Edit Firewall Rules Using NSX-v API
search cancel

Edit Firewall Rules Using NSX-v API

book

Article ID: 325442

calendar_today

Updated On:

Products

VMware NSX for vSphere

Issue/Introduction

This solution provides the steps to edit the firewall rules using API on NSX for vSphere.

 

Environment

VMware NSX for vSphere 6.4.x

Resolution

  1. Run a GET call for the firewall section to add a rule. To add a rule to the top most section, run a GET call for the complete firewall configuration.
    Method: GET
    URL: https://NSX-Manager-IP-Address/api/4.0/firewall/globalroot-0/config/layer3sections\layer2sections/sectionId/rules/ruleId

    Response Body:
     
         Exclude Mgmt. Services   allow            DISTRIBUTED_FIREWALL     DISTRIBUTED_FIREWALL     DISTRIBUTED_FIREWALL     true          1007            MGMT Servers     securitygroup-11     SecurityGroup     true          inout   any  ​

     
  2. Extract the XML from the response body of the GET call above and modify it as required.
     
  3. From the Response Header in Step 1 (the GET command), copy the Etag header value. Each section contains its own Etag, GenerationNumber, and timestamp. When adding a new rule, you must use the Etag value of the firewall. section to which you wish to add the rule.
     
  4. Add the Etag number as the If‐Match header in the POST call.
  5. Pass the modified XML as the Request Body in a POST call.

    For more information on API Guidelines, see NSX API Guide.