Overview
This node, named "Create New Rule," is designed to create a new physical firewall rule in a specified device group via an API. It allows users to define detailed rule parameters such as source/destination zones and addresses, services, applications, logging modes, and security profiles. This node is beneficial for automating firewall policy management, enabling network administrators to programmatically add rules without manual intervention in the firewall management console.
Practical examples:
- Automatically adding access control rules based on dynamic business requirements.
- Integrating firewall rule creation into CI/CD pipelines for network infrastructure.
- Enabling scheduled or event-driven updates to firewall policies.
Properties
| Name | Meaning |
|---|---|
| Rule Name | The name of the firewall rule to be created. |
| Description | A textual description explaining the purpose or details of the rule. |
| Device Group ID | Identifier of the device group where the rule will be applied. |
| Action | The action the rule enforces: Allow, Deny, or Drop traffic matching the rule. |
| Precedence | Priority level of the rule: High, Medium, or Low. |
| Log Mode | Logging behavior for the rule: None, Session Start, Session End, or Both. |
| IPS Profile | Name of the Intrusion Prevention System profile to apply. |
| AV Profile | Name of the Antivirus profile to apply. |
| Enabled | Boolean flag indicating whether the rule is active/enabled. |
| Position | Numeric position of the rule within the policy (0 or higher). |
| Source Zone | JSON object defining source zones, e.g., {"zones": ["internal"]}. |
| Source Address | JSON object defining source addresses, e.g., {"addresses": ["192.168.1.0/24"]}. |
| Source User | JSON object defining source users, e.g., {"users": ["any"]}. |
| Destination Zone | JSON object defining destination zones, e.g., {"zones": ["external"]}. |
| Destination Address | JSON object defining destination addresses, e.g., {"addresses": ["any"]}. |
| Service | JSON object defining services, e.g., {"services": ["tcp-80"]}. |
| Application | JSON object defining applications, e.g., {"applications": ["web-browsing"]}. |
| URL Category | JSON object defining URL categories, e.g., {"categories": ["social-media"]}. |
| Schedule | JSON object defining schedules, e.g., {"schedules": ["business-hours"]}. |
Output
The node outputs an array of JSON objects, each representing the result of attempting to create a rule for each input item. Each output item contains:
success: Boolean indicating if the rule creation succeeded.id: The unique identifier of the created rule (present if successful).name: The name of the rule.action: The action assigned to the rule.deviceGroupId: The device group ID where the rule was created.enabled: Whether the rule is enabled.response: The full response object returned by the API upon successful creation.
If the creation fails and the node is set to continue on failure, the output includes:
success: falseerror: Error message string.statusCode: HTTP status code from the failed request.response: Response body or data from the failed request.name: The attempted rule name.
The node does not output binary data.
Dependencies
- Requires an API key credential for authenticating with the firewall management API.
- Needs the base API URL configured in the credentials.
- Uses HTTP POST requests to the endpoint
/api/pt/ruleon the configured API server. - Requires proper permissions on the API to create firewall rules.
Troubleshooting
- Invalid JSON in configuration fields: The node expects valid JSON strings for properties like Source Zone, Source Address, etc. If invalid JSON is provided, it throws an error specifying which field is malformed. Ensure all JSON inputs are correctly formatted.
- API request failures: Errors during the HTTP request to create the rule include status codes and response bodies. Common causes:
- Authentication issues: Verify the API key credential is correct and has necessary permissions.
- Invalid or missing required fields: Check that all mandatory properties are provided and valid.
- Network connectivity problems: Ensure the n8n instance can reach the API endpoint.
- Continue on Fail setting: If enabled, the node will not stop execution on errors but will report them in the output. Otherwise, it throws an error stopping the workflow.
- Logging: The node logs info messages when creating rules and error messages on failures, which can help diagnose issues.
Links and References
- [Firewall API Documentation] (Please refer to your firewall vendor's official API docs for detailed information about the
/api/pt/ruleendpoint and rule schema.) - n8n HTTP Request Node Documentation
- JSON Syntax Guide