List all Appliances visible to current user.
Query string to filter the result list. It's used for various fields depending on the object type. Send multiple query parameters to make the queries more specific.
'Range string to limit the result list. Format: -. 3-10 means the items between the (including) 3rd and the 10th will be returned. Defaults to all objects.'
The field name to sort the result list. Supported fields vary from object to object. Defaults to certain field depending on the object type.
Whether the sorting is applied descending or ascending. Defaults to certain field depending on the object type.
Filters the result list by the given field and value. Supported fields vary from API to API. The filters can be combined with each other as well as the generic query parameter. The given value is checked for inclusion.
List of Appliances.
The range applied to the list. Format: -/. 3-5/8 means, out of 8 count (query affects the total), the items between (including) the 3rd and the 5th are returned.
The field name used to sort the list.
Whether the sorting is applied descending or ascending.
The queries applied to the list.
The total readable count of entities. Not influenced by the query.
The filters applied to the list.
The field name the filter is applied to.
The value used for comparison.
List of Appliances.
ID of the object.
Name of the object.
Notes for the object. Used for documentation purposes.
Create date.
Last update date.
Array of tags.
Whether the Appliance is activated or not. If it is not activated, it won't be accessible by the Clients.
Whether the Appliance is pending certificate renewal or not. Should be true for a very short period on certificate renewal.
Peer version of the Appliance.
Hostname of the Appliance. It's used by other Appliances to communicate with and identify this Appliances. Set it to "automatic.hostname.assignment" for cloud appliances in order for it to automatically configure the hostname on activation.
Site assigned to the Appliance.
Name of the Site for this Appliance. For convenience only.
Customization assigned to this Appliance.
The details of the Client connection interface.
To enable/disable Proxy protocol on this Appliance.
Hostname to connect by the Clients. It will be used to validate the Appliance Certificate. Set it to "automatic.hostname.assignment" for cloud appliances in order for it to automatically configure the hostname on activation.
Load hostname that would take effect with Local Site Detection feature.
Port to connect for the Client specific services.
Port to connect for the Clients that connects to vpnd on DTLS if enabled.
Port to connect for STUN/TURN services.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Override SPA mode for this appliance.
The details of the admin connection interface. Required on Controllers and LogServers.
Hostname to connect to the admin interface. This hostname will be used to validate the appliance certificate. Set it to "automatic.hostname.assignment" for cloud appliances in order for it to automatically configure the hostname on activation.
Port to connect for admin services.
The type of TLS ciphers to allow. See: https://www.openssl.org/docs/man1.0.2/apps/ciphers.html for all supported ciphers.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
PKCS12 object with X.509 certificate and private key.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Subject name of the certificate in the file.
Networking configuration of the system.
/etc/hosts configuration
Hostname to map IP to.
IP for the given hostname for appliance to resolve.
System NIC configuration
Whether the NIC is active or not.
NIC name
IPv4 settings for this NIC.
IPv4 DHCP configuration for the NIC.
Whether DHCP for IPv4 is enabled.
Whether to use DHCP for setting IPv4 DNS settings on the appliance.
Whether to use DHCP for setting IPv4 default gateway on the appliance.
Whether to use DHCP for setting NTP on the appliance.
Whether to use DHCP for setting MTU on the appliance.
IPv4 static NIC configuration for the NIC.
IPv4 Address of the network interface.
Netmask of the network interface.
Enable SNAT on this IP.
Virtual IP to use for IPv4.
IPv6 settings for this NIC.
IPv6 DHCP configuration for the NIC.
Whether DHCP for IPv6 is enabled.
Whether to use DHCP for setting IPv6 DNS settings on the Appliance.
Whether to use DHCP for setting NTP on the appliance.
Whether to use DHCP for setting MTU on the appliance.
IPv6 static NIC configuration for the NIC.
IPv6 Address of the network interface.
Netmask of the network interface.
Enable SNAT on this IP.
Virtual IP to use for IPv6.
MTU setting for the NIC. If left empty, appliance default will be used.
DNS Server addresses.
System route settings.
Address to route.
Netmask for the subnet to route.
Gateway to use for routing.
NIC name to use for routing.
NTP configuration.
NTP server.
Hostname or IP of the NTP server.
Type of key to use for secure NTP communication.
Identifier number for the key.
SSH server configuration.
Whether the SSH Server is enabled on this appliance or not.
SSH port.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Whether SSH allows password authentication or not.
SNMP Server configuration.
Whether the SNMP Server os enabled on this appliance or not.
TCP port for SNMP Server.
UDP port for SNMP Server.
Raw SNMP configuration.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Healthcheck Server configuration.
Whether the Healthcheck Server is enabled on this appliance or not.
Port to connect for Healthcheck Server.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Prometheus Exporter configuration.
Whether the Prometheus Exporter is enabled on this appliance or not.
Port to connect for Prometheus Exporter.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Whether to use HTTP or HTTPS for the exporter.
PKCS12 object with X.509 certificate and private key.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Subject name of the certificate in the file.
Enable basic auth for Prometheus Exporter.
Basic auth users.
List of labels to filter out.
Rules for allowing ping.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Log Server settings. Log Server collects audit logs from all the appliances and stores them.
Whether the Log Server is enabled on this appliance or not.
How many days of audit logs will be kept.
Controller settings.
Whether the Controller is enabled on this appliance or not. Cannot be enabled on an inactive Appliance since some checks need to be done first.
Gateway settings.
Whether the Gateway is enabled on this appliance or not.
Whether the Gateway is in suspended mode or not. Suspended state will keep the existing Client connections but will reject new ones.
VPN configuration.
Load balancing weight.
Load balancing weight that would take effect with Local Site Detection feature.
Destinations to allow tunnels to.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
LogForwarder settings. LogForwarder collects audit logs from the appliances in the given sites and sends them to the given endpoints.
Whether the LogForwarder is enabled on this appliance or not.
AWS ID to login. Only required if AWS Access Keys are being used to authenticate.
AWS region. Only required if AWS Access Keys are being used to authenticate.
Whether to use the credentials from the AWS instance or not.
The URL of the elasticsearch server.
Optional field to enable log retention on the configured AWS elasticsearch. Defines how many days the audit logs will be kept.
Which version of Elasticsearch that logs are forwarded to.
Optional authentication settings used when sending logs to an elasticsearch instance.
The type of authentication to use.
TCP endpoints to connect and send the audit logs with the given format.
Name of the endpoint.
Hostname or the IP address of the endpoint.
Port of the endpoint.
The format to send the audit logs.
Whether to use TLS to connect to endpoint or not. If enabled, make sure the LogForwarder appliance trusts the certificate of the endpoint.
JMESPath expression to filter audit logs to forward.
AWS Kinesis endpoints to connect and send the audit logs with the given format.
AWS ID to login. Only required if AWS Access Keys are being used to authenticate.
AWS region. Only required if AWS Access Keys are being used to authenticate.
Whether to use the credentials from the AWS instance or not.
AWS Kinesis type
Name of the stream.
Batch size for the stream. Used only for "Stream" type.
Number of partition keys to use for the stream. Used only for "Stream" type.
JMESPath expression to filter audit logs to forward.
SumoLogic endpoints to connect and send the audit logs to.
URL of the Sumo Logic collector to connect to.
Splunk endpoints to connect and send the audit logs to.
URL of the Splunk collector to connect to.
Azure Monitor endpoints to connect and send the audit logs to.
App ID to use for authentication.
URL for Azure Monitor to request token from.
URL of Azure Monitor to forward logs to.
Scope that the log forwarder will use in its tokens requests.
Falcon LogScale endpoints to connect and send the audit logs to.
URL of the Falcon LogScale collector.
Optional name of the repository to ingest into.
Translated to #type inside Humio. If set, this is used to choose which Humio parser to use for extracting fields.
Translated to the @source field in Humio.
Datadog endpoints to connect and send the audit logs to.
Datadog site to send logs to.
Source to use for the logs.
Tags to add to the logs.
Coralogix endpoints to connect and send the audit logs to.
URL of the Coralogix collector to connect to.
UUID of the Coralogix collector to connect to.
Application name to use for the logs.
Subsystem name to use for the logs.
The sites to collect logs from and forward.
UUID of a site. Use '6f6fa9d9-17b2-4157-9f68-e97662acccdf' to collect logs from all the appliances. Use '6263435b-c9f6-4b7f-99f8-37e2e6b006a9' to collect logs from appliances without a site.
Metrics Aggregator settings. It collects metrics from the appliances in the given sites and provides Prometheus APIs for consumption.
Whether the Metrics Aggregator is enabled on this appliance or not.
Prometheus Exporter configuration.
Whether the Prometheus Exporter is enabled on this appliance or not.
Port to connect for Prometheus Exporter.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Whether to use HTTP or HTTPS for the exporter.
PKCS12 object with X.509 certificate and private key.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Subject name of the certificate in the file.
Enable basic auth for Prometheus Exporter.
Basic auth users.
List of labels to filter out.
The sites to collect metrics from.
UUID of a site. Use '6f6fa9d9-17b2-4157-9f68-e97662acccdf' to collect logs from all the appliances. Use '6263435b-c9f6-4b7f-99f8-37e2e6b006a9' to collect logs from appliances without a site.
Connection Broker settings.
Whether the Connection Broker is enabled on this appliance or not.
The sites to broker connections for.
UUID of a site. Use '6f6fa9d9-17b2-4157-9f68-e97662acccdf' to broker connections for all the appliances. Use '6263435b-c9f6-4b7f-99f8-37e2e6b006a9' to broker connections for appliances without a site.
Connector settings.
Whether the Connector is enabled on this appliance or not.
A list of Clients to run on the appliance with the given configuration. The Clients will get the necessary tokens automatically according to the Site assigned to this Appliance. Currently only one allowed.
Name for the Client. It will be mapped to the user claim 'clientName'.
The device ID to assign to this Client. It will be used to generate device distinguished name.
A list of subnets to allow access.
IP address
netmask
Use SNAT for outgoing traffic from the Express Connector, endpoints will see traffic as coming from the Connector itself
Apply destination NAT to traffic from tunnel into a resource
A list of Clients to run on the appliance with the given configuration. Requires manual Policy configuration.
Name for the Client. It will be mapped to the user claim 'clientName'.
The device ID to assign to this Client. It will be used to generate device distinguished name.
Source configuration to allow via iptables.
IP address to allow connection.
Netmask to use with address for allowing connections.
NIC name to accept connections on.
Use Source NAT for the Client tunnel.
Use Source NAT for the resources.
Apply destination NAT to traffic from tunnel into a resource
Use this connector client as a default gw for local resources
Enable DHCP relay for this Connector.
DHCP servers to relay.
IPv4 address.
Portal settings.
Whether the Portal is enabled on this appliance or not.
PKCS12 object with X.509 certificate and private key.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Subject name of the certificate in the file.
Automatic 80->443 redirection for Portal.
Ports that can be proxied via Portal.
P12 files for proxying traffic to HTTPS endpoints.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Subject name of the certificate in the file.
Portal will verify upstream certificate of the endpoints.
Names of the profiles in this Collective to use in the Portal.
Profiles from other Collectives to use in the Portal.
Identifier to track the object on update since all the other fields are write-only. A random one will be assigned if left empty.
Hostname parsed from the given URL.
Profile name parsed from the given URL.
Visual customizations to make on the Portal sign-in page.
Changes the background color on the sign-in page. In hexadecimal format.
Changes the background image on the sign-in page. Must be in PNG, JPEG or GIF format.
Changes the logo on the sign-in page. Must be in PNG, JPEG or GIF format.
Adds a text to the sign-in page.
Changes the text color on the sign-in page. In hexadecimal format.
If enabled and the user lands on the Portal sign-in page by entering an endpoint URL on the browser, it will be redirected to the endpoint automatically after successfully signing in instead of the Portal Client overview page.
Rsyslog destination settings to forward appliance logs.
Rsyslog selector.
Rsyslog template to forward logs with.
Rsyslog server destination.
Hostname aliases. They are added to the Appliance certificate as Subject Alternative Names so it is trusted using different IPs or hostnames. Requires manual certificate renewal to apply changes to the certificate.
Token error. Login again.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Insufficient permissions to access this resource.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Invalid 'Accept' header.
Generic HTTP error.
Machine readable error code.
Human readable error details.
Unexpected server side error.
Generic HTTP error.
Machine readable error code.
Human readable error details.