Skip to main content
A newer release of this product is available.

Retrieve IPsec policies

Contributors

GET /security/ipsec/policies

Introduced In: 9.8

Retrieves the collection of IPsec policies.

  • security ipsec policy show

Parameters

Name Type In Required Description

local_identity

string

query

False

Filter by local_identity

authentication_method

string

query

False

Filter by authentication_method

  • Introduced in: 9.10

uuid

string

query

False

Filter by uuid

certificate.name

string

query

False

Filter by certificate.name

  • Introduced in: 9.10

certificate.uuid

string

query

False

Filter by certificate.uuid

  • Introduced in: 9.10

remote_identity

string

query

False

Filter by remote_identity

svm.uuid

string

query

False

Filter by svm.uuid

svm.name

string

query

False

Filter by svm.name

local_endpoint.port

string

query

False

Filter by local_endpoint.port

local_endpoint.address

string

query

False

Filter by local_endpoint.address

local_endpoint.family

string

query

False

Filter by local_endpoint.family

local_endpoint.netmask

string

query

False

Filter by local_endpoint.netmask

scope

string

query

False

Filter by scope

ipspace.uuid

string

query

False

Filter by ipspace.uuid

ipspace.name

string

query

False

Filter by ipspace.name

name

string

query

False

Filter by name

enabled

boolean

query

False

Filter by enabled

protocol

string

query

False

Filter by protocol

remote_endpoint.port

string

query

False

Filter by remote_endpoint.port

remote_endpoint.address

string

query

False

Filter by remote_endpoint.address

remote_endpoint.family

string

query

False

Filter by remote_endpoint.family

remote_endpoint.netmask

string

query

False

Filter by remote_endpoint.netmask

fields

array[string]

query

False

Specify the fields to return.

max_records

integer

query

False

Limit the number of records returned.

return_records

boolean

query

False

The default is true for GET calls. When set to false, only the number of records is returned.

  • Default value: 1

return_timeout

integer

query

False

The number of seconds to allow the call to execute before returning. When iterating over a collection, the default is 15 seconds. ONTAP returns earlier if either max records or the end of the collection is reached.

  • Default value: 1

  • Max value: 120

  • Min value: 0

order_by

array[string]

query

False

Order results by specified fields and optional [asc

Response

Status: 200, Ok
Name Type Description

_links

_links

error

error

num_records

integer

Number of records

records

array[records]

Example response
{
  "_links": {
    "next": {
      "href": "/api/resourcelink"
    },
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  },
  "num_records": 1,
  "records": [
    {
      "action": "string",
      "authentication_method": "string",
      "certificate": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "cert1",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "ipspace": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "exchange",
        "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
      },
      "local_endpoint": {
        "address": "10.10.10.7",
        "family": "string",
        "netmask": "24",
        "port": "23"
      },
      "local_identity": "string",
      "name": "string",
      "protocol": "17",
      "remote_endpoint": {
        "address": "10.10.10.7",
        "family": "string",
        "netmask": "24",
        "port": "23"
      },
      "remote_identity": "string",
      "scope": "string",
      "secret_key": "string",
      "svm": {
        "_links": {
          "self": {
            "href": "/api/resourcelink"
          }
        },
        "name": "svm1",
        "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
      },
      "uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
    }
  ]
}

Error

Status: Default, Error
Name Type Description

error

error

Example error
{
  "error": {
    "arguments": [
      {
        "code": "string",
        "message": "string"
      }
    ],
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

Name Type Description

next

href

self

href

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.

Name Type Description

self

href

certificate

Certificate for the IPsec policy.

Name Type Description

_links

_links

name

string

Certificate name

uuid

string

Certificate UUID

ipspace

Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input.

Name Type Description

_links

_links

name

string

IPspace name

uuid

string

IPspace UUID

local_endpoint

Local endpoint for the IPsec policy.

Name Type Description

address

string

IPv4 or IPv6 address

family

string

IPv4 or IPv6

netmask

string

Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always netmask length.

port

string

Application port to be covered by the IPsec policy

remote_endpoint

Remote endpoint for the IPsec policy.

Name Type Description

address

string

IPv4 or IPv6 address

family

string

IPv4 or IPv6

netmask

string

Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always netmask length.

port

string

Application port to be covered by the IPsec policy

svm

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

records

IPsec policy object.

Name Type Description

action

string

Action for the IPsec policy.

authentication_method

string

Authentication method for the IPsec policy.

certificate

certificate

Certificate for the IPsec policy.

enabled

boolean

Indicates whether or not the policy is enabled.

ipspace

ipspace

Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input.

local_endpoint

local_endpoint

Local endpoint for the IPsec policy.

local_identity

string

Local Identity

name

string

IPsec policy name.

protocol

string

Lower layer protocol to be covered by the IPsec policy.

remote_endpoint

remote_endpoint

Remote endpoint for the IPsec policy.

remote_identity

string

Remote Identity

scope

string

Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster".

secret_key

string

Pre-shared key for IKE negotiation.

svm

svm

uuid

string

Unique identifier of the IPsec policy.