Create firewall
Creates a firewall.
URI
/v2.0/fw/firewalls
HTTP method
POST
Request parameter
| Key | Description | Type | Required/optional |
|---|---|---|---|
| admin_state_up | Administrative state of the firewall. If false (down), firewall does not forward packets and will drop all traffic to/from VMs behind the firewall. | xsd:bool | Optional |
| firewall_policy_id | The firewall policy uuid that this firewall is associated with. This firewall will implement the rules contained in the firewall policy represented by this uuid. | csapi:uuid | Required |
| router_id | The ID of the router that this firewall be applied. If you specify both router_ids and router_id at the same time, the resource will be created at all routers of router_ids. |
xsd:string | Optional (not recommended) |
| router_ids | The list of IDs for the routers that this firewall be applied. If you specify both router_ids and router_id at the same time, the resource will be created at all routers of router_ids. If you do not specify either router_ids or router_id, the resource will be created at all routers in the project at that time. |
xsd:string | Optional |
| Description | Human readable description for the firewall (255 character limit). | xsd:string | Optional |
| name | Human readable name for the firewall (255 character limit). Does not have to be unique. | xsd:string | Optional |
| availability_zone | The Availability Zone name. If you do not specify this, the resource will be created in the default Availability Zone. |
xsd:string | Optional |
CAUTION:
router_id is not a recommended parameter. It only remains to enable smooth migration to the new parameter router_ids. You should use router_ids. router_id may be deleted in the future.
CAUTION:
The router_id attribute is only enabled when the router_id attribute is specified when creating the request parameters. In all other cases router_ids will be enabled.
Example request
{
"firewall": {
"router_ids": [
"fe00194c-d73c-4b46-b94a-622bf28fc9e2"
],
"admin_state_up": true,
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"availability_zone": "AZ1"
}
}
Response status
| Status code | Description |
|---|---|
| 201 | Normal response codes |
| itemNotFound (404) | Error response codes |
| forbidden (403) | Error response codes |
| Bad Request (400) | Error response codes |
| Unauthorized (401) | Error response codes |
Response body (normal status)
{
"firewall": {
"status": "PENDING_CREATE",
"router_ids": [
"fe00194c-d73c-4b46-b94a-622bf28fc9e2"
],
"name": "",
"admin_state_up": true,
"tenant_id": "45977fa2dbd7482098dd68d0d8970117",
"firewall_policy_id": "c69933c1-b472-44f9-8226-30dc4ffd454c",
"id": "3b0ef8f4-82c7-44d4-a4fb-6177f9a21977",
"description": "",
"availability_zone": "AZ1"
}
}
Description of response body (normal status)
| Item | Description |
|---|---|
| admin_state_up | Administrative state of the firewall. If false (down), firewall does not forward packets and will drop all traffic to/from VMs behind the firewall. |
| Description | Human readable description for the firewall (1024 character limit). |
| firewall_policy_id | The firewall policy uuid that this firewall is associated with. This firewall will implement the rules contained in the firewall policy represented by this uuid. |
| id | Unique identifier for the firewall object. |
| name | Human readable name for the firewall (255 character limit). Does not have to be unique. |
| status | Indicates whether firewall resource is currently operational. Possible values include: ACTIVE, INACTIVE, DOWN, ERROR, PENDING_CREATE, PENDING_UPDATE, or PENDING_DELETE. |
| tenant_id | Owner of the firewall. Only admin users can specify a project identifier other than their own. |
| router_id (not recommended) | The ID of the router that this firewall applied. |
| router_ids | The list of IDs for routers that this firewall applied |
| availability_zone | The Availability Zone name. |
CAUTION:
router_id is not a recommended parameter. It only remains to enable smooth migration to the new parameter router_ids. You should use router_ids. router_id may be deleted in the future.
CAUTION:
The router_id attribute and the router_ids attribute are only included in the response of the relevant firewall when either of them is enabled.