Overview
This node updates an existing physical firewall rule by sending the updated configuration to a firewall management API. It is useful in scenarios where you need to programmatically modify firewall rules, such as changing access permissions, updating logging settings, or adjusting security profiles without manually editing them in the firewall interface.
Practical examples include:
- Automating security policy updates during deployment pipelines.
- Adjusting firewall rules dynamically based on detected threats or network changes.
- Integrating firewall management into broader IT automation workflows.
Properties
| Name | Meaning |
|---|---|
| Rule ID | The unique identifier of the rule to update. |
| Rule Name | The name assigned to the rule. |
| Description | A textual description explaining the purpose or details of the rule. |
| Device Group ID | Identifier for the device group to which this rule applies. |
| Action | The action to take when the rule matches traffic. Options: Allow, Deny, Drop. |
| Precedence | The priority level of the rule. Options: High, Medium, Low. |
| Log Mode | Logging behavior for the rule. Options: None, Session Start, Session End, Both. |
| IPS Profile | Name of the Intrusion Prevention System profile to apply. |
| AV Profile | Name of the Antivirus profile to apply. |
| Enabled | Whether the rule is active (true) or disabled (false). |
| Source Zone | JSON object defining source zones, e.g., {"zones": ["internal"]}. |
| Source Address | JSON object defining source addresses, e.g., {"addresses": ["192.168.1.0/24"]}. |
| Source User | JSON object defining source users, e.g., {"users": ["any"]}. |
| Destination Zone | JSON object defining destination zones, e.g., {"zones": ["external"]}. |
| Destination Address | JSON object defining destination addresses, e.g., {"addresses": ["any"]}. |
| Service | JSON object defining services, e.g., {"services": ["tcp-80"]}. |
| Application | JSON object defining applications, e.g., {"applications": ["web-browsing"]}. |
| URL Category | JSON object defining URL categories, e.g., {"categories": ["social-media"]}. |
| Schedule | JSON object defining schedules, e.g., {"schedules": ["business-hours"]}. |
Output
The node outputs a JSON object per processed item with the following structure:
success: Boolean indicating if the update was successful.message: A message from the API or a success confirmation string.id: The rule ID that was updated.name: The rule name.action: The action configured for the rule.deviceGroupId: The device group ID associated with the rule.enabled: Boolean indicating if the rule is enabled.response: The full response object returned from the API call.
If the update fails and the node is set to continue on failure, the output includes:
success: falseerror: Error message describing the failure.statusCode: HTTP status code from the failed request.response: Response body or data from the failed request.id,name: Identifiers of the rule attempted to update.
The node does not output binary data.
Dependencies
- Requires an API key credential for authenticating with the firewall management API.
- Needs the base API URL configured in the credentials.
- Uses HTTP POST requests to the endpoint
/api/pt/rule/updateon the firewall API server. - The node expects valid JSON strings for several properties; invalid JSON will cause errors.
Troubleshooting
- Invalid JSON Errors: If any JSON-configured property (e.g., Source Zone, Service) contains malformed JSON, the node throws an error specifying which field is invalid. Ensure all JSON inputs are correctly formatted.
- API Request Failures: Errors during the HTTP request to update the rule may occur due to network issues, authentication failures, or invalid data. The node logs detailed error information including HTTP status and response content.
- Continue On Fail Behavior: If enabled, the node will not stop execution on errors but will output error details for each failed item. Otherwise, it throws an error stopping the workflow.
- Missing Required Fields: All required fields must be provided; missing mandatory inputs like Rule ID or Device Group ID will cause errors.
- Logging Language Header: The request includes an "Accept-Language" header set to Vietnamese ("vi"). If this causes issues, verify API compatibility or adjust accordingly.
Links and References
- [Firewall API Documentation] (Please refer to your firewall vendor's official API documentation for details on the
/api/pt/rule/updateendpoint.) - n8n HTTP Request Node Documentation
- JSON Syntax Guide