profile: Required(error = IPSEC_PROFILE_MISSING: IPSec Profile is missing.) Valid
The DPD delay time in seconds (should be between 1-60 seconds) for IKEv1.
If DPD is enabled for the IPsec profile.
esp_group ESPGroup
The ESP group defined for the IPsec profile.
The life time for the ESP Group. The default lifetime of an ESP Group is 24 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the ESP sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
ike_group IKEGroup
The IKE group defined on the IPsec profile.
The life time for the IKE Group. The default lifetime of an IKE Group is 72 hours.
proposals Proposals[]required
Information on the IPsec proposals. Proposals is a list of crypto parameters to be used to secure the IKE sessions between the ION device and the endpoint.
Possible values: [NONE
, MODP768
, MODP1024
, MODP1536
, MODP2048
, MODP3072
, MODP4096
, MODP6144
, MODP8192
, MODP1024S160
, MODP2048S224
, MODP2048S256
, ECP192
, ECP224
, ECP256
, ECP384
, ECP521
, ECP224BP
, ECP256BP
, ECP384BP
, ECP512BP
, CURVE25519
]
The DH group values.
Possible values: [NONE
, AES128
, AES192
, AES256
, AES128CTR
, AES192CTR
, AES256CTR
, AES128CCM16
, AES128CCM64
, AES192CCM64
, AES256CCM64
, AES128CCM96
, AES192CCM96
, AES256CCM96
, AES128CCM128
, AES192CCM128
, AES256CCM128
, AES128GCM16
, AES128GCM64
, AES192GCM64
, AES256GCM16
, AES256GCM64
, AES128GCM96
, AES192GCM96
, AES256GCM96
, AES128GCM128
, AES192GCM128
, AES256GCM128
, AES128GMAC
, AES192GMAC
, AES256GMAC
, TRIPLEDES
, BLOWFISH128
, BLOWFISH192
, BLOWFISH256
, CAMELLIA128
, CAMELLIA192
, CAMELLIA256
, SERPENT128
, SERPENT192
, SERPENT256
, TWOFISH128
, TWOFISH192
, TWOFISH256
]
The encryption values.
Possible values: [MD5
, SHA1
, SHA256
, SHA384
, SHA512
, SHA256_96
, AESXCBC
, AES128GMAC
, AES192GMAC
, AES256GMAC
, NONE
]
The hash values.
Prisma Sdwan Bgp As Number: Required(error = PRISMA_ACCESS_BGP_NUMBER_MISSING: Prisma access bgp number missing) Size(max = 256, error = LOCAL_AS_NUM_EXCEEDS_LIMIT: Local as number exceeds limit, min = 0)
Security Zone Id
Tunnel Cidr: Required(error = SERVICE_LINK_INNER_IP_POOL_MISSING: Service link inner ip pool missing) IPAddress(allowEmpty = true, allowLinkLocal = false, allowNull = true, bcast = DENY, defaultRoute = false, dnsCheck = false, error = SERVICE_LINK_INNER_IP_POOL_INVALID: Service link inner ip pool invalid, type = SERVICE_LINK_TUNNEL_IP)
{
"deployment_mode": "string",
"id": "string",
"ipsec_profile": {
"dpd_delay": 0,
"dpd_enable": true,
"esp_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
},
"ike_group": {
"lifetime": 0,
"proposals": [
{
"dh_groups": "NONE",
"encryption": "NONE",
"hash": "MD5"
}
]
}
},
"prisma_sdwan_bgp_as_number": "string",
"security_zone_id": "string",
"tunnel_cidr": "string"
}
Bad Request
- application/json
- Schema
- Example (from schema)
- Example
Schema
- Array [
- ]
_error ErrorResponse[]
The error code.
The error message.
{
"_error": [
{
"code": "string",
"message": "string"
}
]
}
{
"value": {
"_error": [
{
"code": "INVALID_JSON_EXTRA_ATTRIBUTE"
},
{
"code": "PRISMA_ACCESS_BGP_NUMBER_MISSING"
},
{
"code": "PRISMA_ACCESS_BGP_NUMBER_INVALID"
},
{
"code": "SERVICE_LINK_INNER_IP_POOL_MISSING"
},
{
"code": "SERVICE_LINK_INNER_IP_POOL_INVALID"
},
{
"code": "IPSECCONFIG_INVALID_DPD_DELAY"
},
{
"code": "IPSECCONFIG_INVALID_IKE_LIFETIME"
},
{
"code": "IPSECCONFIG_INVALID_DHGROUPS"
},
{
"code": "IPSECCONFIG_INVALID_ENCRYPTION"
},
{
"code": "IPSECCONFIG_INVALID_HASH"
},
{
"code": "LOCAL_AS_NUM_EXCEEDS_LIMIT"
},
{
"code": "IPSEC_PROFILE_MISSING"
},
{
"code": "BGP_DEPLOYMENT_MODE_MISSING"
},
{
"code": "INVALID_DEPLOYMENT_MODE"
}
]
}
}