Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
RamiShahar
Contributor
Jump to solution

set-access-rule -error "message" : "Add Any is not allowed"

HI to all

Since api version 1.7 we cant use this api as we get this error 

{
  "code" : "generic_err_invalid_parameter",
  "message" : "Add Any is not allowed"
}

How We Send the API:
https://<HOST>/web_api/v1.8/set-access-rule
{
    "uid":"B71F2D99-4F3E-4568-93CC-6388D022CA36",
    "layer":"6a5b4108-a94e-4f5d-974b-8d8c431fdd5f",
    "service":
    {        "add":["Any"]
    }
}

Added here photo of the request and response

 

In version under 1.7 it works on the same api and request

Any idea what I might be missing?

0 Kudos
1 Solution

Accepted Solutions
Omer_Kleinstern
Employee
Employee

@PhoneBoy is correct. 

You cannot add "Any" to an existing collection of services.

You can set the entire collection to "Any":

 

https://<CP_IP>/web_api/v1.7/set-access-rule

Body: 

{

  "name" : "88c36229-e60d-4590-a5d9-387344dba9f1",

  "layer" : "8a994dd3-993e-4c0c-92a1-a8630b153f4c",

  "service: ["Any"]

}

 

View solution in original post

10 Replies
the_rock
Legend
Legend

I cant open photo you attached, would you mind send the command you did? I can try it in my lab on R81.20

Andy

0 Kudos
RamiShahar
Contributor

Sure 

This is the request's "url"

https://<CP_IP>/web_api/v1.7/set-access-rule

Body: 

{

  "name" : "88c36229-e60d-4590-a5d9-387344dba9f1",

  "layer" : "8a994dd3-993e-4c0c-92a1-a8630b153f4c",

"service":

    {

        "add":["Any"]

    } 

}

 

name= ruleUID

layer=NetowrkLayerUID

 

Result

{

    "code": "generic_err_invalid_parameter",

    "message": "Add Any is not allowed"

}

0 Kudos
the_rock
Legend
Legend

Will test soon.

Andy

0 Kudos
the_rock
Legend
Legend

All I get is below...

{
  "code" : "generic_err_missing_session_id",
  "message" : "No query parameters are found"
}
0 Kudos
PhoneBoy
Admin
Admin

@Omer_Kleinstern correct me if I’m wrong, but I don’t think you can add “Any” to a rule?
You certainly can’t do it without removing what’s already in the cell first.
Depending on your version and preference setting, removing all items from a source/destination should result in either an Any or a None (the rule default).

YakovKoren
Explorer

Hi,

When trying to remove the last object from the rule, we get the following:

{
"code" : "err_validation_failed",
"message" : "Validation failed with 1 warning",
"warnings" : [ {
"message" : "Access Rule contains an object of type 'None' in the Service & Applications column. This rule will never be matched."
} ]
}.

 

We know it worked up until Api version 1.6.

Is there a way to add flag or something so we can successfully remove all objects and make the rule to have 'Any'?

0 Kudos
PhoneBoy
Admin
Admin

While you clearly have an answer, I feel it's worth explaining this difference in behavior.
In R81.10, we added "None" as a possible entry for the Source/Destination/Service field.
If a rule contains "none" in the Source/Destination/Service field, no traffic will match it.
You can change the default behavior for the Source/Destination/Service field when:

  • New rules are added (previously this was always any any any drop)
  • When the last item in the cell is removed (i.e. does it become Any or None)

Refer to the following screenshot:

image.png

If you're wanting to explicitly set the field to Any, it should be done as @Omer_Kleinstern advised.

0 Kudos
Omer_Kleinstern
Employee
Employee

@PhoneBoy is correct. 

You cannot add "Any" to an existing collection of services.

You can set the entire collection to "Any":

 

https://<CP_IP>/web_api/v1.7/set-access-rule

Body: 

{

  "name" : "88c36229-e60d-4590-a5d9-387344dba9f1",

  "layer" : "8a994dd3-993e-4c0c-92a1-a8630b153f4c",

  "service: ["Any"]

}

 

YakovKoren
Explorer

Works!

Thank you for the fast response!

0 Kudos
RamiShahar
Contributor

Thx for your time and help  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events