MENU
      addPolicy

        addPolicy


        Article summary

        Available in Classic

        Add a firewall policy to be applied to Secure Zone.

        Request

        The following describes the request format for the endpoint. The request format is as follows:

        MethodURI
        POST/{type}/{zone}/addPolicy

        Request headers

        For headers common to Secure Zone APIs, see Secure Zone request headers.

        Request path parameters

        The following describes the parameters.

        FieldTypeRequiredDescription
        typeStringRequiredfirewall type provided by Secure Zone
        • szfw | psfw
          • szfw: Secure Zone Standard
          • psfw: Secure Zone Advanced
        zoneStringRequiredZone in which Secure Zone is configured
        • kr1 | kr2
          • kr1: KR-1 zone
          • kr2: KR-2 zone

        Request body

        The following describes the request body.

        FieldTypeRequiredDescription
        actionStringRequiredAllow/deny
        • allow | deny
        descriptionStringOptionalPolicy description
        destinationAddressGroupList[]ArrayRequiredInformation for the address group you want to target as a destination
        • Select an address group from those created in advance
        • Check through getAddressGroupList
        • Enter a blank parameter even if there are no address groups to add
        destinationAddressGroupList[].addressGroupNameStringOptionalDestination address group name
        destinationAddressGroupList[].addressGroupNoIntegerOptionalUnique number assigned to the address group
        destinationAddressGroupList[].descriptionStringOptionalDestination address group description
        destinationAddressGroupList[].addressList[]ArrayRequiredInformation about addresses that belong to the address group
        destinationAddressGroupList[].addressList[].addressNoIntegerOptionalUnique number assigned to the address
        destinationAddressGroupList[].addressList[].addressZoneStringOptionalInformation for the zone the address belongs to
        • sz | os | vm | db | vpn | lb | kr1
          • sz: Secure Zone
          • os: Object Storage
          • vm: VM
          • db: Cloud DB
          • vpn: SSL VPN or IPsec VPN
          • lb: Load Balancer
          • kr1: KR-1 zone
        destinationAddressGroupList[].addressList[].fqdnStringOptionalFull domain name (FQDN)
        • Required if type is fqdn
        destinationAddressGroupList[].addressList[].ipStringOptionalIP address
        • Required if type is ipmask
        destinationAddressGroupList[].addressList[].maskBitIntegerOptionalSubnet mask bit value
        • Available in the Secure Zone Advanced type
        destinationAddressGroupList[].addressList[].nameStringOptionalDestination address name
        destinationAddressGroupList[].addressList[].portStringOptionalPort number
        • Enter if addressZone is db and type is fqdn
        destinationAddressGroupList[].addressList[].typeStringOptionalAddress type information
        • ipmask (default) | fqdn
          • ipmask: address defined by IP address and subnet mask
          • fqdn: fully qualified domain name (full domain name)
        destinationAddressGroupList[].addressZoneStringOptionalInformation about the zone the destination address group belongs to
        destinationAddressGroupList[].objectStorageBooleanOptionalWhether to use Object Storage
        • true | false (default)
          • true: Object Storage is used
          • false: Object Storage is not used
        destinationAddressList[]ArrayRequiredInformation for the individual addresses you want to target as destinations
        • Enter a blank parameter even if there is no address to add
        destinationAddressList[].addressNoIntegerOptionalUnique number assigned to the address
        destinationAddressList[].addressZoneStringOptionalInformation for the zone the address belongs to
        • sz | os | vm | db | vpn | lb | kr1
          • sz: Secure Zone
          • os: Object Storage
          • vm: VM
          • db: Cloud DB
          • vpn: SSL VPN or IPsec VPN
          • lb: Load Balancer
          • kr1: KR-1 zone
        destinationAddressList[].fqdnStringOptionalFull domain name (FQDN)
        • Required if type is fqdn
        destinationAddressList[].ipStringOptionalIP address
        • Required if type is ipmask
        destinationAddressList[].maskBitIntegerOptionalSubnet mask bit value
        • Available in the Secure Zone Advanced type
        destinationAddressList[].nameStringOptionalDestination address name
        destinationAddressList[].portStringOptionalPort number
        • Enter if addressZone is db and type is fqdn
        destinationAddressList[].typeStringOptionalAddress type information
        • ipmask (default) | fqdn
          • ipmask: address defined by IP address and subnet mask
          • fqdn: fully qualified domain name (full domain name)
        destinationAddressZoneStringOptionalInformation about the zone to which the address belongs
        • Automatically set via child information, such as address group or address, when not entered
        policyNameStringRequiredPolicy name
        portStringOptionalFirewall service port number
        protocolStringOptionalFirewall service protocol
        sourceAddressGroupList[]ArrayRequiredInformation for the address group you want to target as an origin
        • Select an address group from those created in advance
        • Check through getAddressGroupList
        • Enter a blank parameter even if there are no address groups to add
        sourceAddressGroupList[].addressGroupNoIntegerOptionalUnique number assigned to the address group
        sourceAddressGroupList[].addressGroupNameStringOptionalOrigin address group name
        sourceAddressGroupList[].addressList[]ArrayRequiredInformation about addresses that belong to the address group
        sourceAddressGroupList[].addressList[].addressNoIntegerOptionalUnique number assigned to the address
        sourceAddressGroupList[].addressList[].addressZoneStringOptionalInformation for the zone the address belongs to
        • sz | os | vm | db | vpn | lb | kr1
          • sz: Secure Zone
          • os: Object Storage
          • vm: VM
          • db: Cloud DB
          • vpn: SSL VPN or IPsec VPN
          • lb: Load Balancer
          • kr1: KR-1 zone
        sourceAddressGroupList[].addressList[].fqdnStringOptionalfqdn (full domain name)
        • Required if type is fqdn
        sourceAddressGroupList[].addressList[].ipStringOptionalIP address
        • Required if type is ipmask
        sourceAddressGroupList[].addressList[].maskBitIntegerOptionalSubnet mask bit value
        • Available in the Secure Zone Advanced type
        sourceAddressGroupList[].addressList[].nameStringOptionalOrigin address name
        sourceAddressGroupList[].addressList[].portStringOptionalPort number
        • Enter if addressZone is db and type is fqdn
        sourceAddressGroupList[].addressList[].typeStringOptionalAddress type information
        • ipmask (default) | fqdn
          • ipmask: address defined by IP address and subnet mask
          • fqdn: fully qualified domain name (full domain name)
        sourceAddressGroupList[].addressZoneStringOptionalInformation about the zone the origin address group belongs to
        sourceAddressGroupList[].descriptionStringOptionalOrigin address group description
        sourceAddressGroupList[].objectStorageBooleanOptionalWhether to use Object Storage
        • true | false (default)
          • true: Object Storage is ued
          • false: Object Storage is not used
        sourceAddressList[]ArrayRequiredInformation for the individual addresses you want to target as origins
        • Enter a blank parameter even if there is no address to add
        sourceAddressList[].addressNoIntegerOptionalUnique number assigned to the address
        sourceAddressList[].addressZoneStringOptionalInformation for the zone the address belongs to
        • sz | os | vm | db | vpn | lb | kr1
          • sz: Secure Zone
          • os: Object Storage
          • vm: VM
          • db: Cloud DB
          • vpn: SSL VPN or IPsec VPN
          • lb: Load Balancer
          • kr1: KR-1 zone
        sourceAddressList[].fqdnStringOptionalfqdn (full domain name)
        • Required if type is fqdn
        sourceAddressList[].ipStringOptionalIP address
        • Required if type is ipmask
        sourceAddressList[].maskBitIntegerOptionalSubnet mask bit value
        • Available in the Secure Zone Advanced type
        sourceAddressList[].nameStringOptionalOrigin address name
        sourceAddressList[].portStringOptionalPort number
        • Enter if addressZone is db and type is fqdn
        sourceAddressList[].typeStringOptionalAddress type information
        • ipmask (default) | fqdn
          • ipmask: address defined by IP address and subnet mask
          • fqdn: fully qualified domain name (full domain name)
        sourceAddressZoneStringOptionalInformation about the zone to which the address belongs
        • Automatically set via child information, such as address group or address, when not entered

        Request example

        The following is a sample request.

        curl --location --request POST 'https://securezonefirewall.apigw.ntruss.com/api/v2/szfw/kr1/addPolicy'
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'x-ncp-mbr_no: {User number}' \
        --header 'Content-Type: application/json' \
        --data '{
          "action": "allow",
          "description": "policy3",
          "destinationAddressGroupList": [
            {
              "addressGroupName": "dbgroup",
              "addressGroupNo": 5452,
              "description": "",
              "addressList": [
                        {
                  "addressNo": 3646,
                  "addressZone": "db",
                  "fqdn": "db-****.cdb.ntruss.com",
                  "ip": "***.***.***.***",
                  "name": "test-db-001",
                  "port": "3306",
                  "type": "fqdn"
                }
              ],
              "addressZone": "db",
              "objectStorage": false
            }
          ],
          "destinationAddressList": [],
          "destinationAddressZone": "db",
          "policyName": "policy3",
          "port": "3306",
          "protocol": "TCP",
          "sourceAddressGroupList": [
                {
              "addressGroupNo": 5439,
              "addressGroupName": "grp111",
              "addressList": [
                {
                  "addressNo": 3643,
                  "addressZone": "sz",
                  "ip": "***.***.***.***",
                  "name": "sv-securezone",
                  "type": "ipmask"
                }
              ],
              "addressZone": "sz",
              "description": "string",
              "objectStorage": false
            }
          ],
          "sourceAddressList": [],
          "sourceAddressZone": "sz"
        }'
        Curl

        Response

        The following describes the response format.

        Response body

        The following describes the response body.

        FieldTypeRequiredDescription
        actionString-Request type
        returnCodeInteger-Response code
        returnMessageString-Response message

        Response status codes

        For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

        Response example

        The following is a sample example.

        {
            "action": "addPolicy",
            "returnCode": 0,
            "returnMessage": "success"
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.