Manage Rulestacks
Rulestacks defines access control (App-ID, URL Filtering) and threat prevention behavior of Cloud NGFW resources.
A Cloud NGFW resource uses your rulestack definitions to protect the traffic by a two-step process. First, it enforces your rules on the to allow or deny your traffic. Second, it performs content inspection on the allowed traffic based on what you specify on the Security Profiles.
A rulestack includes a set of security rules, associated objects, and profiles.
Permission Policies
| Action | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator |
|---|---|---|---|
| Create a Rulestack | ☐ | ☑ | ☑ |
| Delete a Rulestack | ☐ | ☑ | ☑ |
| Describe a Rulestack | ☑ | ☑ | ☑ |
| List Rulestacks | ☑ | ☑ | ☑ |
| Update a Rulestack | ☐ | ☑ | ☑ |
| List Security Rule Lists | ☑ | ☑ | ☑ |
List rulestack metadata
Retrieve the metadata of rulestacks. Query rulestacks by tags using the format `/v1/config/rulestacks?tags=<string>` to list rulestacks where the tag name starts with the specified string. DynamoDB supports this command and should be implemented as a library.
Create rulestack resource
Create a global or local rulestack. Global role permissions apply only to global rulestacks, while local role permissions apply only to local rulestacks.
Delete rulestack resource
Delete a specific rulestack.
Retrieve rulestack resource
Retrieve the configuration data for a specific rulestack.
Update rulestack configuration
Modify the rulestack configuration. Note that you cannot update the rulestack scope.
Describe commit status for a RuleStack
View the commit status of a specified rulestack.
Commit a RuleStack
Commit a specified rulestack.
Revert a RuleStack
Revert all uncommitted changes for a specified rulestack.
Validate a RuleStack
Validate a rulestack after commit.