Creating a Firewall_Cloud Firewall

Function

This API is used to create a firewall.

Calling Method

For details, see Calling APIs.

URI

POST /v2/{project_id}/firewall

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID, which can be obtained by calling an API or from the console. For details, see Obtaining a Project ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. You can obtain the token by referring to Obtaining a User Token.
X-Client-Token	No	String	Identifier that ensures idempotency of client requests. It is a 32-bit UUID and is generated by the client. The value must be unique.

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
name	Yes	String	Firewall name.
enterprise_project_id	No	String	Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0.
tags	No	Array of tags objects	List of service resource tags. After tags are added to firewall resources, you can query resources and combine CDRs by key and value.
flavor	Yes	flavor object	Firewall specifications.
charge_info	Yes	charge_info object	Billing type, which can be yearly/monthly or pay-per-use (default setting).

**Table 4** tags
Parameter	Mandatory	Type	Description
key	No	String	Resource tag key.
value	No	String	Resource tag value.

**Table 5** flavor
Parameter	Mandatory	Type	Description
version	Yes	String	Firewall edition. If charge_mode is set to prePaid, only the professional edition is supported. If charge_mode is set to postPaid, the standard and professional editions are supported. Enumeration values: Standard Professional
extend_eip_count	No	Integer	Number of EIPs to be added. This parameter takes effect only in the yearly/monthly billing mode. Set this parameter when you need to increase protected EIPs.
extend_bandwidth	No	Integer	Added bandwidth. The increment step is 5. This parameter takes effect only in yearly/monthly billing mode. Set this parameter when you need to increase protected bandwidth.
extend_vpc_count	No	Integer	Number of VPCs to be added. This parameter takes effect only in the yearly/monthly billing mode. Set this parameter when you need to increase protected VPCs.

**Table 6** charge_info
Parameter	Mandatory	Type	Description
charge_mode	Yes	String	Billing mode. Enumeration values: prePaid (yearly/monthly) postPaid (pay-per-use)
period_type	No	String	Subscription period. Enumeration values: month year Note: This parameter is valid and mandatory when charge_mode is set to prePaid.
period_num	No	Integer	Subscription time. This parameter is valid and mandatory only when charge_mode is set to prePaid. Enumeration values: If period_type is set to month, the parameter value ranges from integer 1 to 9. If period_type is set to year, the parameter value ranges from integer 1 to 3.
is_auto_renew	Yes	Boolean	Whether automatic renewal is enabled for yearly/monthly instances. The renewal period is the same as the original period and the order will be automatically paid during the subscription renewal. Enumeration values: true (Automatic renewal enabled.) false (Default. Automatic renewal disabled.)
is_auto_pay	Yes	Boolean	Whether an order will be automatically paid after yearly/monthly CFW instances are created. This parameter does not affect the payment mode of automatic renewal. Enumeration values: true: The order will be automatically paid. (Discounts and coupons are automatically selected. The fee will be automatically deducted from your Huawei Cloud account.) If the automatic payment fails, an unpaid order will be generated, and you need to manually complete the payment. (During manual payment, you can still modify the discounts and coupons that were automatically selected.) false: The order will be manually paid. This is the default value. (You need to manually pay for the bill. Discounts and coupons can be used.)

Response Parameters

Status code: 200

**Table 7** Response body parameters
Parameter	Type	Description
job_id	String	Instance creation task ID. This parameter is returned only when pay-per-use instances are created.
order_id	String	Order ID. This parameter is returned only when yearly/monthly instances are created.
data	CreateFirewallReq object	Request body for creating a firewall.

**Table 8** CreateFirewallReq
Parameter	Type	Description
name	String	Firewall name.
enterprise_project_id	String	Enterprise project ID, which is the ID of a project planned based on organizations. You can obtain the enterprise project ID by referring to Obtaining an Enterprise Project ID. If the enterprise project function is not enabled, the value is 0.
tags	Array of tags objects	List of service resource tags. After tags are added to firewall resources, you can query resources and combine CDRs by key and value.
flavor	flavor object	Firewall specifications.
charge_info	charge_info object	Billing type, which can be yearly/monthly or pay-per-use (default setting).

**Table 9** tags
Parameter	Type	Description
key	String	Resource tag key.
value	String	Resource tag value.

**Table 10** flavor
Parameter	Type	Description
version	String	Firewall edition. If charge_mode is set to prePaid, only the professional edition is supported. If charge_mode is set to postPaid, the standard and professional editions are supported. Enumeration values: Standard Professional
extend_eip_count	Integer	Number of EIPs to be added. This parameter takes effect only in the yearly/monthly billing mode. Set this parameter when you need to increase protected EIPs.
extend_bandwidth	Integer	Added bandwidth. The increment step is 5. This parameter takes effect only in yearly/monthly billing mode. Set this parameter when you need to increase protected bandwidth.
extend_vpc_count	Integer	Number of VPCs to be added. This parameter takes effect only in the yearly/monthly billing mode. Set this parameter when you need to increase protected VPCs.

**Table 11** charge_info
Parameter	Type	Description
charge_mode	String	Billing mode. Enumeration values: prePaid (yearly/monthly) postPaid (pay-per-use)
period_type	String	Subscription period. Enumeration values: month year Note: This parameter is valid and mandatory when charge_mode is set to prePaid.
period_num	Integer	Subscription time. This parameter is valid and mandatory only when charge_mode is set to prePaid. Enumeration values: If period_type is set to month, the parameter value ranges from integer 1 to 9. If period_type is set to year, the parameter value ranges from integer 1 to 3.
is_auto_renew	Boolean	Whether automatic renewal is enabled for yearly/monthly instances. The renewal period is the same as the original period and the order will be automatically paid during the subscription renewal. Enumeration values: true (Automatic renewal enabled.) false (Default. Automatic renewal disabled.)
is_auto_pay	Boolean	Whether an order will be automatically paid after yearly/monthly CFW instances are created. This parameter does not affect the payment mode of automatic renewal. Enumeration values: true: The order will be automatically paid. (Discounts and coupons are automatically selected. The fee will be automatically deducted from your Huawei Cloud account.) If the automatic payment fails, an unpaid order will be generated, and you need to manually complete the payment. (During manual payment, you can still modify the discounts and coupons that were automatically selected.) false: The order will be manually paid. This is the default value. (You need to manually pay for the bill. Discounts and coupons can be used.)

Status code: 400

**Table 12** Response body parameters
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error description.

Example Requests

The customer whose project ID is 124147da-5b08-471a-93d2-bc82acc290c6 subscribes to the standard firewall. The firewall name is CFW-Test, the enterprise project ID is 0, the resource tag is a key-value pair, the key is TagKey, the value is TagValue, the added number of protected EIPs is 2000, the added protection bandwidth is 5000 Mbit/s, and the added number of protected VPCs is 100. The yearly/monthly billing mode is used. Auto-renewal and auto-payment are enabled. The usage duration is one month.

https://{Endpoint}/v2/124147da-5b08-471a-93d2-bc82acc290c6/firewall

{
  "name" : "CFW-TEST",
  "enterprise_project_id" : "0",
  "tags" : [ {
    "key" : "TagKey",
    "value" : "TagVal"
  } ],
  "flavor" : {
    "version" : "standard",
    "extend_eip_count" : 2000,
    "extend_bandwidth" : 5000,
    "extend_vpc_count" : 100
  },
  "charge_info" : {
    "charge_mode" : "prePaid",
    "period_type" : "month",
    "period_num" : 1,
    "is_auto_renew" : true,
    "is_auto_pay" : true
  }
}

Example Responses

Status code: 200

Information returned when the firewall is purchased successfully.

{
  "data" : {
    "charge_info" : {
      "charge_mode" : "prePaid",
      "is_auto_pay" : true,
      "is_auto_renew" : true,
      "period_num" : 1,
      "period_type" : "month"
    },
    "enterprise_project_id" : "0",
    "flavor" : {
      "extend_bandwidth" : 5000,
      "extend_eip_count" : 2000,
      "extend_vpc_count" : 100,
      "version" : "Standard"
    },
    "name" : "CFW-TEST",
    "tags" : [ {
      "key" : "TagKey",
      "value" : "TagVal"
    } ]
  },
  "job_id" : "CS2403271050ZEM0L"
}

Status code: 400

Returned error information.

{
  "error_code" : "CFW.00100001",
  "error_msg" : "System busy. Try again later."
}

SDK Sample Code

The SDK sample code is as follows.

Java

The customer whose project ID is 124147da-5b08-471a-93d2-bc82acc290c6 subscribes to the standard firewall. The firewall name is CFW-Test, the enterprise project ID is 0, the resource tag is a key-value pair, the key is TagKey, the value is TagValue, the added number of protected EIPs is 2000, the added protection bandwidth is 5000 Mbit/s, and the added number of protected VPCs is 100. The yearly/monthly billing mode is used. Auto-renewal and auto-payment are enabled. The usage duration is one month.

    
     
       
       
         package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cfw.v1.region.CfwRegion;
import com.huaweicloud.sdk.cfw.v1.*;
import com.huaweicloud.sdk.cfw.v1.model.*;

import java.util.List;
import java.util.ArrayList;

public class CreateFirewallSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CfwClient client = CfwClient.newBuilder()
                .withCredential(auth)
                .withRegion(CfwRegion.valueOf("<YOUR REGION>"))
                .build();
        CreateFirewallRequest request = new CreateFirewallRequest();
        CreateFirewallReq body = new CreateFirewallReq();
        CreateFirewallReqChargeInfo chargeInfobody = new CreateFirewallReqChargeInfo();
        chargeInfobody.withChargeMode("prePaid")
            .withPeriodType("month")
            .withPeriodNum(1)
            .withIsAutoRenew(true)
            .withIsAutoPay(true);
        CreateFirewallReqFlavor flavorbody = new CreateFirewallReqFlavor();
        flavorbody.withVersion(CreateFirewallReqFlavor.VersionEnum.fromValue("standard"))
            .withExtendEipCount(2000)
            .withExtendBandwidth(5000)
            .withExtendVpcCount(100);
        List<CreateFirewallReqTags> listbodyTags = new ArrayList<>();
        listbodyTags.add(
            new CreateFirewallReqTags()
                .withKey("TagKey")
                .withValue("TagVal")
        );
        body.withChargeInfo(chargeInfobody);
        body.withFlavor(flavorbody);
        body.withTags(listbodyTags);
        body.withEnterpriseProjectId("0");
        body.withName("CFW-TEST");
        request.withBody(body);
        try {
            CreateFirewallResponse response = client.createFirewall(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

        

      

    
   

Python

The customer whose project ID is 124147da-5b08-471a-93d2-bc82acc290c6 subscribes to the standard firewall. The firewall name is CFW-Test, the enterprise project ID is 0, the resource tag is a key-value pair, the key is TagKey, the value is TagValue, the added number of protected EIPs is 2000, the added protection bandwidth is 5000 Mbit/s, and the added number of protected VPCs is 100. The yearly/monthly billing mode is used. Auto-renewal and auto-payment are enabled. The usage duration is one month.

    
     
       
       
         # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcfw.v1.region.cfw_region import CfwRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcfw.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CfwClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CfwRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = CreateFirewallRequest()
        chargeInfobody = CreateFirewallReqChargeInfo(
            charge_mode="prePaid",
            period_type="month",
            period_num=1,
            is_auto_renew=True,
            is_auto_pay=True
        )
        flavorbody = CreateFirewallReqFlavor(
            version="standard",
            extend_eip_count=2000,
            extend_bandwidth=5000,
            extend_vpc_count=100
        )
        listTagsbody = [
            CreateFirewallReqTags(
                key="TagKey",
                value="TagVal"
            )
        ]
        request.body = CreateFirewallReq(
            charge_info=chargeInfobody,
            flavor=flavorbody,
            tags=listTagsbody,
            enterprise_project_id="0",
            name="CFW-TEST"
        )
        response = client.create_firewall(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

        

      

    
   

Go

The customer whose project ID is 124147da-5b08-471a-93d2-bc82acc290c6 subscribes to the standard firewall. The firewall name is CFW-Test, the enterprise project ID is 0, the resource tag is a key-value pair, the key is TagKey, the value is TagValue, the added number of protected EIPs is 2000, the added protection bandwidth is 5000 Mbit/s, and the added number of protected VPCs is 100. The yearly/monthly billing mode is used. Auto-renewal and auto-payment are enabled. The usage duration is one month.

    
     
       
       
         package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cfw "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cfw/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cfw.NewCfwClient(
        cfw.CfwClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.CreateFirewallRequest{}
	periodTypeChargeInfo:= "month"
	periodNumChargeInfo:= int32(1)
	chargeInfobody := &model.CreateFirewallReqChargeInfo{
		ChargeMode: "prePaid",
		PeriodType: &periodTypeChargeInfo,
		PeriodNum: &periodNumChargeInfo,
		IsAutoRenew: true,
		IsAutoPay: true,
	}
	extendEipCountFlavor:= int32(2000)
	extendBandwidthFlavor:= int32(5000)
	extendVpcCountFlavor:= int32(100)
	flavorbody := &model.CreateFirewallReqFlavor{
		Version: model.GetCreateFirewallReqFlavorVersionEnum().STANDARD,
		ExtendEipCount: &extendEipCountFlavor,
		ExtendBandwidth: &extendBandwidthFlavor,
		ExtendVpcCount: &extendVpcCountFlavor,
	}
	keyTags:= "TagKey"
	valueTags:= "TagVal"
	var listTagsbody = []model.CreateFirewallReqTags{
        {
            Key: &keyTags,
            Value: &valueTags,
        },
    }
	enterpriseProjectIdCreateFirewallReq:= "0"
	request.Body = &model.CreateFirewallReq{
		ChargeInfo: chargeInfobody,
		Flavor: flavorbody,
		Tags: &listTagsbody,
		EnterpriseProjectId: &enterpriseProjectIdCreateFirewallReq,
		Name: "CFW-TEST",
	}
	response, err := client.CreateFirewall(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

        

      

    
   

More

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	Information returned when the firewall is purchased successfully.
400	Returned error information.

Error Codes

See Error Codes.

Creating a Firewall