文档首页/ 云防火墙 CFW/ API参考/ API/ VPC间防火墙管理/ 创建私网网段 - BatchCreatePrivateNetworkSegments
更新时间:2026-07-07 GMT+08:00
分享

创建私网网段 - BatchCreatePrivateNetworkSegments

功能介绍

添加私网网段的接口,添加私网网段后该网段的流量将引流到VPC防火墙防护

调用方法

请参见如何调用API

授权信息

账号具备所有API的调用权限,如果使用账号下的IAM用户调用当前API,该IAM用户需具备调用API所需的权限。

  • 如果使用角色与策略授权,具体权限要求请参见权限和授权项
  • 如果使用身份策略授权,当前API调用无需身份策略权限。

URI

POST /v2/{project_id}/firewall/{fw_instance_id}/east-west/private-network-segments/batch-create

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

参数解释

项目ID,用于明确项目归属,配置后可通过该ID查询项目下资产,可以从调API处获取,也可以从控制台获取。项目ID获取方式

约束限制

不涉及

取值范围

32位UUID

默认取值

不涉及

fw_instance_id

String

参数解释

防火墙ID,用户创建防火墙实例后产生的唯一ID,配置后可区分不同防火墙,可通过防火墙ID获取方式获取

约束限制

不涉及

取值范围

36位UUID

默认取值

不涉及

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

Content-Type

String

参数解释

响应的内容类型

约束限制

不涉及

取值范围

application/json

默认取值

不涉及

X-Auth-Token

String

参数解释

用户Token,用于携带用户身份信息,配置后可通过接口鉴权,可通过如何获取用户Token获取。

约束限制

不涉及

取值范围

不涉及

默认取值

不涉及。

表3 请求Body参数

参数

是否必选

参数类型

描述

private_network_segments

Array of PrivateNetworkSegmentVO objects

参数解释

私网网段的信息列表,用于东西向VPC防护引流

约束限制

不涉及

取值范围

不涉及

默认取值

不涉及

表4 PrivateNetworkSegmentVO

参数

是否必选

参数类型

描述

conf_id

String

参数解释

私网网段ID,可以通过调用[获取私网网段的信息]获得,通过返回值中的data.private_network_list.conf_id获得

约束限制

不涉及

取值范围

不涉及

默认取值

不涉及

protect_network

String

参数解释

私网网段,格式为:IP/Mask

约束限制

不涉及

取值范围

不涉及

默认取值

不涉及

az_info

String

参数解释

私网网段的可用区信息,如AZ1

约束限制

不涉及

取值范围

不涉及

默认取值

不涉及

subnet_name

String

参数解释

子网名称

约束限制

不涉及

取值范围

不涉及

默认取值

不涉及

响应参数

状态码:200

表5 响应Body参数

参数

参数类型

描述

data

String

参数解释

防火墙ID

取值范围

不涉及

状态码:400

表6 响应Body参数

参数

参数类型

描述

error_code

String

参数解释

错误码

取值范围

不涉及

error_msg

String

参数解释

错误描述

取值范围

不涉及

请求示例

创建东西向私网网段,项目ID为176d761dc156471c9c9b227376594160,防火墙ID为48e074e4-3b1a-448b-a17f-2fd2a12df1d2,可用区为cn-north-7a,私网地址段为10.0.0.0/8

https://{Endpoint}/v2/176d761dc156471c9c9b227376594160/firewall/48e074e4-3b1a-448b-a17f-2fd2a12df1d2/east-west/private-network-segments/batch-create

{
  "private_network_segments" : [ {
    "protect_network" : "10.0.0.0/8",
    "subnet_name" : "test",
    "az_info" : "cn-north-7a",
    "conf_id" : "27cde859-11ab-4114-a886-8d4e65f3abce"
  } ]
}

响应示例

状态码:200

更新私网网段成功,返回防火墙实例ID

{
  "data" : "48e074e4-3b1a-448b-a17f-2fd2a12df1d2"
}

状态码:400

Bad Request

{
  "error_code" : "CFW.00000008",
  "error_msg" : "系统内部错误"
}

SDK代码示例

SDK代码示例如下。

创建东西向私网网段,项目ID为176d761dc156471c9c9b227376594160,防火墙ID为48e074e4-3b1a-448b-a17f-2fd2a12df1d2,可用区为cn-north-7a,私网地址段为10.0.0.0/8

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class BatchCreatePrivateNetworkSegmentsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        BatchCreatePrivateNetworkSegmentsRequest request = new BatchCreatePrivateNetworkSegmentsRequest();
        request.withFwInstanceId("{fw_instance_id}");
        EwPrivateNetworkSegmentsDto body = new EwPrivateNetworkSegmentsDto();
        List<PrivateNetworkSegmentVO> listbodyPrivateNetworkSegments = new ArrayList<>();
        listbodyPrivateNetworkSegments.add(
            new PrivateNetworkSegmentVO()
                .withConfId("27cde859-11ab-4114-a886-8d4e65f3abce")
                .withProtectNetwork("10.0.0.0/8")
                .withAzInfo("cn-north-7a")
                .withSubnetName("test")
        );
        body.withPrivateNetworkSegments(listbodyPrivateNetworkSegments);
        request.withBody(body);
        try {
            BatchCreatePrivateNetworkSegmentsResponse response = client.batchCreatePrivateNetworkSegments(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

创建东西向私网网段,项目ID为176d761dc156471c9c9b227376594160,防火墙ID为48e074e4-3b1a-448b-a17f-2fd2a12df1d2,可用区为cn-north-7a,私网地址段为10.0.0.0/8

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = BatchCreatePrivateNetworkSegmentsRequest()
        request.fw_instance_id = "{fw_instance_id}"
        listPrivateNetworkSegmentsbody = [
            PrivateNetworkSegmentVO(
                conf_id="27cde859-11ab-4114-a886-8d4e65f3abce",
                protect_network="10.0.0.0/8",
                az_info="cn-north-7a",
                subnet_name="test"
            )
        ]
        request.body = EwPrivateNetworkSegmentsDto(
            private_network_segments=listPrivateNetworkSegmentsbody
        )
        response = client.batch_create_private_network_segments(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

创建东西向私网网段,项目ID为176d761dc156471c9c9b227376594160,防火墙ID为48e074e4-3b1a-448b-a17f-2fd2a12df1d2,可用区为cn-north-7a,私网地址段为10.0.0.0/8

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth, err := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        SafeBuild()

    if err != nil {
        fmt.Println(err)
        return
    }

    hcClient, err := cfw.CfwClientBuilder().
         WithRegion(region.ValueOf("<YOUR REGION>")).
         WithCredential(auth).
         SafeBuild()


    if err != nil {
        fmt.Println(err)
        return
    }

    client := cfw.NewCfwClient(hcClient)

    request := &model.BatchCreatePrivateNetworkSegmentsRequest{}
	request.FwInstanceId = "{fw_instance_id}"
	confIdPrivateNetworkSegments:= "27cde859-11ab-4114-a886-8d4e65f3abce"
	azInfoPrivateNetworkSegments:= "cn-north-7a"
	subnetNamePrivateNetworkSegments:= "test"
	var listPrivateNetworkSegmentsbody = []model.PrivateNetworkSegmentVo{
        {
            ConfId: &confIdPrivateNetworkSegments,
            ProtectNetwork: "10.0.0.0/8",
            AzInfo: &azInfoPrivateNetworkSegments,
            SubnetName: &subnetNamePrivateNetworkSegments,
        },
    }
	request.Body = &model.EwPrivateNetworkSegmentsDto{
		PrivateNetworkSegments: listPrivateNetworkSegmentsbody,
	}
	response, err := client.BatchCreatePrivateNetworkSegments(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

更新私网网段成功,返回防火墙实例ID

400

Bad Request

错误码

请参见错误码

相关文档