Using global API call for firewall rule statistics returns error.
search cancel

Using global API call for firewall rule statistics returns error.

book

Article ID: 373570

calendar_today

Updated On:

Products

VMware vDefend Firewall

Issue/Introduction

In a Federation environment using Global Manager to push firewall rules out to the Local Managers gets a "400 Bad Request" error when you using the API command for global management firewall statistics. 

API Call = API guide: /policy/api/v1/global-infra/domains/<domain-id>/security-policies/<security-policy-id>/rules/<rule-id>/statistics  

Using REST API Call to get statistics from an individual firewall ID applied by a Federation NSX-T Manager will need more criteria in the API Call to provide the correct stats output. 

Environment

NSX-T Federation 3.2.x
NSX-T Federation 4.x

Cause

This is a complicated API Call that will require additional syntax to get all the proper identifiers, ID's, or UUID's. Some of this syntax could be collected by shorting the API Call to find ID's needed for a proper call. The below example with bold highlight would need unique criteria populated. 
-
Full API Call = https://global-manager/api/v1/global-infra/domains/default/security-policies/security-policy-id/rules/rule-id/statistics?enforcement_point_path=/global-infra/sites/Site-Name/enforcement-points/default 

Resolution

This provided API Command might have to be adjusted per environment.

Full API Call example pulled from API Guide:
https://global-manager/api/v1/global-infra/domains/default/security-policies/security-policy-id/rules/rule-id/statistics?enforcement_point_path=/global-infra/sites/Site-Name/enforcement-points/default 

Example's to find name ID/UUID criteria:

This will post all domains, most environments will be default, if not choose the domain you need the statistics from.
https://global-manager/api/v1/global-infra/domains/ 

This will post all policy ID's, choose one including the rule for statistics.
https://global-manager/api/v1/global-infra/domains/default/security-policies/ 

This will post all rules in the policy ID, choose the rule you want statistics from.
https://global-manager/api/v1/global-infra/domains/default/security-policies/security-policy-id/rules/

This will post all local sites the Federation Manager controls, choose a site where the policy and rule are located. 
https://global-manager/api/v1/global-infra/domains/default/security-policies/security-policy-id/rules/rule-id/statistics?enforcement_point_path=/global-infra/sites 

Completed API Call with proper criteria and syntax. 
https://NSX-T-Manager-IP/global-manager/api/v1/global-infra/domains/default/security-policies/API-TEST-Policy/rules/API-Test-Rule/statistics?enforcement_point_path=/global-infra/sites/London/enforcement-points/default

Additional Information

API Guide: Make sure to select the proper version you are using in your environment. 
https://developer.broadcom.com/xapis/nsx-t-data-center-rest-api/2.3/getting-started/index?scrollString=NSX-T

Powered by Wolken Software