Access Rule#

This class is used to manage Access Rule

class AccessRule#
add(layer, position, name=None, action='Drop', action_settings=None, content=None, content_direction=None, content_negate=None, custom_fields=None, destination=None, destination_negate=None, enabled=None, inline_layer=None, install_on=None, service=None, service_negate=None, service_resource=None, source=None, source_negate=None, time=None, track=None, user_check=None, vpn=None, **kw)#

Create new object.

Parameters

  • layer (str) – Layer that the rule belongs to identified by the name or UID.

  • position (Union[int, str, dict]) – Position in the rulebase. If an integer is provided, it will add the rule at the specific position. If a string is provided, it will add the rule at the position mentioned in the valid values (“top” or “bottom”). Otherwise, you can provide a dictionnary to explain more complex position (see the API documentation).

  • name (str, optional) – Rule name.

  • action (str, optional) – “Accept”, “Drop”, “Ask”, “Inform”, “Reject”, “User Auth”, “Client Auth”, “Apply Layer”.

  • action_settings (dict, optional) – Action settings.

  • content (dict, optional) – List of processed file types that this rule applies on.

  • content_direction (str, optional) – On which direction the file types processing is applied. (“any”, “up” or “down”)

  • content_negate (bool, optional) – True if negate is set for data.

  • custom_fields (dict, optional) – Custom fields.

  • destination (Union[str, List[str]], optional) – Collection of Network objects identified by the name or UID.

  • destination_negate (bool, optional) – True if negate is set for destination.

  • enabled (bool, optional) – Enable/Disable the rule.

  • inline_layer (str, optional) – Inline Layer identified by the name or UID. Relevant only if “Action” was set to

  • Layer". ("Apply) –

  • install_on (Union[str, List[str]], optional) – Which Gateways identified by the name or UID to install the policy on

  • service (Union[str, List[str]], optional) – Collection of Network objects identified by the name or UID.

  • service_negate (bool, optional) – True if negate is set for service.

  • service_resource (str, optional) – Resource of the service identified by the name or UID. When a service-resource exists, the service parameter should contains exactly one service element.

  • source (Union[str, List[str]], optional) – Collection of Network objects identified by the name or UID.

  • source_negate (bool, optional) – True if negate is set for source.

  • time (Union[str, List[str]], optional) – List of time objects. For example: “Weekend”, “Off-Work”, “Every-Day”. Default is Any.

  • track (dict, optional) – Track Settings.

  • user_check (dict, optional) – User check settings.

  • vpn (Union[str, dict, List[dict]], optional) – Communities or Directional. See the API documentation for more information

Keyword Arguments

  • **comments (str, optional) – Comments string.

  • **details-level (str, optional) – The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

  • **ignore-warnings (bool, optional) – Apply changes ignoring warnings. Defaults to False

  • **ignore-errors (bool, optional) – Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. Defaults to False

Returns

The response from the server

Return type

Box

Examples

>>> firewallManagement.access_control_nat.access_rule.add(
... layer="Network",
... position=1,
... name="Rule 1",
... action="Drop",
... action_settings={"enable-identity-captive-portal": False},
... content={},
... content_direction="any",
... content_negate=False,
... custom_fields={"field-1": "", "field-2": "", "field-3": ""},
... destination="Any",
... destination_negate=False,
... enabled=True,
... inline_layer="Inline",
... install_on="",
... service="smtp",
... service_negate=False,
... service_resource="",
... source="Any",
... source_negate=False,
... time=[{"uid": "aa785d6d-7785-aad5-36a3-ab2d74c966ee"}],
... track="",
... user_check="",
... vpn={"community": ["MyIntranet"]},)
delete(layer, uid=None, name=None, rule_number=None, **kw)#

Delete existing object using object name or uid.

Parameters

  • layer (str) – Layer that the rule belongs to identified by the name or UID.

  • uid (str, optional) – Object unique identifier.

  • name (str, optional) – Object name.

  • rule_number (int, optional) – Rule number.

Keyword Arguments

**details-level (str, optional) – The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Returns

The response from the server

Return type

Box

Examples

>>> firewallManagement.access_control_nat.access_rule.delete(
... layer="Network",
... uid="1df8a4b0-fa8b-428b-b649-626b74bf7f81")
set(layer, uid=None, name=None, rule_number=None, new_name=None, new_position=None, action='Drop', action_settings=None, content=None, content_direction=None, content_negate=None, custom_fields=None, destination=None, destination_negate=None, enabled=None, inline_layer=None, install_on=None, service=None, service_negate=None, service_resource=None, source=None, source_negate=None, time=None, track=None, user_check=None, vpn=None, **kw)#

Edit existing object using object name or uid.

Parameters

  • layer (str) – Layer that the rule belongs to identified by the name or UID.

  • uid (str, optional) – Object unique identifier.

  • new_name (str, optional) – New name of the object.

  • position (Union[int, str, dict], optional) – Position in the rulebase. If an integer is provided, it will add the rule at the specific position. If a string is provided, it will add the rule at the position mentioned in the valid values (“top” or “bottom”). Otherwise, you can provide a dictionnary to explain more complex position (see the API documentation).

  • name (str, optional) – Rule name.

  • action (str, optional) – “Accept”, “Drop”, “Ask”, “Inform”, “Reject”, “User Auth”, “Client Auth”, “Apply Layer”.

  • action_settings (dict, optional) – Action settings.

  • content (dict, optional) – List of processed file types that this rule applies on.

  • content_direction (str, optional) – On which direction the file types processing is applied. (“any”, “up” or “down”)

  • content_negate (bool, optional) – True if negate is set for data.

  • custom_fields (dict, optional) – Custom fields.

  • destination (Union[str, List[str]], optional) – Collection of Network objects identified by the name or UID.

  • destination_negate (bool, optional) – True if negate is set for destination.

  • enabled (bool, optional) – Enable/Disable the rule.

  • inline_layer (str, optional) – Inline Layer identified by the name or UID. Relevant only if “Action” was set to “Apply Layer”.

  • install_on (Union[str, List[str]], optional) – Which Gateways identified by the name or UID to install the policy on

  • service (Union[str, List[str]], optional) – Collection of Network objects identified by the name or UID.

  • service_negate (bool, optional) – True if negate is set for service.

  • service_resource (str, optional) – Resource of the service identified by the name or UID. When a service-resource exists, the service parameter should contains exactly one service element.

  • source (Union[str, List[str]], optional) – Collection of Network objects identified by the name or UID.

  • source_negate (bool, optional) – True if negate is set for source.

  • time (Union[str, List[str]], optional) – List of time objects. For example: “Weekend”, “Off-Work”, “Every-Day”. Default is Any.

  • track (dict, optional) – Track Settings.

  • user_check (dict, optional) – User check settings.

  • vpn (Union[str, dict, List[dict]], optional) – Communities or Directional. See the API documentation for more information

Keyword Arguments

  • **details-level (str, optional) – The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

  • **ignore-warnings (bool, optional) – Apply changes ignoring warnings. Defaults to False

  • **ignore-errors (bool, optional) – Apply changes ignoring errors. You won’t be able to publish such a changes. If ignore-warnings flag was omitted - warnings will also be ignored. Defaults to False

Returns

The response from the server

Return type

Box

Examples

>>> firewallManagement.access_control_nat.access_rule.set(
... uid="1df8a4b0-fa8b-428b-b649-626b74bf7f81",
... new_name="Rule 1",
... new_position=3,
... layer="Network",
... action="Drop",
... action_settings={"enable-identity-captive-portal": False},
... content={},
... content_direction="any",
... content_negate=False,
... custom_fields={"field-1": "", "field-2": "", "field-3": ""},
... destination="Any",
... destination_negate=False,
... enabled=True,
... inline_layer="Inline",
... install_on="Policy Targets",
... service="smtp",
... service_negate=False,
... service_resource="",
... source="Any",
... source_negate=False,
... time=[{"uid": "aa785d6d-7785-aad5-36a3-ab2d74c966ee"}],
... track="",
... user_check="",
... vpn={"community": ["MyIntranet"]},)
show(layer, uid=None, name=None, rule_number=None, show_as_ranges=False, show_hits=None, hits_settings=None, **kw)#

Retrieve existing object using object name or uid.

Parameters

  • layer (str) – Layer that the rule belongs to identified by the name or UID.

  • rule_number (int, optional) – Rule number. Mandatory if “uid” or “name” are not set.

  • uid (str, optional) – Object unique identifier. Mandatory if “rule_number” or “name” are not set.

  • name (str, optional) – Object name. Mandatory if “rule_number” or “uid” are not set.

  • show_as_ranges (bool, optional) – When true, the source, destination and services & applications parameters

  • objects. (Objects that are not represented using IP addresses or port numbers are presented as) –

  • objects.

  • addition (In) – source, source-negate,

  • parameters (the response of each rule does not contain the) – source, source-negate,

  • destination

  • destination-negate

  • service-negate (service and) –

  • the (but instead it contains) –

  • parameters – source-ranges, destination-ranges and service-ranges.

  • Note – Requesting to show rules as ranges is limited up to 20 rules per request, otherwise an

  • rules (error is returned. If you wish to request more) –

  • to (use the offset and limit parameters) –

  • request. (limit your) –

  • show_hits (bool, optional) – N/A

  • hits_settings (bool, optional) – N/A

Keyword Arguments

**details-level (str, optional) – The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

Returns

The response from the server

Return type

Box

Examples

>>> firewallManagement.access_control_nat.access_rule.show(
... uid="1df8a4b0-fa8b-428b-b649-626b74bf7f81",
... layer="MyLayer",
... show_as_ranges=False,
... show_hits=True,
... hits_settings="",)
show_access_rulebase(name=None, uid=None, filter_results=None, filter_settings=None, limit=50, offset=0, order=None, package=None, show_as_ranges=False, show_hits=None, use_object_dictionnary=None, hits_settings=None, **kw)#

Shows the entire Access Rules layer. This layer is divided into sections. An Access Rule may be within a section, or independent of a section (in which case it is said to be under the “global” section). The reply features a list of objects. Each object may be a section of the layer, with all its rules in, or a rule itself, for the case of rules which are under the global section. An optional “filter” field may be added in order to filter out only those rules that match a search criteria.

Parameters

  • name (str, optional) – Object name. Must be unique in the domain.

  • uid (str, optional) – Object unique identifier.

  • filter_results (str, optional) – Search expression to filter objects by. The provided text should be exactly the same as it would be given in SmartConsole Object Explorer. The logical operators in the expression (‘AND’, ‘OR’) should be provided in capital letters. he search involves both a IP search and a textual search in name, comment, tags etc.

  • filter_settings (str, optional) – Sets filter preferences.

  • limit (int, optional) – The maximal number of returned results. Defaults to 50 (between 1 and 500)

  • offset (int, optional) – Number of the results to initially skip. Defaults to 0

  • order (List[dict], optional) – Sorts results by the given field. By default the results are sorted in the descending order by the session publish time.

  • package (str, optional) – Name of the package.

  • show_as_ranges (bool, optional) – When true, the source, destination and services & applications parameters are displayed as ranges of IP addresses and port numbers rather than network objects. Objects that are not represented using IP addresses or port numbers are presented as objects. In addition, the response of each rule does not contain the parameters: source, source-negate, destination, destination-negate, service and service-negate, but instead it contains the parameters: source-ranges, destination-ranges and service-ranges. Note: Requesting to show rules as ranges is limited up to 20 rules per request, otherwise an error is returned. If you wish to request more rules, use the offset and limit parameters to limit your request.

  • show_hits (bool, optional) – N/A

  • use_object_dictionnary (bool, optional) – N/A

  • hits_settings (dict, optional) – N/A

Keyword Arguments

  • **details-level (str, optional) – The level of detail for some of the fields in the response can vary from showing only the UID value of the object to a fully detailed representation of the object.

  • **show-membership (bool, optional) – Indicates whether to calculate and show “groups” field for every object in reply.

  • **dereference-group-members (bool, optional) – Indicates whether to dereference “members” field by details level for every object in reply.

Returns

The response from the server

Return type

Box

Examples

>>>