getPolicy

Prev Next

Available in Classic

Get information about the selected firewall policy among the firewall policies.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method URI
POST /{type}/{zone}/getPolicy

Request headers

For headers common to Secure Zone APIs, see Secure Zone request headers.

Request path parameters

The following describes the parameters.

Field Type Required Description
type String Required firewall type provided by Secure Zone
  • szfw | psfw
    • szfw: Secure Zone Standard
    • psfw: Secure Zone Advanced
zone String Required Zone in which Secure Zone is configured
  • kr1 | kr2
    • kr1: KR-1 zone
    • kr2: KR-2 zone

Request body

The following describes the request body.

Field Type Required Description
policyName String Conditional Name of the policy to view
policyNo String Conditional Unique number assigned to the policy
  • Check through getPolicyList
  • Required if policyName is not specified
  • Get the lowest priority policy when 0 is entered

Request example

The following is a sample request.

curl --location --request POST 'https://securezonefirewall.apigw.ntruss.com/api/v2/szfw/kr2/getPolicy'
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'x-ncp-mbr_no: {User number}' \
--header 'Content-Type: application/json' \
--data '{
  "policyName": "pol1",
  "policyNo": 0
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field Type Required Description
action String - Request type
returnCode Integer - Response code
returnMessage String - Response message
policy List<String> - Information of the policy to view
policy.policyNo Integer - Unique number assigned to the policy
policy.policyName String - Policy name
policy.description String - Policy description
policy.action String - Allow/deny
  • allow | deny
policy.memberNo String - User's NAVER Cloud Platform member ID
policy.instanceNo String - Contract number assigned when creating the instance
policy.sourceAddressList[] Array - Origin address information
policy.sourceAddressList[].addressNo Integer - Unique number assigned to the address
policy.sourceAddressList[].memberNo String - User's NAVER Cloud Platform member ID
policy.sourceAddressList[].instanceNo String - Contract number assigned when creating the instance
policy.sourceAddressList[].name String - Address name
policy.sourceAddressList[].ip String - IP address
policy.sourceAddressList[].port String - Port number
  • It is displayed if addressZone is db and type is fqdn
policy.sourceAddressList[].type String - Address type information
  • ipmask | fqdn
    • ipmask: address defined by IP address and subnet mask
    • fqdn: fully qualified domain name (full domain name)
policy.sourceAddressList[].addressZone String - Information for the zone the address belongs to
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.sourceAddressList[].fqdn String - Full domain name (FQDN)
policy.sourceAddressList[].dbAddressZone Boolean - DB address zone status
policy.sourceAddressList[].maskBit Integer - Subnet mask bit value
  • It is displayed for the Secure Zone Advanced type
policy.sourceAddressGroupList[] Array - Origin address group information
policy.sourceAddressGroupList[].addressGroupNo Integer - Unique number assigned to the address group
policy.sourceAddressGroupList[].addressGroupName String - Address group name
policy.sourceAddressGroupList[].description String - Address group description
policy.sourceAddressGroupList[].memberNo String - User's NAVER Cloud Platform member ID
policy.sourceAddressGroupList[].instanceNo String - Contract number assigned when creating the instance
policy.sourceAddressGroupList[].addressList[].addressNo Integer - Unique number assigned to the address
policy.sourceAddressGroupList[].addressList[].memberNo String - User's NAVER Cloud Platform member ID
policy.sourceAddressGroupList[].addressList[].instanceNo String - Contract number assigned when creating the instance
policy.sourceAddressGroupList[].addressList[].name String - Address name
policy.sourceAddressGroupList[].addressList[].ip String - IP address
policy.sourceAddressGroupList[].addressList[].port String - Port number
  • It is displayed if addressZone is db and type is fqdn
policy.sourceAddressGroupList[].addressList[].type String - Address type information
  • ipmask | fqdn
    • ipmask: address defined by IP address and subnet mask
    • fqdn: fully qualified domain name (full domain name)
policy.sourceAddressGroupList[].addressList[].addressZone String - Information for the zone the address belongs to
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.sourceAddressGroupList[].addressList[].fqdn String - Full domain name (FQDN)
policy.sourceAddressGroupList[].addressList[].dbAddressZone Boolean - DB address zone status
policy.sourceAddressGroupList[].addressList[].maskBit Integer - Subnet mask bit value
  • It is displayed for the Secure Zone Advanced type
policy.sourceAddressGroupList[].addressZone String - Information for the zone the origin address group belongs to
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.sourceAddressGroupList[].associatedPoliciesCount Integer - Not use
policy.sourceAddressGroupList[].objectStorage Boolean - Whether to use Object Storage
  • true | false
    • true: Object Storage is used
    • false: Object Storage is not used
policy.destinationAddressList[] Array - Destination address information
policy.destinationAddressList[].addressNo Integer - Unique number assigned to the address
policy.destinationAddressList[].memberNo String - User's NAVER Cloud Platform member ID
policy.destinationAddressList[].instanceNo String - Contract number assigned when creating the instance
policy.destinationAddressList[].name String - Address name
policy.destinationAddressList[].ip String - IP address
policy.destinationAddressList[].port String - Port number
  • It is displayed if addressZone is db and type is fqdn
policy.destinationAddressList[].type String - Address type information
  • ipmask | fqdn
    • ipmask: address defined by IP address and subnet mask
    • fqdn: fully qualified domain name (full domain name)
policy.destinationAddressList[].addressZone String - Information for the zone the address belongs to
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.destinationAddressList[].fqdn String - Full domain name (FQDN)
policy.destinationAddressList[].dbAddressZone Boolean - DB address zone status
policy.destinationAddressList[].maskBit Integer - Subnet mask bit value
  • It is displayed for the Secure Zone Advanced type
policy.destinationAddressGroupList[] Array - Destination address group information
policy.destinationAddressGroupList[].addressGroupNo Integer - Unique number assigned to the address group
policy.destinationAddressGroupList[].addressGroupName String - Address group name
policy.destinationAddressGroupList[].description String - Address group description
policy.destinationAddressGroupList[].memberNo String - User's NAVER Cloud Platform member ID
policy.destinationAddressGroupList[].instanceNo String - Contract number assigned when creating the instance
policy.destinationAddressGroupList[].addressList[].addressNo Integer - Unique number assigned to the address
policy.destinationAddressGroupList[].addressList[].memberNo String - User's NAVER Cloud Platform member ID
policy.destinationAddressGroupList[].addressList[].instanceNo String - Contract number assigned when creating the instance
policy.destinationAddressGroupList[].addressList[].name String - Address name
policy.destinationAddressGroupList[].addressList[].ip String - IP address
policy.destinationAddressGroupList[].addressList[].port String - Port number
  • It is displayed if addressZone is db and type is fqdn
policy.destinationAddressGroupList[].addressList[].type String - Address type information
  • ipmask | fqdn
    • ipmask: address defined by IP address and subnet mask
    • fqdn: fully qualified domain name (full domain name)
policy.destinationAddressGroupList[].addressList[].addressZone String - Information for the zone the address belongs to
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.destinationAddressGroupList[].addressList[].fqdn String - Full domain name (FQDN)
policy.destinationAddressGroupList[].addressList[].dbAddressZone Boolean - DB address zone status
policy.destinationAddressGroupList[].addressList[].maskBit Integer - Subnet mask bit value
  • It is displayed for the Secure Zone Advanced type
policy.destinationAddressGroupList[].addressZone String - Information for the zone the destination address group belongs to
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.destinationAddressGroupList[].associatedPoliciesCount Integer - Not use
policy.destinationAddressGroupList[].objectStorage Boolean - Whether to use Object Storage
  • true | false
    • true: Object Storage is used
    • false: Object Storage is not used
policy.sourceAddressZone String - Information for the zone of the origin address
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.destinationAddressZone String - Information for the zone of the destination address
  • sz | os | vm | db | vpn | lb | kr1
    • sz: Secure Zone
    • os: Object Storage
    • vm: VM
    • db: Cloud DB
    • vpn: SSL VPN or IPsec VPN
    • lb: Load Balancer
    • kr1: KR-1 zone
policy.serviceList[] Array - Service information of the policy to view
policy.serviceList[].serviceNo Integer - Firewall service number
policy.serviceList[].serviceName String - Firewall service name
policy.serviceList[].protocol String - Firewall service protocol
policy.serviceList[].port String - Firewall service port number
policy.serviceList[].memberNo String - User's NAVER Cloud Platform member ID
policy.serviceList[].instanceNo String - Contract number assigned when creating the instance
policy.firewallPolicyId Integer - ID assigned to the firewall policy
policy.firewallOrder Integer - Firewall policy order

Response status codes

For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

Response example

The following is a sample example.

{
    "action": "getPolicy",
    "returnCode": 0,
    "returnMessage": "success",
    "policy": {
        "policyNo": 11787,
        "policyName": "pol1",
        "description": "policy1",
        "action": "allow",
        "memberNo": "27***85",
        "instanceNo": "25****11",
        "sourceAddressList": [
            {
                "addressNo": 3643,
                "memberNo": "27***85",
                "instanceNo": "25****11",
                "name": "sv-securezone",
                "ip": "***.***.***.***",
                "type": "ipmask",
                "addressZone": "sz"
            }
        ],
        "sourceAddressGroupList": [],
        "destinationAddressList": [],
        "destinationAddressGroupList": [
            {
                "addressGroupNo": 5432,
                "addressGroupName": "Object Storage",
                "description": "object storage address group",
                "memberNo": "27***85",
                "instanceNo": "25****11",
                "addressList": [],
                "addressZone": "vm",
                "associatedPoliciesCount": 0,
                "objectStorage": true
            }
        ],
        "sourceAddressZone": "sz",
        "destinationAddressZone": "os",
        "serviceList": [
            {
                "serviceNo": 1371,
                "serviceName": "TCP_443",
                "protocol": "TCP",
                "port": "443",
                "memberNo": "27***85",
                "instanceNo": "25****11"
            }
        ],
        "firewallPolicyId": 1,
        "firewallOrder": 1
    }
}