Forum Discussion

drwolcot's avatar
26 days ago

Updating Firewall Rules with Bulk Addresses/Domains

I am new to learning how to programmatically configure using API but running across a few stumbling blocks. 

If there are some basic examples of showing how to use the API to do perform common tasks such as updating firewall rules that would be fantastic. 

I have been using the Cato API Explorer in docker, the GraphGL Explorer , API documentation but my experience using APIs is slowing me down. 

 

Task to Accomplish

We have a large amount of domains that we would like to block into a specific internet firewall rule. 

Question

What are the steps and different queries and mutations I need to make this happen? How do I update the destinations without deleting the existing destination domains that are already there?

Issues

  • locked a firewall rule from editing, due to not knowing what prerequisites were needed such as queries/mutations. (This is resolved after doing a publishPolicyRevision mutation)
  • testing with a single destination domain replaces all of the existing destination domains that were already present instead of appending a new one
  • My response shows all rules with name and dest. domains even though only the specific rule ID is being updated. 

 

Current Config

mutation RuleUpdate {
  policy(accountId: "xxx") {
    internetFirewall {
      createPolicyRevision(
        input: {name: "Dest-Domain-Updates", description: "Dest Domain Update"}
      ) {
        policy {
          audit {
            publishedBy
            publishedTime
          }
          revision {
            changes
            createdTime
            description
            id
            name
            updatedTime
          }
          rules {
            rule {
              destination {
                domain
              }
            }
          }
        }
      }
      updateRule(
        input: {id: "xxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx", rule: {destination: {domain: "[123testdomain.com"}}}
      ) {
        errors {
          errorCode
          errorMessage
        }
      }
      publishPolicyRevision(input: {name: "Dest-Domain-Updates"}) {
        policy {
          rules {
            rule {
              destination {
                domain
              }
            }
          }
        }
      }
    }
  }
}

Goal

Further the use of the API to make config changes and create objects within CMA, especially bulk items.

No RepliesBe the first to reply