Retrieve IPsec policies
GET /security/ipsec/policies
Introduced In: 9.8
Retrieves the collection of IPsec policies.
Related ONTAP commands
-
security ipsec policy show
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
certificate.uuid |
string |
query |
False |
Filter by certificate.uuid
|
certificate.name |
string |
query |
False |
Filter by certificate.name
|
uuid |
string |
query |
False |
Filter by uuid |
remote_endpoint.address |
string |
query |
False |
Filter by remote_endpoint.address |
remote_endpoint.family |
string |
query |
False |
Filter by remote_endpoint.family |
remote_endpoint.netmask |
string |
query |
False |
Filter by remote_endpoint.netmask |
remote_endpoint.port |
string |
query |
False |
Filter by remote_endpoint.port |
scope |
string |
query |
False |
Filter by scope |
authentication_method |
string |
query |
False |
Filter by authentication_method
|
local_endpoint.address |
string |
query |
False |
Filter by local_endpoint.address |
local_endpoint.family |
string |
query |
False |
Filter by local_endpoint.family |
local_endpoint.netmask |
string |
query |
False |
Filter by local_endpoint.netmask |
local_endpoint.port |
string |
query |
False |
Filter by local_endpoint.port |
name |
string |
query |
False |
Filter by name |
local_identity |
string |
query |
False |
Filter by local_identity |
svm.uuid |
string |
query |
False |
Filter by svm.uuid |
svm.name |
string |
query |
False |
Filter by svm.name |
remote_identity |
string |
query |
False |
Filter by remote_identity |
protocol |
string |
query |
False |
Filter by protocol |
ipspace.uuid |
string |
query |
False |
Filter by ipspace.uuid |
ipspace.name |
string |
query |
False |
Filter by ipspace.name |
enabled |
boolean |
query |
False |
Filter by enabled |
fields |
array[string] |
query |
False |
Specify the fields to return. |
max_records |
integer |
query |
False |
Limit the number of records returned. |
return_records |
boolean |
query |
False |
The default is true for GET calls. When set to false, only the number of records is returned.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.
|
order_by |
array[string] |
query |
False |
Order results by specified fields and optional [asc |
Response
Status: 200, Ok
Name | Type | Description |
---|---|---|
_links |
||
error |
||
num_records |
integer |
Number of records |
records |
array[records] |
Example response
{
"_links": {
"next": {
"href": "/api/resourcelink"
},
"self": {
"href": "/api/resourcelink"
}
},
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
},
"num_records": 1,
"records": [
{
"action": "string",
"authentication_method": "string",
"certificate": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "cert1",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"ipspace": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "exchange",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"local_endpoint": {
"address": "10.10.10.7",
"family": "string",
"netmask": "24",
"port": "23"
},
"local_identity": "string",
"name": "string",
"protocol": "17",
"remote_endpoint": {
"address": "10.10.10.7",
"family": "string",
"netmask": "24",
"port": "23"
},
"remote_identity": "string",
"scope": "string",
"secret_key": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
]
}
Error
Status: Default, Error
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
next |
||
self |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |
_links
Name | Type | Description |
---|---|---|
self |
certificate
Certificate for the IPsec policy.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
Certificate name |
uuid |
string |
Certificate UUID |
ipspace
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
IPspace name |
uuid |
string |
IPspace UUID |
local_endpoint
Local endpoint for the IPsec policy.
Name | Type | Description |
---|---|---|
address |
string |
IPv4 or IPv6 address |
family |
string |
IPv4 or IPv6 |
netmask |
string |
Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always netmask length. |
port |
string |
Application port to be covered by the IPsec policy |
remote_endpoint
Remote endpoint for the IPsec policy.
Name | Type | Description |
---|---|---|
address |
string |
IPv4 or IPv6 address |
family |
string |
IPv4 or IPv6 |
netmask |
string |
Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always netmask length. |
port |
string |
Application port to be covered by the IPsec policy |
svm
SVM, applies only to SVM-scoped objects.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
records
IPsec policy object.
Name | Type | Description |
---|---|---|
action |
string |
Action for the IPsec policy. |
authentication_method |
string |
Authentication method for the IPsec policy. |
certificate |
Certificate for the IPsec policy. |
|
enabled |
boolean |
Indicates whether or not the policy is enabled. |
ipspace |
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input. |
|
local_endpoint |
Local endpoint for the IPsec policy. |
|
local_identity |
string |
Local Identity |
name |
string |
IPsec policy name. |
protocol |
string |
Lower layer protocol to be covered by the IPsec policy. |
remote_endpoint |
Remote endpoint for the IPsec policy. |
|
remote_identity |
string |
Remote Identity |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
secret_key |
string |
Pre-shared key for IKE negotiation. |
svm |
SVM, applies only to SVM-scoped objects. |
|
uuid |
string |
Unique identifier of the IPsec policy. |