Update an IPsec policy
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
PATCH /security/ipsec/policies/{uuid}
Introduced In: 9.8
Updates a specific IPsec policy.
Related ONTAP commands
-
security ipsec policy modify
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
uuid |
string |
path |
True |
IPsec policy UUID |
Request Body
Name | Type | Description |
---|---|---|
action |
string |
Action for the IPsec policy. |
authentication_method |
string |
Authentication method for the IPsec policy. |
certificate |
Certificate for the IPsec policy. |
|
enabled |
boolean |
Indicates whether or not the policy is enabled. |
ipspace |
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input. |
|
local_endpoint |
Local endpoint for the IPsec policy. |
|
local_identity |
string |
Local Identity |
name |
string |
IPsec policy name. |
protocol |
string |
Lower layer protocol to be covered by the IPsec policy. |
remote_endpoint |
Remote endpoint for the IPsec policy. |
|
remote_identity |
string |
Remote Identity |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
secret_key |
string |
Pre-shared key for IKE negotiation. |
svm |
SVM, applies only to SVM-scoped objects. |
|
uuid |
string |
Unique identifier of the IPsec policy. |
Example request
{
"action": "string",
"authentication_method": "string",
"certificate": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "string",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"ipspace": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "Default",
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
},
"local_endpoint": {
"address": "10.10.10.7",
"family": "string",
"netmask": "24",
"port": "23"
},
"local_identity": "string",
"name": "string",
"protocol": "17",
"remote_endpoint": {
"address": "10.10.10.7",
"family": "string",
"netmask": "24",
"port": "23"
},
"remote_identity": "string",
"scope": "string",
"secret_key": "string",
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"uuid": "1cd8a442-86d1-11e0-ae1c-123478563412"
}
Response
Status: 200, Ok
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
66257097 |
Internal error. Failed to update the IPsec policy. |
66257099 |
Only one protocol can be specified. |
66257100 |
Only one local port can be specified. |
66257101 |
Only one remote port can be specified. |
66257110 |
Failed to create a policy sequencing value. |
66257113 |
Only one local IP subnet can be specified. |
66257114 |
Only one remote IP subnet can be specified. |
66257115 |
Port ranges containing more than one port are not supported. |
66257120 |
The subnet selector must be a host address (An IPv4 address with a 32-bit netmask or an IPv6 address with a 128-bit netmask). |
66257125 |
The local_endpoint.address must be specified with local_endpoint.netmask. |
66257126 |
The remote_endpoint.address must be specified with remote_endpoint.netmask. |
66257127 |
The local subnet must be configured as a non-zero subnet. |
66257128 |
Invalid ANY wildcard subnet. |
66257129 |
A specific local or remote port number is required when the remote subnet is configured as an ANY wildcard subnet. |
66257131 |
ESP in UDPv6 Encapsulation is not supported. |
66257135 |
The specified certificate is not found on the SVM. |
66257136 |
A certificate is not needed for the PSK authentication method. |
66257138 |
Remote identity is required when using certificate verification. |
66257139 |
Certificate with the specified UUID was not found. |
66257140 |
Only certificates with a client or server type are supported. |
66257142 |
Failed to create IPsec policy because the specified SVM is being migrated. |
66257143 |
Invalid IPsec policy provided. The subnet must be non-empty. |
66257199 |
Not all of the nodes in the cluster are running a version that supports the IPsec feature. |
66257200 |
The shared key does not meet required ASCII-range characters length. |
66257201 |
Support for the feature available with effective cluster version or later. |
66257305 |
The certificate UUID does not match the provided certificate name. |
Also see the table of common errors in the Response body overview section of this documentation.
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
certificate
Certificate for the IPsec policy.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
Certificate name |
uuid |
string |
Certificate UUID |
ipspace
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
IPspace name |
uuid |
string |
IPspace UUID |
local_endpoint
Local endpoint for the IPsec policy.
Name | Type | Description |
---|---|---|
address |
string |
IPv4 or IPv6 address |
family |
string |
IPv4 or IPv6 |
netmask |
string |
Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always the netmask length. |
port |
string |
Application port to be covered by the IPsec policy |
remote_endpoint
Remote endpoint for the IPsec policy.
Name | Type | Description |
---|---|---|
address |
string |
IPv4 or IPv6 address |
family |
string |
IPv4 or IPv6 |
netmask |
string |
Input as netmask length (16) or IPv4 mask (255.255.0.0). For IPv6, the default value is 64 with a valid range of 1 to 127. Output is always the netmask length. |
port |
string |
Application port to be covered by the IPsec policy |
svm
SVM, applies only to SVM-scoped objects.
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
ipsec_policy
IPsec policy object.
Name | Type | Description |
---|---|---|
action |
string |
Action for the IPsec policy. |
authentication_method |
string |
Authentication method for the IPsec policy. |
certificate |
Certificate for the IPsec policy. |
|
enabled |
boolean |
Indicates whether or not the policy is enabled. |
ipspace |
Applies to both SVM and cluster-scoped objects. Either the UUID or name may be supplied on input. |
|
local_endpoint |
Local endpoint for the IPsec policy. |
|
local_identity |
string |
Local Identity |
name |
string |
IPsec policy name. |
protocol |
string |
Lower layer protocol to be covered by the IPsec policy. |
remote_endpoint |
Remote endpoint for the IPsec policy. |
|
remote_identity |
string |
Remote Identity |
scope |
string |
Set to "svm" for interfaces owned by an SVM. Otherwise, set to "cluster". |
secret_key |
string |
Pre-shared key for IKE negotiation. |
svm |
SVM, applies only to SVM-scoped objects. |
|
uuid |
string |
Unique identifier of the IPsec policy. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |