Forum Discussion

Phil's avatar
Phil
Icon for Joining the Conversation rankJoining the Conversation
7 months ago
Solved

Pull network rules via API

Hi community, I am trying to pull network settings for several sites. 
To be more precise, I would like to create a list of bypass rules per site.

I tried the following query with empty results:

query entityLookup ($accountID: ID!, $type: EntityType!, $parent: EntityInput!) {
    entityLookup (accountID: $accountID, type: $type, parent: $parent) {
        items {
            entity {
                id
                name
                type
            }
            description
            helperFields
        }
    }
}
{
    "accountID": "{{accountID}}",
    "type": "localRouting",
    "parent": {
      "id": 0,
      "type": "site"
    }
}

Other "type" like lanFirewall worked. Any suggestions how to proceed and get details about bypass ruleset per site?

  • Brian-Anderson's avatar
    Brian-Anderson
    2 months ago

    Hi,

    It looks like your query is looking to filter results for a specific site, where the siteId is 0.  This would not be a valid site ID which is why the results would not return any records.  You actually don't need to submit the parent, and you will get back all of the site records this way. 

    Query:
    query entityLookup ( $accountID:ID! $type:EntityType! $sortInput:[SortInput] $lookupFilterInput:[LookupFilterInput] ) {
      entityLookup ( accountID:$accountID  type:$type  sort:$sortInput  filters:$lookupFilterInput  ) {
        items  {
          entity  {
            id 
            name 
            type 
          }
          description
          helperFields
        }

        total 
      }  
    }
    Variables:
    {   
        "accountID": "12345",
        "type": "site"
    }

    Have you considered using the api explorer where you can have this application help craft these payloads for you and generate code for you as well? 
    https://github.com/catonetworks/cato-api-explorer

     

    We also have examples up on the terraform registry for how to manage networks and network rules for various route types, as well as TLSi rules for bypassing tls.  Is this what you are looking for?

    https://registry.terraform.io/providers/catonetworks/cato/latest/docs/resources/tls_rule
    https://registry.terraform.io/providers/catonetworks/cato/latest/docs/resources/wnw_rule
    https://registry.terraform.io/modules/catonetworks/bulk-tls-rules/cato/latest
    https://registry.terraform.io/modules/catonetworks/bulk-wnw-rules/cato/latest

    Please let us know if we can be of any further assistance. :D 

     

3 Replies

  • michaelsaw's avatar
    michaelsaw
    Icon for Cato Professional Services rankCato Professional Services
    7 months ago

    Hi Phil, 

    I did a check on the API reference: https://api.catonetworks.com/documentation/
    It seems that the site bypass API command is not found/available on the API reference, at the moment.

    Would you consider (1) using CMA to configure the setting, as an alternative, or (2) have a discussion with your assigned Sales Engineer for this potential feature enhancement request? ___

    Thank you and have a nice day ahead, Phil 👍

  • OrKlainer's avatar
    OrKlainer
    Icon for Joining the Conversation rankJoining the Conversation
    2 months ago

    Hi,

     

    What do you mean by "bypass rules"? Do you mean TLS Inspection rules that are set to bypass?

    Or do you mean bypass routing rules?

    Let me know where it's located on the UI and I'll try to help you.

  • Brian-Anderson's avatar
    Brian-Anderson
    Icon for Cato Employee rankCato Employee
    2 months ago

    Hi,

    It looks like your query is looking to filter results for a specific site, where the siteId is 0.  This would not be a valid site ID which is why the results would not return any records.  You actually don't need to submit the parent, and you will get back all of the site records this way. 

    Query:
    query entityLookup ( $accountID:ID! $type:EntityType! $sortInput:[SortInput] $lookupFilterInput:[LookupFilterInput] ) {
      entityLookup ( accountID:$accountID  type:$type  sort:$sortInput  filters:$lookupFilterInput  ) {
        items  {
          entity  {
            id 
            name 
            type 
          }
          description
          helperFields
        }

        total 
      }  
    }
    Variables:
    {   
        "accountID": "12345",
        "type": "site"
    }

    Have you considered using the api explorer where you can have this application help craft these payloads for you and generate code for you as well? 
    https://github.com/catonetworks/cato-api-explorer

     

    We also have examples up on the terraform registry for how to manage networks and network rules for various route types, as well as TLSi rules for bypassing tls.  Is this what you are looking for?

    https://registry.terraform.io/providers/catonetworks/cato/latest/docs/resources/tls_rule
    https://registry.terraform.io/providers/catonetworks/cato/latest/docs/resources/wnw_rule
    https://registry.terraform.io/modules/catonetworks/bulk-tls-rules/cato/latest
    https://registry.terraform.io/modules/catonetworks/bulk-wnw-rules/cato/latest

    Please let us know if we can be of any further assistance. :D