openapi: 3.1.0 info: title: Palo Alto Networks Cloud NGFW for AWS REST API description: >- REST API for managing Palo Alto Networks Cloud Next-Generation Firewall (Cloud NGFW) deployments on Amazon Web Services. Provides programmatic access to create and manage rule stacks, security rules, FQDN lists, prefix lists, and Cloud NGFW firewall instances. Authentication uses AWS IAM Signature Version 4 (SigV4) request signing with an IAM role or user that has been granted the appropriate Cloud NGFW IAM permissions. Rule stack changes are staged in candidate configuration and must be explicitly committed to take effect. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/cloudngfw/aws/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.{region}.aws.cloudngfw.paloaltonetworks.com/v1 description: Cloud NGFW for AWS regional API endpoint. variables: region: description: >- AWS region where Cloud NGFW is deployed (e.g., us-east-1, us-west-2, eu-west-1). default: us-east-1 security: - awsSigV4: [] tags: - name: Firewalls description: Cloud NGFW firewall instance management. - name: FQDNLists description: FQDN list management for use in security rule destination criteria. - name: PrefixLists description: IP prefix list management for use in security rule source and destination criteria. - name: RuleStacks description: Rule stack management. Rule stacks contain the security policy applied to Cloud NGFW instances. - name: SecurityRules description: Security rules within rule stacks. paths: /config/rulestacks: get: operationId: listRuleStacks summary: Palo Alto Networks List Rule Stacks description: >- Returns a paginated list of all rule stacks in the account. Rule stacks contain security rules, FQDN lists, prefix lists, and security profiles that define the firewall policy applied to Cloud NGFW instances. tags: - RuleStacks parameters: - name: maxresults in: query description: Maximum number of rule stacks to return per page. schema: type: integer default: 100 maximum: 1000 example: 100 - name: nexttoken in: query description: Pagination token from a previous response. schema: type: string example: example-nexttoken - name: scope in: query description: Scope filter for rule stacks. schema: type: string enum: - Local - Global example: Global responses: '200': description: Rule stacks returned successfully. content: application/json: schema: type: object properties: Response: type: object properties: RuleStackCandidates: type: array items: $ref: '#/components/schemas/RuleStackSummary' NextToken: type: string description: Token for retrieving the next page of results. ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: ListRuleStacks200Example: summary: Default listRuleStacks 200 response x-microcks-default: true value: Response: RuleStackCandidates: - RuleStackName: Corporate Sensor 39 Scope: Local Status: ACTIVE NextToken: example-NextToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createRuleStack summary: Palo Alto Networks Create Rule Stack description: >- Creates a new rule stack. A rule stack is a container for firewall policy including security rules, FQDN lists, and prefix lists. Rule stacks are associated with Cloud NGFW firewall instances to define their security policy. tags: - RuleStacks requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RuleStackRequest' examples: CreateRuleStackRequestExample: summary: Default createRuleStack request x-microcks-default: true value: RuleStackName: Branch Policy 33 RuleStackEntry: &id002 Description: Firewall endpoint applied malware violation network activity detected violation threat. Scope: Local MinAppIdVersion: 2.0.3 Profile: AntiSpywareProfile: HVAC Controller AntiVirusProfile: HVAC Controller VulnerabilityProfile: HVAC Controller URLFilteringProfile: HVAC Controller responses: '200': description: Rule stack created successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/RuleStack' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: CreateRuleStack200Example: summary: Default createRuleStack 200 response x-microcks-default: true value: Response: RuleStackName: Primary Agent 48 RuleStackEntry: &id001 Description: Detected monitoring blocked endpoint Security Security on detected. Scope: Local MinAppIdVersion: 7.5.1 LookupXForwardedFor: None Profile: AntiSpywareProfile: Network Printer AntiVirusProfile: HVAC Controller VulnerabilityProfile: HVAC Controller URLFilteringProfile: Network Printer FileBlockingProfile: Network Printer UpdateToken: example-UpdateToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/rulestacks/{rulestack}: get: operationId: getRuleStack summary: Palo Alto Networks Get Rule Stack description: Returns the configuration of a specific rule stack by name. tags: - RuleStacks parameters: - $ref: '#/components/parameters/rulestack' - name: candidate in: query description: Return candidate (uncommitted) configuration if true. schema: type: boolean default: false example: false responses: '200': description: Rule stack returned successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/RuleStack' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: GetRuleStack200Example: summary: Default getRuleStack 200 response x-microcks-default: true value: Response: RuleStackName: Primary Agent 48 RuleStackEntry: *id001 UpdateToken: example-UpdateToken ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateRuleStack summary: Palo Alto Networks Update Rule Stack description: >- Updates the configuration of an existing rule stack. Changes are staged in candidate configuration until committed via the commit endpoint. tags: - RuleStacks parameters: - $ref: '#/components/parameters/rulestack' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/RuleStackRequest' examples: UpdateRuleStackRequestExample: summary: Default updateRuleStack request x-microcks-default: true value: RuleStackName: Branch Policy 33 RuleStackEntry: *id002 responses: '200': description: Rule stack updated successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/RuleStack' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: UpdateRuleStack200Example: summary: Default updateRuleStack 200 response x-microcks-default: true value: Response: RuleStackName: Primary Agent 48 RuleStackEntry: *id001 UpdateToken: example-UpdateToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteRuleStack summary: Palo Alto Networks Delete Rule Stack description: >- Deletes a rule stack. The rule stack must not be associated with any active Cloud NGFW firewall instances before deletion. tags: - RuleStacks parameters: - $ref: '#/components/parameters/rulestack' responses: '200': description: Rule stack deleted successfully. content: application/json: schema: type: object properties: ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: DeleteRuleStack200Example: summary: Default deleteRuleStack 200 response x-microcks-default: true value: ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/rulestacks/{rulestack}/commit: post: operationId: commitRuleStack summary: Palo Alto Networks Commit Rule Stack description: >- Commits the candidate configuration of the rule stack to the running configuration. This applies all staged changes to active Cloud NGFW firewall instances associated with this rule stack. tags: - RuleStacks parameters: - $ref: '#/components/parameters/rulestack' responses: '200': description: Rule stack commit initiated successfully. content: application/json: schema: type: object properties: Response: type: object properties: CommitStatus: type: string enum: - CommitSuccess - CommitFailed - CommitInProgress JobId: type: string description: Job ID to poll for commit completion status. ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: CommitRuleStack200Example: summary: Default commitRuleStack 200 response x-microcks-default: true value: Response: CommitStatus: CommitFailed JobId: '850717' ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/rulestacks/{rulestack}/security-rules: get: operationId: listSecurityRules summary: Palo Alto Networks List Security Rules description: >- Returns all security rules in the specified rule stack. Security rules are evaluated in priority order and define traffic inspection and forwarding policy for the Cloud NGFW. tags: - SecurityRules parameters: - $ref: '#/components/parameters/rulestack' - name: maxresults in: query description: Maximum number of rules to return. schema: type: integer default: 100 example: 100 - name: nexttoken in: query description: Pagination token from a previous response. schema: type: string example: example-nexttoken - name: listtype in: query description: Whether to return candidate or running configuration. schema: type: string enum: - CANDIDATE - RUNNING default: CANDIDATE example: CANDIDATE responses: '200': description: Security rules returned successfully. content: application/json: schema: type: object properties: Response: type: object properties: RuleListCandidate: type: array items: $ref: '#/components/schemas/SecurityRuleSummary' NextToken: type: string ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: ListSecurityRules200Example: summary: Default listSecurityRules 200 response x-microcks-default: true value: Response: RuleListCandidate: - Priority: 234 RuleName: Production Policy 12 Enabled: false NextToken: example-NextToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createSecurityRule summary: Palo Alto Networks Create Security Rule description: >- Creates a new security rule in the rule stack at the specified priority. Rules with lower priority numbers are evaluated first. Define source and destination criteria, applications, and the enforcement action. tags: - SecurityRules parameters: - $ref: '#/components/parameters/rulestack' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecurityRuleRequest' examples: CreateSecurityRuleRequestExample: summary: Default createSecurityRule request x-microcks-default: true value: Priority: 48316 RuleEntry: &id004 RuleName: Primary Gateway 01 Description: Activity Security blocked suspicious threat alert activity firewall. Enabled: true Source: Cidrs: - example-Cidrs_item Countries: - example-Countries_item Feeds: - example-Feeds_item - example-Feeds_item PrefixLists: - example-PrefixLists_item - example-PrefixLists_item Destination: Cidrs: - example-Cidrs_item - example-Cidrs_item Countries: - example-Countries_item - example-Countries_item Feeds: - example-Feeds_item FqdnLists: - example-FqdnLists_item - example-FqdnLists_item PrefixLists: - example-PrefixLists_item Applications: - ssh Protocol: APPLICATION-DEFAULT Action: DenySilent responses: '200': description: Security rule created successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/SecurityRule' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: CreateSecurityRule200Example: summary: Default createSecurityRule 200 response x-microcks-default: true value: Response: Priority: 707 RuleEntry: &id003 RuleName: Primary Gateway 01 Description: Firewall alert incident monitoring investigation threat threat blocked activity monitoring. Enabled: true Source: Cidrs: - example-Cidrs_item - example-Cidrs_item Countries: - example-Countries_item - example-Countries_item Feeds: - example-Feeds_item PrefixLists: - example-PrefixLists_item NegateSource: false Destination: Cidrs: - example-Cidrs_item Countries: - example-Countries_item - example-Countries_item Feeds: - example-Feeds_item FqdnLists: - example-FqdnLists_item - example-FqdnLists_item PrefixLists: - example-PrefixLists_item NegateDestination: false Applications: - dns - web-browsing Category: URLCategoryNames: - Production Sensor 06 Feeds: - example-Feeds_item Protocol: UDP Action: Allow DecryptionRuleType: SSLOutboundInspection AuditComment: Rule malware monitoring malware firewall violation suspicious detected applied firewall detected applied. ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/rulestacks/{rulestack}/security-rules/{priority}: get: operationId: getSecurityRule summary: Palo Alto Networks Get Security Rule description: Returns a specific security rule by its priority number within the rule stack. tags: - SecurityRules parameters: - $ref: '#/components/parameters/rulestack' - $ref: '#/components/parameters/priority' - name: candidate in: query description: Return candidate configuration if true, running configuration if false. schema: type: boolean default: true example: true responses: '200': description: Security rule returned successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/SecurityRule' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: GetSecurityRule200Example: summary: Default getSecurityRule 200 response x-microcks-default: true value: Response: Priority: 707 RuleEntry: *id003 ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateSecurityRule summary: Palo Alto Networks Update Security Rule description: Updates an existing security rule at the specified priority in the rule stack. tags: - SecurityRules parameters: - $ref: '#/components/parameters/rulestack' - $ref: '#/components/parameters/priority' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/SecurityRuleRequest' examples: UpdateSecurityRuleRequestExample: summary: Default updateSecurityRule request x-microcks-default: true value: Priority: 48316 RuleEntry: *id004 responses: '200': description: Security rule updated successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/SecurityRule' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: UpdateSecurityRule200Example: summary: Default updateSecurityRule 200 response x-microcks-default: true value: Response: Priority: 707 RuleEntry: *id003 ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteSecurityRule summary: Palo Alto Networks Delete Security Rule description: Deletes the security rule at the specified priority from the rule stack. tags: - SecurityRules parameters: - $ref: '#/components/parameters/rulestack' - $ref: '#/components/parameters/priority' responses: '200': description: Security rule deleted successfully. content: application/json: schema: type: object properties: ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: DeleteSecurityRule200Example: summary: Default deleteSecurityRule 200 response x-microcks-default: true value: ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/rulestacks/{rulestack}/fqdnlists: get: operationId: listFqdnLists summary: Palo Alto Networks List FQDN Lists description: >- Returns all FQDN lists in the specified rule stack. FQDN lists contain domain name entries referenced in security rule destination criteria. tags: - FQDNLists parameters: - $ref: '#/components/parameters/rulestack' - name: maxresults in: query schema: type: integer default: 100 example: 100 - name: nexttoken in: query schema: type: string example: example-nexttoken responses: '200': description: FQDN lists returned successfully. content: application/json: schema: type: object properties: Response: type: object properties: FqdnListCandidates: type: array items: $ref: '#/components/schemas/FqdnListSummary' NextToken: type: string ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: ListFqdnLists200Example: summary: Default listFqdnLists 200 response x-microcks-default: true value: Response: FqdnListCandidates: - FqdnListName: Primary Firewall 80 NextToken: example-NextToken ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createFqdnList summary: Palo Alto Networks Create FQDN List description: Creates a new FQDN list in the rule stack with a set of domain name entries. tags: - FQDNLists parameters: - $ref: '#/components/parameters/rulestack' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FqdnListRequest' examples: CreateFqdnListRequestExample: summary: Default createFqdnList request x-microcks-default: true value: FqdnListName: Primary Agent 55 FqdnListEntry: &id009 Description: Network rule endpoint traffic suspicious on configured suspicious policy violation detected. FqdnList: - example-FqdnList_item - example-FqdnList_item responses: '200': description: FQDN list created successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/FqdnList' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: CreateFqdnList200Example: summary: Default createFqdnList 200 response x-microcks-default: true value: Response: FqdnListName: Production Firewall 87 FqdnListEntry: &id008 Description: Incident configured activity on configured detected alert investigation policy blocked incident. FqdnList: - example-FqdnList_item UpdateToken: example-UpdateToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/rulestacks/{rulestack}/prefixlists: get: operationId: listPrefixLists summary: Palo Alto Networks List Prefix Lists description: >- Returns all IP prefix lists in the specified rule stack. Prefix lists contain CIDR block entries used as source or destination criteria in security rules. tags: - PrefixLists parameters: - $ref: '#/components/parameters/rulestack' - name: maxresults in: query schema: type: integer default: 100 example: 100 - name: nexttoken in: query schema: type: string example: example-nexttoken responses: '200': description: Prefix lists returned successfully. content: application/json: schema: type: object properties: Response: type: object properties: PrefixListCandidates: type: array items: $ref: '#/components/schemas/PrefixListSummary' NextToken: type: string ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: ListPrefixLists200Example: summary: Default listPrefixLists 200 response x-microcks-default: true value: Response: PrefixListCandidates: - PrefixListName: Staging Sensor 53 NextToken: example-NextToken ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createPrefixList summary: Palo Alto Networks Create Prefix List description: Creates a new IP prefix list in the rule stack with a set of CIDR entries. tags: - PrefixLists parameters: - $ref: '#/components/parameters/rulestack' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PrefixListRequest' examples: CreatePrefixListRequestExample: summary: Default createPrefixList request x-microcks-default: true value: PrefixListName: Primary Agent 32 PrefixListEntry: &id011 Description: Incident monitoring rule incident violation activity. PrefixList: - example-PrefixList_item responses: '200': description: Prefix list created successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/PrefixList' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: CreatePrefixList200Example: summary: Default createPrefixList 200 response x-microcks-default: true value: Response: PrefixListName: Production Sensor 34 PrefixListEntry: &id010 Description: Traffic configured policy applied blocked detected violation investigation suspicious threat. PrefixList: - example-PrefixList_item - example-PrefixList_item UpdateToken: example-UpdateToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/ngfirewalls: get: operationId: listFirewalls summary: Palo Alto Networks List Cloud NGFW Firewalls description: >- Returns a paginated list of all Cloud NGFW firewall instances in the AWS account. Each entry includes configuration, associated rule stack, VPC attachment, and operational status. tags: - Firewalls parameters: - name: maxresults in: query schema: type: integer default: 100 example: 100 - name: nexttoken in: query schema: type: string example: example-nexttoken - name: vpcid in: query description: Filter firewalls by AWS VPC ID. schema: type: string example: '161612' responses: '200': description: Firewalls returned successfully. content: application/json: schema: type: object properties: Response: type: object properties: Firewalls: type: array items: $ref: '#/components/schemas/FirewallSummary' NextToken: type: string ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: ListFirewalls200Example: summary: Default listFirewalls 200 response x-microcks-default: true value: Response: Firewalls: - FirewallName: Production Gateway 93 VpcId: '780399' AssociatedRuleStack: example-AssociatedRuleStack Status: running NextToken: example-NextToken ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createFirewall summary: Palo Alto Networks Create Cloud NGFW Firewall description: >- Creates a new Cloud NGFW firewall instance in the specified VPC. Specify the associated rule stack, VPC and subnet mappings for endpoint creation, and optional logging configuration. tags: - Firewalls requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FirewallRequest' examples: CreateFirewallRequestExample: summary: Default createFirewall request x-microcks-default: true value: FirewallName: Production Sensor 15 FirewallEntry: &id007 Description: Monitoring alert applied blocked policy monitoring traffic activity network policy threat. VpcId: '911913' AssociatedRuleStack: example-AssociatedRuleStack SubnetMappings: - SubnetId: '671001' - SubnetId: '304867' Tags: - Key: example-Key Value: example-Value responses: '200': description: Firewall created successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/Firewall' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: CreateFirewall200Example: summary: Default createFirewall 200 response x-microcks-default: true value: Response: FirewallName: Corporate Policy 70 FirewallEntry: &id005 Description: Firewall violation traffic monitoring firewall blocked suspicious traffic rule investigation applied malware. VpcId: '325753' AssociatedRuleStack: example-AssociatedRuleStack SubnetMappings: - SubnetId: '207407' AvailabilityZone: untrust Tags: - Key: example-Key Value: example-Value FirewallStatus: &id006 FirewallStatus: DELETING Attachments: - SubnetId: '241296' EndpointId: '635794' Status: enabled - SubnetId: '713413' EndpointId: '622390' Status: active ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '409': $ref: '#/components/responses/Conflict' x-microcks-operation: delay: 0 dispatcher: FALLBACK /config/ngfirewalls/{firewall}: get: operationId: getFirewall summary: Palo Alto Networks Get Cloud NGFW Firewall description: Returns the configuration and status of a specific Cloud NGFW firewall instance. tags: - Firewalls parameters: - $ref: '#/components/parameters/firewall' responses: '200': description: Firewall returned successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/Firewall' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: GetFirewall200Example: summary: Default getFirewall 200 response x-microcks-default: true value: Response: FirewallName: Corporate Policy 70 FirewallEntry: *id005 FirewallStatus: *id006 ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updateFirewall summary: Palo Alto Networks Update Cloud NGFW Firewall description: >- Updates the configuration of an existing Cloud NGFW firewall instance, such as changing the associated rule stack or updating subnet mappings. tags: - Firewalls parameters: - $ref: '#/components/parameters/firewall' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/FirewallRequest' examples: UpdateFirewallRequestExample: summary: Default updateFirewall request x-microcks-default: true value: FirewallName: Production Sensor 15 FirewallEntry: *id007 responses: '200': description: Firewall updated successfully. content: application/json: schema: type: object properties: Response: $ref: '#/components/schemas/Firewall' ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: UpdateFirewall200Example: summary: Default updateFirewall 200 response x-microcks-default: true value: Response: FirewallName: Corporate Policy 70 FirewallEntry: *id005 FirewallStatus: *id006 ResponseStatus: ErrorCode: 0 Reason: '' '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK delete: operationId: deleteFirewall summary: Palo Alto Networks Delete Cloud NGFW Firewall description: >- Deletes a Cloud NGFW firewall instance. This disassociates the firewall from the VPC and removes all associated endpoints. The firewall must be in a PROVISIONING or ACTIVE state to be deleted. tags: - Firewalls parameters: - $ref: '#/components/parameters/firewall' responses: '200': description: Firewall deletion initiated successfully. content: application/json: schema: type: object properties: ResponseStatus: $ref: '#/components/schemas/ResponseStatus' examples: DeleteFirewall200Example: summary: Default deleteFirewall 200 response x-microcks-default: true value: ResponseStatus: ErrorCode: 0 Reason: '' '401': $ref: '#/components/responses/Unauthorized' '404': $ref: '#/components/responses/NotFound' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: awsSigV4: type: apiKey in: header name: Authorization description: >- AWS Signature Version 4 (SigV4) signed request. Use an AWS IAM role or user with CloudNGFW IAM permissions. Sign requests using the service name cloudngfw and the target AWS region. Include x-amz-date and x-amz-security-token headers as required. parameters: rulestack: name: rulestack in: path required: true description: Name of the rule stack. schema: type: string priority: name: priority in: path required: true description: >- Priority number of the security rule. Rules with lower numbers are evaluated first (range 1-65535). schema: type: integer minimum: 1 maximum: 65535 firewall: name: firewall in: path required: true description: Name of the Cloud NGFW firewall instance. schema: type: string responses: BadRequest: description: Malformed request or invalid parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Missing or invalid AWS credentials. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Forbidden: description: Insufficient IAM permissions for the requested operation. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Conflict: description: A resource with the specified name already exists or cannot be modified. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: An internal server error occurred. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' schemas: ResponseStatus: type: object description: Standard API response status envelope included in all responses. properties: ErrorCode: type: integer description: Error code. 0 indicates success. example: 0 Reason: type: string description: Human-readable status message. example: '' RuleStack: type: object description: A rule stack containing security policy for Cloud NGFW firewall instances. properties: RuleStackName: type: string description: Unique name of the rule stack. example: Primary Agent 48 RuleStackEntry: type: object properties: Description: type: string example: Incident rule network detected investigation applied threat incident Security suspicious blocked activity. Scope: type: string enum: - Local - Global example: Local MinAppIdVersion: type: string description: Minimum App-ID content version required. example: 5.7.7 LookupXForwardedFor: type: string enum: - SecurityPolicy - None example: SecurityPolicy Profile: type: object properties: AntiSpywareProfile: type: string example: IP Camera AntiVirusProfile: type: string example: IP Camera VulnerabilityProfile: type: string example: IP Camera URLFilteringProfile: type: string example: Network Printer FileBlockingProfile: type: string example: HVAC Controller example: AntiSpywareProfile: IP Camera AntiVirusProfile: Network Printer VulnerabilityProfile: HVAC Controller URLFilteringProfile: HVAC Controller FileBlockingProfile: HVAC Controller example: *id001 UpdateToken: type: string description: Optimistic lock token for concurrent modification detection. example: example-UpdateToken RuleStackSummary: type: object properties: RuleStackName: type: string example: Corporate Sensor 39 Scope: type: string enum: - Local - Global example: Local Status: type: string enum: - ACTIVE - INACTIVE - ERROR example: ACTIVE RuleStackRequest: type: object required: - RuleStackName - RuleStackEntry properties: RuleStackName: type: string example: Branch Policy 33 RuleStackEntry: type: object properties: Description: type: string example: Endpoint activity incident network monitoring investigation. Scope: type: string enum: - Local - Global default: Local example: Local MinAppIdVersion: type: string example: 8.8.3 Profile: type: object properties: AntiSpywareProfile: type: string example: Network Printer AntiVirusProfile: type: string example: IP Camera VulnerabilityProfile: type: string example: IP Camera URLFilteringProfile: type: string example: IP Camera example: AntiSpywareProfile: IP Camera AntiVirusProfile: Network Printer VulnerabilityProfile: IP Camera URLFilteringProfile: Network Printer example: *id002 SecurityRule: type: object description: A security rule within a Cloud NGFW rule stack. properties: Priority: type: integer description: Rule evaluation priority (lower numbers evaluated first). example: 707 RuleEntry: type: object properties: RuleName: type: string example: Staging Policy 40 Description: type: string example: Threat network configured alert configured violation rule malware alert monitoring threat. Enabled: type: boolean default: true example: true Source: $ref: '#/components/schemas/RuleSource' NegateSource: type: boolean default: false example: false Destination: $ref: '#/components/schemas/RuleDestination' NegateDestination: type: boolean default: false example: false Applications: type: array items: type: string description: Application names to match (use any for all applications). example: - ssl - ssh Category: type: object properties: URLCategoryNames: type: array items: type: string example: - Staging Firewall 58 - Primary Firewall 83 Feeds: type: array items: type: string example: - example-Feeds_item - example-Feeds_item example: URLCategoryNames: - Production Firewall 26 - Primary Policy 38 Feeds: - example-Feeds_item Protocol: type: string enum: - APPLICATION-DEFAULT - TCP - UDP - ICMP - ANY example: ICMP Action: type: string enum: - Allow - DenyResetBoth - DenyResetServer - DenySilent example: Allow DecryptionRuleType: type: string enum: - SSLOutboundInspection - None example: None AuditComment: type: string example: Blocked suspicious rule investigation activity on. example: *id003 SecurityRuleSummary: type: object properties: Priority: type: integer example: 234 RuleName: type: string example: Production Policy 12 Enabled: type: boolean example: false SecurityRuleRequest: type: object required: - Priority - RuleEntry properties: Priority: type: integer minimum: 1 maximum: 65535 example: 48316 RuleEntry: type: object required: - RuleName - Action properties: RuleName: type: string example: Primary Sensor 76 Description: type: string example: Threat alert rule policy investigation on activity rule threat activity traffic. Enabled: type: boolean default: true example: true Source: $ref: '#/components/schemas/RuleSource' Destination: $ref: '#/components/schemas/RuleDestination' Applications: type: array items: type: string example: - ssl - web-browsing Protocol: type: string enum: - APPLICATION-DEFAULT - ANY example: APPLICATION-DEFAULT Action: type: string enum: - Allow - DenyResetBoth - DenyResetServer - DenySilent example: DenyResetServer example: *id004 RuleSource: type: object description: Traffic source matching criteria for a security rule. properties: Cidrs: type: array items: type: string description: Source CIDR blocks (e.g., 10.0.0.0/8). example: - example-Cidrs_item - example-Cidrs_item Countries: type: array items: type: string description: Source country codes (ISO 3166-1 alpha-2). example: - example-Countries_item Feeds: type: array items: type: string description: Threat intelligence feed names. example: - example-Feeds_item - example-Feeds_item PrefixLists: type: array items: type: string description: Names of prefix lists defined in the rule stack. example: - example-PrefixLists_item - example-PrefixLists_item RuleDestination: type: object description: Traffic destination matching criteria for a security rule. properties: Cidrs: type: array items: type: string description: Destination CIDR blocks. example: - example-Cidrs_item - example-Cidrs_item Countries: type: array items: type: string description: Destination country codes. example: - example-Countries_item - example-Countries_item Feeds: type: array items: type: string example: - example-Feeds_item FqdnLists: type: array items: type: string description: Names of FQDN lists defined in the rule stack. example: - example-FqdnLists_item PrefixLists: type: array items: type: string example: - example-PrefixLists_item FqdnList: type: object description: An FQDN list containing domain name entries for use in security rule destination criteria. properties: FqdnListName: type: string example: Production Firewall 87 FqdnListEntry: type: object properties: Description: type: string example: Suspicious incident incident network firewall alert applied traffic blocked firewall policy violation. FqdnList: type: array items: type: string description: Fully qualified domain names (e.g., example.com, *.example.com). example: - example-FqdnList_item - example-FqdnList_item example: *id008 UpdateToken: type: string example: example-UpdateToken FqdnListSummary: type: object properties: FqdnListName: type: string example: Primary Firewall 80 FqdnListRequest: type: object required: - FqdnListName - FqdnListEntry properties: FqdnListName: type: string example: Primary Agent 55 FqdnListEntry: type: object required: - FqdnList properties: Description: type: string example: Suspicious violation threat network rule firewall network. FqdnList: type: array items: type: string example: - example-FqdnList_item - example-FqdnList_item example: *id009 PrefixList: type: object description: An IP prefix list containing CIDR entries for use in security rule source and destination criteria. properties: PrefixListName: type: string example: Production Sensor 34 PrefixListEntry: type: object properties: Description: type: string example: Alert on investigation incident blocked Security blocked rule policy. PrefixList: type: array items: type: string description: CIDR block entries (e.g., 10.0.0.0/8, 192.168.0.0/16). example: - example-PrefixList_item - example-PrefixList_item example: *id010 UpdateToken: type: string example: example-UpdateToken PrefixListSummary: type: object properties: PrefixListName: type: string example: Staging Sensor 53 PrefixListRequest: type: object required: - PrefixListName - PrefixListEntry properties: PrefixListName: type: string example: Primary Agent 32 PrefixListEntry: type: object required: - PrefixList properties: Description: type: string example: Applied Security policy firewall applied alert. PrefixList: type: array items: type: string example: - example-PrefixList_item example: *id011 Firewall: type: object description: A Cloud NGFW firewall instance deployed in an AWS VPC. properties: FirewallName: type: string example: Corporate Policy 70 FirewallEntry: type: object properties: Description: type: string example: Malware endpoint incident policy endpoint on applied rule applied. VpcId: type: string description: AWS VPC ID where the firewall is deployed. example: '886305' AssociatedRuleStack: type: string description: Name of the rule stack associated with this firewall. example: example-AssociatedRuleStack SubnetMappings: type: array items: type: object properties: SubnetId: type: string description: AWS subnet ID for the firewall endpoint. example: '124164' AvailabilityZone: type: string example: untrust example: - SubnetId: '297621' AvailabilityZone: dmz - SubnetId: '781667' AvailabilityZone: untrust Tags: type: array items: type: object properties: Key: type: string example: example-Key Value: type: string example: example-Value example: - Key: example-Key Value: example-Value - Key: example-Key Value: example-Value example: *id005 FirewallStatus: type: object properties: FirewallStatus: type: string enum: - PROVISIONING - ACTIVE - DELETING - FAILED example: FAILED Attachments: type: array items: type: object properties: SubnetId: type: string example: '513355' EndpointId: type: string example: '268654' Status: type: string example: active example: - SubnetId: '690238' EndpointId: '699787' Status: active - SubnetId: '994368' EndpointId: '479951' Status: running example: *id006 FirewallSummary: type: object properties: FirewallName: type: string example: Production Gateway 93 VpcId: type: string example: '780399' AssociatedRuleStack: type: string example: example-AssociatedRuleStack Status: type: string example: running FirewallRequest: type: object required: - FirewallName - FirewallEntry properties: FirewallName: type: string example: Production Sensor 15 FirewallEntry: type: object required: - VpcId - AssociatedRuleStack - SubnetMappings properties: Description: type: string example: Activity incident alert configured firewall suspicious policy. VpcId: type: string example: '226288' AssociatedRuleStack: type: string example: example-AssociatedRuleStack SubnetMappings: type: array items: type: object properties: SubnetId: type: string example: '436036' example: - SubnetId: '355983' Tags: type: array items: type: object properties: Key: type: string example: example-Key Value: type: string example: example-Value example: - Key: example-Key Value: example-Value - Key: example-Key Value: example-Value example: *id007 ErrorResponse: type: object properties: ResponseStatus: type: object properties: ErrorCode: type: integer example: 869 Reason: type: string example: Blocked investigation activity firewall activity malware network on applied. example: ErrorCode: 719 Reason: Alert incident applied violation rule blocked alert violation incident suspicious suspicious.