Creates a virtual private cloud (VPC) firewall for a transit router.
Debugging
Authorization information
The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:
- Operation: the value that you can use in the Action element to specify the operation on a resource.
- Access level: the access level of each operation. The levels are read, write, and list.
- Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level,
All Resourcesis used in the Resource type column of the operation.
- Condition Key: the condition key that is defined by the cloud service.
- Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
| Operation | Access level | Resource type | Condition key | Associated operation |
|---|---|---|---|---|
| yundun-cloudfirewall:CreateTrFirewallV2 | create |
|
| none |
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| Lang | string | No | The language of the content within the response. Valid values:
| zh |
| FirewallName | string | No | The name of the firewall. | cfw_test2 |
| RouteMode | string | No | The routing mode of the VPC firewall. Valid values:
| managed |
| TransitRouterId | string | No | The ID of the transit router. | tr-m5etmb2q7e0mxcur**** |
| RegionNo | string | No | The region ID of the route router. | cn-hangzhou |
| FirewallVpcCidr | string | No | The CIDR block that is allocated to the VPC created for the VPC firewall in automatic mode. | 10.0.0.0/16 |
| FirewallSubnetCidr | string | No | The subnet CIDR block of the VPC in which the ENI of the firewall is stored in automatic mode. | 10.0.1.0/24 |
| TrAttachmentSlaveCidr | string | No | The secondary subnet CIDR block that the VPC uses to connect to the transit router in automatic mode. | 10.0.0.16/28 |
| TrAttachmentMasterCidr | string | No | The primary subnet CIDR block that the VPC uses to connect to the transit router in automatic mode. | 10.0.3.0/24 |
| CenId | string | No | The ID of the Cloud Enterprise Network (CEN) instance. | cen-4xbjup276au29r**** |
| FirewallDescription | string | No | The description of the firewall. | vfw-sz |
| FirewallVpcId | string | No | The ID of the VPC in which the ENI associated with the VPC firewall is created in manual mode. | vpc-wz9r5qvryn0lg3atb**** |
| FirewallVswitchId | string | No | The ID of the vSwitch that is used to create the ENI in manual mode. | vsw-uf6ydz3vqj77mr5l6**** |
| TrAttachmentSlaveZone | string | No | The secondary zone for the vSwitch. | cn-chengdu-b |
| TrAttachmentMasterZone | string | No | The primary zone for the vSwitch. | cn-chengdu-a |
Response parameters
Examples
Sample success responses
JSONformat
{
"FirewallId": "vfw-tr-37e22bf0d9b34870****",
"RequestId": "822B9125-6E1A-551C-8EAF-6E7AE7444B00"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | ErrorTrResourceNotReady | Transit Router has not been detected by cloud firewall | - |
| 400 | ErrorAliUid | The aliuid is invalid. | The aliuid is invalid. |
| 400 | ErrorParameters | Error Parameters | The parameter is invalid. |
| 400 | ErrorUserCenTrNotEnabled | This account has not enabled CEN Transit Router Enterprise Edition Cloud Firewal. Please contact Cloud Firewall Support team. | This account does not support CEN Enterprise Edition Cloud Firewall for the time being. Please contact the Cloud Firewall service team to add white before operation. |
| 400 | ErrorAuthentication | authentication error | The authentication failed. |
| 400 | ErrorUserCredentials | User credentials failed. | Unauthorized, not accessible, please first authorize firewall permissions. |
| 400 | ErrorCenTRAssociationNotFound | CEN-TR attachment association not found. | CEN-TR attachment association not found. |
| 400 | ErrorUserNotFound | User not found | The user does not exist. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorCenNotSupportTREnterpriseAutoMode | VPC firewall does not support TR Enterprise Edition auto mode protection, please use manual mode protection | VPC firewalls do not support the CEN-TR automatic mode. |
| 400 | ErrorVpcFirewallExist | Vpc firewall already exist. | The firewall is already configured and cannot be configured repeatedly. |
| 400 | ErrorInvalidTrFirewallType | Firewall type is invalid. | The firewall type cannot be identified. |
| 400 | ErrorVpcDoNotSupportSubnetRouting | The VPC for which the firewall is created does not support subnet routing. Create a custom route table for the VPC to enable subnet routing first. | The VPC for which the firewall is created does not support subnet routing. Create a custom route table for the VPC to enable subnet routing first. |
| 400 | ErrorVpcAndTrNotInTheSameAccount | Vpc and transit router should in the account when create cloud firewall manual mode. | when creating a cloud firewall in the cloud enterprise network manual mode, the vpc and the forwarding router must be under the same account. |
| 400 | ErrorCidrFormat | Network segment CIDR format error, please select again | The format of the specified CIDR block is invalid. Enter another value. |
| 400 | ErrorVswitchCidrIpNumNotEnough | No enough private proxy IP in vswitch cidr. | The firewall switch does not have enough private IP addresses. |
| 400 | ErrorTrFwVswCidrConflict | Illegal tr firewall cidr configuration. | Tr firewall configuration network segment is invalid. |
| 400 | ErrorDBNoRow | No rows in database. | No data found. |
| 400 | ErrorRecordLog | record operation log error. | Update operation log error. |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|---|---|
| 2024-08-08 | API Description Update. The Error code has changed | View Change Details |
| 2023-10-18 | The Error code has changed. The request parameters of the API has changed | View Change Details |
| 2023-07-21 | The Error code has changed | View Change Details |