...
SDEWAN CNF will be created with Default sections initialized. Include section will not be included be implemented in this release.
SD-EWAN Firewall API provides support to get/create/update/delete Firewall Zone, Redirect, Rule and Forwardings
...
- Normal response codes: 200
- Error response code: 404
Response Parameters
destName In Type Description name body string (Required) forwarding name src body string (Required for DNAT) traffic source zone src_ip body string (Required) traffic destination zone
familyMatch incoming traffic from the specified source ip address. src_dip
Protocol family (body string ipv4
,ipv6
orany
) to generate iptables rules for.(Required for SNAT) For DNAT, match incoming traffic directed at the given destination ip address. For SNAT rewrite the source address to the given address. src_mac body string Match incoming traffic from the specified mac address. src_port body port or range Match incoming traffic originating from the given source port or port range on the client host. src_dport body port or range For DNAT, match incoming traffic directed at the given destination port or port range on this host. For SNAT rewrite the source ports to the given value. proto body string Match incoming traffic using the given protocol. Can be one of tcp
,udp
,tcpudp
,udplite
,icmp
,esp
,ah
,sctp
, orall
dest body string Specifies the traffic destination zone. Must refer to one of the defined zone names. dest_ip body string For DNAT, redirect matches incoming traffic to the specified internal host. For SNAT, it matches traffic directed at the given address. dest_port body port or range For DNAT, redirect matched incoming traffic to the given port on the internal host. For SNAT, match traffic directed at the given ports. mark body string match traffic against the given firewall mark target body string (Required) NAT target: SNAT, DNAT family body string Protocol family ( ipv4
,ipv6
orany
) to generate iptables rules for- Response Example
{
"name":"DNAT-LAN",
"src":"wan",
"src_dport":"19900",
"dest":"lan",
"dest_ip":"192.168.1.1",
"dest_port":"22",
"proto":"tcp",
"target":"DNAT"}
...