updatePolicy

Article summary

Did you find this summary helpful?

Thank you for your feedback

Available in Classic

Edit a firewall policy to be applied to Secure Zone.

Request

The following describes the request format for the endpoint. The request format is as follows:

Method	URI
POST	/{type}/{zone}/updatePolicy

Request headers

For headers common to Secure Zone APIs, see Secure Zone request headers.

Request path parameters

The following describes the parameters.

Field	Type	Required	Description
`type`	String	Required	firewall type provided by Secure Zone `szfw` \| `psfw` `szfw`: Secure Zone Standard `psfw`: Secure Zone Advanced
`zone`	String	Required	Zone in which Secure Zone is configured `kr1` \| `kr2` `kr1`: KR-1 zone `kr2`: KR-2 zone

Request body

The following describes the request body.

Field	Type	Required	Description
`newPolicyName`	String	Optional	Policy name to edit Maintain existing name if not entered
`action`	String	Required	Allow/deny `allow` \| `deny`
`description`	String	Optional	Policy description
`destinationAddressGroupList[]`	Array	Required	Information for the address group you want to target as a destination Select an address group from those created in advance Check through getAddressGroupList Enter a blank parameter even if there are no address groups to add
`destinationAddressGroupList[].memberNo`	String	Required	User's NAVER Cloud Platform member ID Check through getMemberInfo
`destinationAddressGroupList[].instanceNo`	String	Required	Contract number assigned when creating the instance Check through getMemberInfo
`destinationAddressGroupList[].addressGroupNo`	Integer	Required	Unique number assigned to the address group
`destinationAddressGroupList[].addressGroupName`	String	Required	Destination address group name
`destinationAddressGroupList[].addressList[]`	Array	Optional	Information about addresses that belong to the address group
`destinationAddressGroupList[].addressList[].memberNo`	String	Optional	User's NAVER Cloud Platform member ID Check through getMemberInfo
`destinationAddressGroupList[].addressList[].instanceNo`	String	Optional	Contract number assigned when creating the instance Check through getMemberInfo
`destinationAddressGroupList[].addressList[].addressNo`	Integer	Required	Unique number assigned to the address
`destinationAddressGroupList[].addressList[].addressZone`	String	Required	Information for the zone the address belongs to `sz` \| `os` \| `vm` \| `db` \| `vpn` \| `lb` \| `kr1` `sz`: Secure Zone `os`: Object Storage `vm`: VM `db`: Cloud DB `vpn`: SSL VPN or IPsec VPN `lb`: Load Balancer `kr1`: KR-1 zone
`destinationAddressGroupList[].addressList[].fqdn`	String	Conditional	Full domain name (FQDN) Required if `type` is `fqdn`
`destinationAddressGroupList[].addressList[].ip`	String	Conditional	IP address Required if `type` is `ipmask`
`destinationAddressGroupList[].addressList[].maskBit`	Integer	Optional	Subnet mask bit value Available in the Secure Zone Advanced type
`destinationAddressGroupList[].addressList[].name`	String	Required	Destination address name
`destinationAddressGroupList[].addressList[].port`	String	Optional	Port number Enter if `addressZone` is `db` and `type` is `fqdn`
`destinationAddressGroupList[].addressList[].type`	String	Optional	Address type information `ipmask` (default) \| `fqdn` `ipmask`: address defined by IP address and subnet mask `fqdn`: fully qualified domain name (full domain name)
`destinationAddressGroupList[].addressZone`	String	Required	Information about the zone the destination address group belongs to
`destinationAddressGroupList[].description`	String	Optional	Destination address group description
`destinationAddressGroupList[].objectStorage`	Boolean	Optional	Whether to use Object Storage `true` \| `false` (default) `true`: Object Storage is used `false`: Object Storage is not used
`destinationAddressList[]`	Array	Required	Information for the individual addresses you want to target as destinations Enter a blank parameter even if there is no address to add
`destinationAddressList[].memberNo`	String	Optional	User's NAVER Cloud Platform member ID Check through getMemberInfo
`destinationAddressList[].instanceNo`	String	Optional	Contract number assigned when creating the instance Check through getMemberInfo
`destinationAddressList[].addressNo`	Integer	Optional	Unique number assigned to the address
`destinationAddressList[].addressZone`	String	Required	Information for the zone the address belongs to `sz` \| `os` \| `vm` \| `db` \| `vpn` \| `lb` \| `kr1` `sz`: Secure Zone `os`: Object Storage `vm`: VM `db`: Cloud DB `vpn`: SSL VPN or IPsec VPN `lb`: Load Balancer `kr1`: KR-1 zone
`destinationAddressList[].fqdn`	String	Conditional	Full domain name (FQDN) Required if `type` is `fqdn`
`destinationAddressList[].ip`	String	Conditional	IP address Required if `type` is `ipmask`
`destinationAddressList[].maskBit`	Integer	Optional	Subnet mask bit value Available in the Secure Zone Advanced type
`destinationAddressList[].name`	String	Required	Destination address name
`destinationAddressList[].port`	String	Optional	Port number Enter if `addressZone` is `db` and `type` is `fqdn`
`destinationAddressList[].type`	String	Optional	Address type information `ipmask` (default) \| `fqdn` `ipmask`: address defined by IP address and subnet mask `fqdn`: fully qualified domain name (full domain name)
`destinationAddressZone`	String	Optional	Information about the zone to which the address belongs Automatically set via child information, such as address group or address, when not entered
`memberNo`	String	Required	User's NAVER Cloud Platform member ID Check through getMemberInfo
`instanceNo`	String	Required	Contract number assigned when creating the instance Check through getMemberInfo
`policyNo`	String	Required	Unique number assigned to the policy Check through getPolicyList
`policyName`	String	Required	Existing policy name
`port`	String	Optional	Firewall service port number
`protocol`	String	Required	Firewall service protocol
`sourceAddressGroupList[]`	Array	Required	Information for the address group you want to target as an origin Select an address group from those created in advance Check through getAddressGroupList Enter a blank parameter even if there are no address groups to add
`sourceAddressGroupList[].memberNo`	String	Required	User's NAVER Cloud Platform member ID Check through getMemberInfo
`sourceAddressGroupList[].instanceNo`	String	Required	Contract number assigned when creating the instance Check through getMemberInfo
`sourceAddressGroupList[].addressGroupNo`	Integer	Required	Unique number assigned to the address group
`sourceAddressGroupList[].addressGroupName`	String	Required	Origin address group name
`sourceAddressGroupList[].addressList[]`	Array	Optional	Information about addresses that belong to the address group
`sourceAddressGroupList[].addressList[].memberNo`	String	Optional	User's NAVER Cloud Platform member ID Check through getMemberInfo
`sourceAddressGroupList[].addressList[].instanceNo`	String	Optional	Contract number assigned when creating the instance Check through getMemberInfo
`sourceAddressGroupList[].addressList[].addressNo`	Integer	Required	Unique number assigned to the address
`sourceAddressGroupList[].addressList[].addressZone`	String	Required	Information for the zone the address belongs to `sz` \| `os` \| `vm` \| `db` \| `vpn` \| `lb` \| `kr1` `sz`: Secure Zone `os`: Object Storage `vm`: VM `db`: Cloud DB `vpn`: SSL VPN or IPsec VPN `lb`: Load Balancer `kr1`: KR-1 zone
`sourceAddressGroupList[].addressList[].fqdn`	String	Conditional	Full domain name (FQDN) Required if `type` is `fqdn`
`sourceAddressGroupList[].addressList[].ip`	String	Conditional	IP address Required if `type` is `ipmask`
`sourceAddressGroupList[].addressList[].maskBit`	Integer	Optional	Subnet mask bit value Available in the Secure Zone Advanced type
`sourceAddressGroupList[].addressList[].name`	String	Required	Origin address name
`sourceAddressGroupList[].addressList[].port`	String	Optional	Port number Enter if `addressZone` is `db` and `type` is `fqdn`
`sourceAddressGroupList[].addressList[].type`	String	Optional	Address type information `ipmask` (default) \| `fqdn` `ipmask`: address defined by IP address and subnet mask `fqdn`: fully qualified domain name (full domain name)
`sourceAddressGroupList[].addressZone`	String	Required	Information about the zone the origin address group belongs to
`sourceAddressGroupList[].description`	String	Optional	Origin address group description
`sourceAddressGroupList[].objectStorage`	Boolean	Optional	Whether to use Object Storage `true` \| `false` (default) `true`: Object Storage is used `false`: Object Storage is not used
`sourceAddressList[]`	Array	Required	Information for the individual addresses you want to target as origins Enter a blank parameter even if there is no address to add
`sourceAddressList[].memberNo`	String	Optional	User's NAVER Cloud Platform member ID Check through getMemberInfo
`sourceAddressList[].instanceNo`	String	Optional	Contract number assigned when creating the instance Check through getMemberInfo
`sourceAddressList[].addressNo`	Integer	Optional	Unique number assigned to the address
`sourceAddressList[].addressZone`	String	Required	Information for the zone the address belongs to `sz` \| `os` \| `vm` \| `db` \| `vpn` \| `lb` \| `kr1` `sz`: Secure Zone `os`: Object Storage `vm`: VM `db`: Cloud DB `vpn`: SSL VPN or IPsec VPN `lb`: Load Balancer `kr1`: KR-1 zone
`sourceAddressList[].fqdn`	String	Conditional	Full domain name (FQDN) Required if `type` is `fqdn`
`sourceAddressList[].ip`	String	Conditional	IP address Required if `type` is `ipmask`
`sourceAddressList[].maskBit`	Integer	Optional	Subnet mask bit value Available in the Secure Zone Advanced type
`sourceAddressList[].name`	String	Required	Origin address name
`sourceAddressList[].port`	String	Optional	Port number Enter if `addressZone` is `db` and `type` is `fqdn`
`sourceAddressList[].type`	String	Optional	Address type information `ipmask` (default) \| `fqdn` `ipmask`: address defined by IP address and subnet mask `fqdn`: fully qualified domain name (full domain name)
`sourceAddressZone`	String	Optional	Information about the zone to which the address belongs Automatically set via child information, such as address group or address, when not entered

Request example

The following is a sample request.

curl --location --request POST 'https://securezonefirewall.apigw.ntruss.com/api/v2/szfw/kr2/updatePolicy'
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'x-ncp-mbr_no: {User number}' \
--header 'Content-Type: application/json' \
--data '{
  "newPolicyName": "testpolicy",
  "action": "deny",
  "description": "policy2",
  "destinationAddressGroupList": [
    {
      "addressGroupName": "Object Storage",
      "addressGroupNo": 5441,
      "description": "",
      "addressList": [],
      "addressZone": "vm",
      "objectStorage": true
    }
  ],
  "destinationAddressList": [],
  "destinationAddressZone": "os",
  "policyName": "pol2",
  "port": "443",
  "protocol": "TCP",
  "sourceAddressGroupList": [],
  "sourceAddressList": [
    {
      "addressNo": 3644,
      "addressZone": "sz",
      "ip": "***.***.***.***",
      "name": "s1906cf93f79",
      "type": "ipmask"
    }
  ],
  "sourceAddressZone": "sz"
}'

Response

The following describes the response format.

Response body

The following describes the response body.

Field	Type	Required	Description
`action`	String	-	Request type
`returnCode`	Integer	-	Response code
`returnMessage`	String	-	Response message

Response status codes

For response status codes common to NAVER Cloud Platform, see Ncloud API response status codes.

Response example

The following is a sample example.

{
    "action": "updatePolicy",
    "returnCode": 0,
    "returnMessage": "success"
}

Was this article helpful?

What's Next

File Safer overview

Table of contents

Request
Response