-
Notifications
You must be signed in to change notification settings - Fork 21
TrustSec configuration
alei121 edited this page Jun 8, 2017
·
12 revisions
This provides information for TrustSec configuration.
Name | Description | Example |
---|---|---|
restBaseUrl | https://ise-host1:8910/pxgrid/ise/config/trustsec | |
wsPubsubService | com.cisco.ise.pubsub | |
securityGroupTopic | /topic/com.cisco.ise.config.trustsec.security.group |
{
// Returns all if ID not specified
"id": string (optional)
}
{
"securityGroups": [
array of securityGroup object
]
}
{
// Returns all if ID not specified
"id": string (optional)
}
{
"securityGroupAcls": [
array of securityGroupAcl object
]
}
{
}
{
"egressPolicies": [
array of egressPolicy object
]
}
{
}
{
"egressMatrices": [
array of egressMatrix object
]
}
{
"operation": operation type,
"securityGroup": securityGroup object
}
"operation" type one of the following strings:
- CREATE
- UPDATE
- DELETE
Name | Type | Description |
---|---|---|
id | string | |
name | string | |
description | string | |
tag | integer |
Name | Type | Description |
---|---|---|
id | String | SGACL ID |
name | String | |
description | String | |
ipVersion | String | IPV4 or IPV6 |
acl | String | |
generationId | String |
Name | Type | Description |
---|---|---|
id | string | |
name | string | |
matrixId | string | Matrix this policy belongs to |
status | string | ENABLE,MONITOR |
description | string | |
sourceSecurityGroupId | string | |
destinationSecurityGroupId | string | |
sgaclIds | array of strings | IDs of the SGACLs being used |
Name | Type | Description |
---|---|---|
id | string | |
name | string | |
description | string | |
monitorAll | boolean |
{
"securityGroups": [{
"id": "92adf9f0-8c01-11e6-996c-525400b48521",
"name": "Unknown",
"description": "Unknown Security Group",
"tag": 0
}, {
"id": "92bb1950-8c01-11e6-996c-525400b48521",
"name": "ANY",
"description": "Any Security Group",
"tag": 65535
}, {
"id": "934557f0-8c01-11e6-996c-525400b48521",
"name": "Auditors",
"description": "Auditor Security Group",
"tag": 9
}]
}
{
"securityGroupAcls": [{
"id": "92919850-8c01-11e6-996c-525400b48521",
"name": "Deny IP",
"description": "Deny IP SGACL",
"ipVersion": "IPV4",
"acl": "deny ip",
"generationId": "0"
}, {
"id": "92951ac0-8c01-11e6-996c-525400b48521",
"name": "Permit IP",
"description": "Permit IP SGACL",
"ipVersion": "IPV4",
"acl": "permit ip",
"generationId": "0"
}]
}
{
"egressPolicies": [{
"id": "92c1a900-8c01-11e6-996c-525400b48521",
"name": "ANY-ANY",
"description": "Default egress rule",
"status": "ENABLED",
"sourceSecurityGroupId": "92bb1950-8c01-11e6-996c-525400b48521",
"destinationSecurityGroupId": "92bb1950-8c01-11e6-996c-525400b48521",
"sgaclIds": ["92951ac0-8c01-11e6-996c-525400b48521"],
"matrixId": "9fa3a33a-329e-43cb-a4cf-7bd38df16e7b"
}, {
"id": "8edb3f11-373f-11e7-bc34-0242ae4776c4",
"name": "BYOD-Auditors",
"status": "ENABLED",
"sourceSecurityGroupId": "935d4cc0-8c01-11e6-996c-525400b48521",
"destinationSecurityGroupId": "934557f0-8c01-11e6-996c-525400b48521",
"sgaclIds": ["130b3d00-36df-11e7-bc34-0242ae4776c4"],
"matrixId": "9fa3a33a-329e-43cb-a4cf-7bd38df16e7b"
}, {
"id": "640add50-36df-11e7-bc34-0242ae4776c4",
"name": "Auditors-BYOD",
"description": "test1",
"status": "ENABLED",
"sourceSecurityGroupId": "934557f0-8c01-11e6-996c-525400b48521",
"destinationSecurityGroupId": "935d4cc0-8c01-11e6-996c-525400b48521",
"sgaclIds": ["92919850-8c01-11e6-996c-525400b48521"],
"matrixId": "9fa3a33a-329e-43cb-a4cf-7bd38df16e7b"
}]
}
{
"egressMatrices": [{
"id": "9fa3a33a-329e-43cb-a4cf-7bd38df16e7b",
"name": "Production",
"monitorAll": false
}, {
"id": "f58b05eb-04ab-4283-8b13-998eda207147",
"name": "TestMatrix",
"description": "Test Matrix only",
"monitorAll": false
}]
}