Obtaining East-West Firewall Information¶
Function¶
This API is used to obtain east-west firewall information.
URI¶
GET /v1/{project_id}/firewall/east-west
Parameter | Mandatory | Type | Description |
|---|---|---|---|
project_id | Yes | String | Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
limit | Yes | Integer | Number of records displayed on each page. The value ranges from 1 to 1024. |
offset | Yes | Integer | Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. |
enterprise_project_id | No | String | Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. |
fw_instance_id | Yes | String | Firewall ID, which can be obtained by referring to Obtaining a Firewall ID. |
Request Parameters¶
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Auth-Token | Yes | String | User token. You can obtain the token by referring to Obtaining a User Token. |
Content-Type | Yes | String | Content type. It can only be set to application/json. |
Response Parameters¶
Status code: 200
Parameter | Type | Description |
|---|---|---|
data | Returned data for obtaining the east-west firewall list. |
Parameter | Type | Description |
|---|---|---|
object_id | String | Protected object ID, which is used to distinguish between Internet border protection and VPC border protection after a cloud firewall is created. You can obtain the ID by calling the API for querying firewall instances. In the return value, find the ID in data.records.protect_objects.object_id (The period [.] is used to separate different levels of objects). If the value of type is 0, the protected object ID belongs to the Internet border. If the value of type is 1, the protected object ID belongs to the VPC border. Here, a protected object ID whose type is 1 is used. You can obtain the value of type from data.records.protect_objects.type (The period [.] is used to separate different levels of objects). |
project_id | String | Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. |
status | Integer | Protection status: 0 (enabled), 1 (disabled). |
er_associated_subnet | SubnetInfo object | Information about the subnet associated with an enterprise router. |
firewall_associated_subnets | Array of SubnetInfo objects | Information about the subnet associated with a cloud firewall. |
er | ErInstance object | Information about the associated enterprise router in the outbound direction. |
inspection_vpc | VpcDetail object | Information about the traffic diversion VPC. |
protect_infos | Array of EwProtectResourceInfo objects | East-west protected resource information. |
total | Integer | Total number of protected VPCs. |
offset | Integer | Offset, which specifies the start position of the record to be returned. The value must be a number no less than 0. The default value is 0. |
limit | Integer | Number of records displayed on each page. The value ranges from 1 to 1024. |
mode | String | Protection mode. Its value is er. |
Parameter | Type | Description |
|---|---|---|
availability_zone | String | ID of the AZ where a subnet is located, which is obtained from an endpoint. |
cidr | String | Available IP address ranges for subnets in a VPC. Value ranges: 10.0.0.0/8-24 172.16.0.0/12-24 192.168.0.0/16-24 If cidr is not specified, it is left blank by default. The value must be in CIDR format, for example, 192.168.0.0/16. |
name | String | Subnet name. |
id | String | Subnet ID. |
gateway_ip | String | Subnet gateway. The value is the IP address in the subnet CIDR block cidr. |
vpc_id | String | UUID generated when a VPC is created. |
ipv6_enable | Boolean | Whether IPv6 is supported: true (yes), false (no). |
Parameter | Type | Description |
|---|---|---|
id | String | Enterprise router ID, which is generated when an enterprise router is created. |
name | String | Enterprise router name. |
state | String | Enterprise router status: pending, available, modifying, deleting, or failed. |
enterprise_project_id | String | Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0. |
project_id | String | Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID. |
enable_ipv6 | String | Whether to enable IPv6: true (yes), false (no). |
attachment_id | String | Connection ID of an enterprise router. This connection is used to connect the firewall and the enterprise router. This field can be used to obtain the connection details on the connection management page after querying a specified enterprise router by its ID on the Enterprise Router page. |
Parameter | Type | Description |
|---|---|---|
id | String | Random UUID generated when a traffic diversion VPC is created. |
name | String | Traffic diversion VPC name. |
cidr | String | Available subnet ranges in a VPC. Value ranges: 10.0.0.0/8-24; 172.16.0.0/12-24; and 192.168.0.0/16-24. If cidr is not specified, it is left blank by default. Constraint: The value must be in CIDR format, for example, 192.168.0.0/16. |
Parameter | Type | Description |
|---|---|---|
protected_resource_type | Integer | Protected resource type: 0 (VPC), 1 (VGW), 2 (VPN), or 3 (peering). |
protected_resource_name | String | Protected resource name. |
protected_resource_id | String | Protected resource ID. |
protected_resource_nat_name | String | Name of the NAT gateway to be protected. The professional edition supports NAT rules. |
protected_resource_nat_id | String | ID of the NAT gateway to be protected. The professional edition supports NAT rules. |
protected_resource_project_id | String | Tenant ID of a protected resource. The firewall supports cross-account protection. |
protected_resource_mode | String | Protected resource mode. Its value is er. |
status | Integer | Protection status of a protected resource: 0 (associated), 1 (not associated). |
Status code: 500
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error description. |
Example Requests¶
Obtain information about the east-west firewall 80e0f2df-24fd-49c2-8398-11f9a0299b3e whose project ID is 09bb24e6f280d23d0f9fc0104b901480.
https://{Endpoint}/v1/09bb24e6f280d23d0f9fc0104b901480/firewall/east-west?limit=10&offset=0&fw_instance_id=80e0f2df-24fd-49c2-8398-11f9a0299b3e
Example Responses¶
Status code: 200
Response to the request for querying east-west firewall information.
{
"data" : {
"er" : {
"id" : "9635a8c7-6274-4e23-836c-7f3061894fd7",
"name" : "er-cfw-test",
"project_id" : "97f6e66273e54d9d9c7085f5867d3763",
"attachment_id" : "1e3de6a0-19f7-49d1-a22d-4b1f673d3fdc"
},
"inspection_vpc" : {
"cidr" : "192.168.0.0/16",
"id" : "7e8236be-b92d-4288-8731-9333f2327881",
"name" : "inspection-vpc"
},
"limit" : 50,
"mode" : "er",
"object_id" : "8fe69c3a-14fc-4704-af85-d03e7db8a7d6",
"offset" : 0,
"project_id" : "97f6e66273e54d9d9c7085f5867d3763",
"protect_infos" : [ {
"protected_resource_id" : "0cdd4aca-58d7-4a3f-bb8a-d63cc759ab14",
"protected_resource_mode" : "er",
"protected_resource_name" : "vpc-cfw-ecs-test2",
"protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
"protected_resource_type" : 0,
"status" : 0
}, {
"protected_resource_id" : "e789e945-f488-44ec-a174-06928ef51b2a",
"protected_resource_mode" : "er",
"protected_resource_name" : "vpc-cfw-ecs-test1",
"protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
"protected_resource_type" : 0,
"status" : 0
}, {
"protected_resource_id" : "00562b6a-a2df-4fff-94cf-653ca303a7c9",
"protected_resource_mode" : "er",
"protected_resource_name" : "network-squad-TB",
"protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
"protected_resource_type" : 0,
"status" : 1
}, {
"protected_resource_id" : "1bac94ce-c3dc-4973-811e-64efad48c754",
"protected_resource_mode" : "er",
"protected_resource_name" : "rf_teststack_vpc",
"protected_resource_project_id" : "97f6e66273e54d9d9c7085f5867d3763",
"protected_resource_type" : 0,
"status" : 1
} ],
"status" : 0,
"total" : 2
}
}
Status Codes¶
Status Code | Description |
|---|---|
200 | Response to the request for querying east-west firewall information. |
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
500 | Internal Server Error |
Error Codes¶
See Error Codes.