Rollback Certificate to Firewall Profile
Before you begin
- Firewall devices must be configured in AppViewX.
- The devices should be in Managed state.
- Approval is not required: Enable this mode by setting the ‘Certificate Requests Need Approval?’ flag to false in the Certificate Policy.
- Approval is required: If the approval setting in the policy cannot be changed, users can approve specific requests by following the After you are done section.
Request Structure
| Endpoint: | /certificate/rollback |
| Type: | POST |
| Sample URL: |
To understand the elements of the sample URL, click here. |
| Headers | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory) Session Id received after login. Type: String Constraint: Required if username and password are not provided. |
| username
|
(Mandatory) AppViewX login username. Type: String Constraint: Required if sessionId is not provided. |
| password
|
(Mandatory) AppViewX login password. Type: String Constraint: Required if sessionId is not provided. |
| Content-Type
|
(Mandatory) Specifies the nature of the data in the
payload. Type: String Constraint: Value of the parameter should be ‘application/json’ |
| gwsource
|
(Mandatory) Source from which the request is triggered. (E.g.
external) Type: String |
| autoApproval
|
Indicates whether the auto-approval is needed for the
action. Type: String Constraint: Value of the parameter should be yes. |
| Payload
|
Contains all the parameters to be sent in the request body for
the POST request. Type: Payload |
Payload
| Name | Description |
|---|---|
| applicationConnectorIds | (Mandatory) Application connector ID Type: String |
Response Structure
Response returns string of type application/json with the following body parameters:
| Name | Description |
|---|---|
| response | Contains the response attributes. Type: response |
| message | Success message or failure description in case of
error. Type: String |
| appStatusCode | Application specific status code for the response. It is a
non-null value for a failure response. Type: String |
| tags | Additional information in case of failure response. |
| Name | Description |
|---|---|
| requestId | Request ID for rollback action for the application
connector Type: String |
| connectorId | Application connector ID Type: String |
Status Codes
| HTTP Code | appStatusCode | Response Message |
|---|---|---|
| 202 Accepted | NA | App connector rollback action initiated for 1 connector(s). |
| 202 Accepted | NA | Operation cannot be completed for one or more devices as the
'Resource' allocated to you does not have write
permission. Remediation: Ensure that users have access to the device. |
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason - Invalid
Credentials. Remediation: Ensure that valid username and password or valid sessionId is provided as header parameters. |
| 400 Bad Request | MANDATORY_FIELD_MISSING | Mandatory field is missing or invalid - <<field
name>> Remediation: Ensure that a valid value is provided for the <<field name>> field in the request. |
| 417 Expectation failed | FIELD_VALUE_INVALID | Invalid value - <<field name>> Remediation: Ensure that a valid value is provided for the <<field name>> field in the request. |
| 417 Expectation failed | CERT-APP-0012 | Application connector ids cannot be empty. Remediation: Please provide value for the field applicationConnectorIds. |
| 417 Expectation failed | ERR_APPLICATION_CONNECTOR_LIST_RETRIVAL | Unable to retrieve connector information. Remediation: Connector may not be available. Please provide correct value for the field applicationConnectorIds. |
| 417 Expectation failed | ERR_APP_CONNECTORS_NOT_FOUND | Application connector(s) not found. Remediation: Connector may not be available. Please provide correct value for the field applicationConnectorIds. |
| 417 Expectation failed | ERR_INITIALIZE_ROLLBACK_REQUEST | Unable to initialize rollback request. |
| 417 Expectation Failed | ERR_ROLLBACK_INELIGIBLE | Push not triggered or succeeded or No existing data available for
backup process Remediation: Push and bind certificate before rollback. |
| 500 Internal Server Error | avx-common-011 | Error while processing |
Sample Request/Response
{
"applicationConnectorIds": [ "xx.xxx:@clientssl-insecure-compatible:@Common:@c46ec8a04da701721159ce0c3cf772367ade58cb" ]
}{
"response": [
{
"requestId": "386",
"connectorId": "panorama:@:@panorama:@panorama:@SSL/TLS Profile:@multiple_ssl_tls_service_profile_1:@cb162ef65e0ae8c4bdfd37b24d4d1bd7624be78d"
}
],
"message": "App connector rollback action initiated for 1 connector(s).",
"appStatusCode": null,
"tags": {},
"headers": null
}
References
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: execute-hook
- gwsource: Source or origin of a gateway, for example: external.
