Using a custom security policy

Use the sections that follow to add and apply security policies.

Add a custom security policy

To add a custom security policy, make the following POST request with the request body parameters:

Name	Type	Required or Optional	Description
name	string	Required	Name of your custom security policy.
rules	array	Required	List of rules that allow or deny inbound and outbound traffic based on the 7-tuple: source/destination network, source/destination CIDR, source/destination port, and protocol. In this example, the 7-tuple rule allows inbound SSH to the WAN network.

Name

Type

Required or Optional

Description

name

string

Required

Name of your custom security policy.

rules

array

Required

List of rules that allow or deny inbound and outbound traffic based on the 7-tuple: source/destination network, source/destination CIDR, source/destination port, and protocol.

In this example, the 7-tuple rule allows inbound SSH to the WAN network.

curl -X POST \
  -H 'X-API-KEY:<your_api_key>' \
  -H "Content-type:application/json" \
  -d '{"name":"<your_csp_name>", \
       "rules":[{"source_ip":"0.0.0.0/0", \
         "destination_ip":"0.0.0.0/0", \
         "action":"ALLOW", \
         "destination_port":{"start":22,"end":22}, \
         "source_port":{"start":1,"end":65535}, \
         "protocol":"TCP", \
         "priority":1000, \
         "destination_network":{"_iotium.network.name":"WAN Network"}, \
         "source_network":{}}]}' \
  'https://<your_company>.manage.iotium.io/api/v1/firewallgroup' \
  | jq '{id: .id, name:.name}'

The response includes the name and ID of your custom security policy:

{
  "id": "<your_csp_id>",
  "name": "<your_csp_name>"
}

Get all custom security policies

To get the list of all custom security policies added for your organization, make the following GET request with the query string parameters:

Name	Type	Required or Optional	Description
isDefault	boolean	Optional	Specify false to get custom security policies only (i.e., ignore default security policies).

curl -X GET \
  -H 'X-API-KEY:<your_api_key>' \
  -H "Content-type:application/json" \
  'https://<your_company>.manage.iotium.io/api/v2/firewallgroup?isDefault=false' \
  | jq '.results | .[]' | jq '{id: .id, name: .name}'

The response includes the names and IDs of all the custom security policies available for your organization:

{
     "id": "<your_csp_1_id>",
     "name": "<your_csp_1_name>"
},
{
     "id": "<your_csp_2_id>",
     "name": "<your_csp_2_name>"
}

Apply a custom security policy

To apply the rules in a custom security policy to your Edge Node's WAN network, make the following POST request with the request body parameters:

Name	Type	Required or Optional	Description
firewall_selector	object	Required	Select the custom security policy by label.

curl -X PUT \
  -H 'X-API-KEY:<your_api_key>' \
  -H "Content-type:application/json" \
  -d '{"firewall_selector":{"match_label":{"_iotium.firewall.name":"<your_csp_name>"}}}'\
  'https://<your_company>.manage.iotium.io/api/v1/network/<your_edge_wan_network_id> \
  | jq .policy.firewall_groups

The response includes the names and IDs of all the security policies applied on your Edge Node's WAN network:

[
  {
    "id": "<your_edge_wan_network_default_security_policy_id>",
    "name": "default"
  },
  {
    "id": "<your_csp_id>",
    "name": "<your_csp_name>"
  }
]