DescribeTrFirewallsV2List - Cloud Firewall - Alibaba Cloud Documentation Center

Queries the virtual private cloud (VPC) firewalls that are created for transit routers.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
yundun-cloudfirewall:DescribeTrFirewallsV2List	get	*VpcCenTrFirewall `acs:yundun-cloudfirewall::{#accountId}:vpccentrfirewall/{#FirewallId}`	none	none

Request parameters

Parameter	Type	Required	Description	Example
Lang	string	No	The language of the content within the response. Valid values: zh: Chinese (default) en: English	zh
RegionNo	string	No	The region ID of the transit router.	cn-hangzhou
FirewallSwitchStatus	string	No	The status of the VPC firewall. Valid values: opened: The VPC firewall is enabled. closed: The VPC firewall is disabled. notconfigured: The VPC firewall is not created. configured: The VPC firewall is created but is not enabled. creating: The VPC firewall is being created. opening: The VPC firewall is being enabled. deleting: The VPC firewall is being deleted. Note If you do not specify this parameter, VPC firewalls in all states are queried.	opened
CurrentPage	integer	No	The page number. Default value: 1.	1
PageSize	integer	No	The number of entries per page. Default value: 10.	10
FirewallId	string	No	The instance ID of the VPC firewall.	vfw-tr-f1799baa9e254651****
FirewallName	string	No	The name of the VPC firewall.	test
RouteMode	string	No	The routing mode of the VPC firewall. Valid values: managed: automatic mode manual: manual mode Note If you do not specify this parameter, VPC firewalls in all routing modes are queried.	managed
CenId	string	No	The ID of the Cloud Enterprise Network (CEN) instance.	cen-rig0t5zi96crkl****
TransitRouterId	string	No	The ID of the transit router.	tr-uf6egtvyaedvt20xl****

Response parameters

Parameter	Type	Description	Example
	object
TotalCount	string	The total number of entries returned.	6
RequestId	string	The request ID.	1471E2EC-F706-5F11-A79B-BD583ACB8297
VpcTrFirewalls	array<object>	The information about the VPC firewalls.
VpcTrFirewalls	object	The information about the VPC firewall.
CenId	string	The ID of the CEN instance.	cen-03f8s0z052ka3v****
CenName	string	The name of the CEN instance.	cen_swas
CloudFirewallVpcOrderType	string	The party responsible for the TR fees generated by the VPC firewall. Values: PayByCloudFirewall: Fees are borne by the Cloud Firewall. PayByCenOwner: Fees are borne by the account to which the CEN instance belongs.	PayByCenOwner
FirewallId	string	The instance ID of the VPC firewall.	vfw-tr-99bc4f0fc88b4d00****
FirewallSwitchStatus	string	The status of the VPC firewall. Valid values: opened: The VPC firewall is enabled. closed: The VPC firewall is disabled. notconfigured: The VPC firewall is not created. configured: The VPC firewall is created but is not enabled. creating: The VPC firewall is being created. opening: The VPC firewall is being enabled. deleting: The VPC firewall is being deleted. Note If you do not specify this parameter, VPC firewalls in all states are queried.	opened
IpsConfig	object	The intrusion prevention system (IPS) configurations.
BasicRules	integer	Indicates whether basic protection is enabled. Valid values: 1: yes 0: no	1
EnableAllPatch	integer	Indicates whether virtual patching is enabled. Valid values: 1: yes 0: no	1
RuleClass	integer	The level of the rule group for the IPS. Valid values: 1: loose. 2: medium. 3: strict.	3
RunMode	integer	The mode of the IPS. Valid values: 1: block mode 0: monitor mode	1
OwnerId	long	The ID of the Alibaba Cloud account to which the VPC belongs.	171761785151****
PrecheckStatus	string	Indicates whether the VPC firewall can be automatically enabled. Valid values: passed: yes failed: no unknown	passed
ProtectedResource	object	The protected resources.
Count	integer	The number of protected resources.	1
EcrList	array	The protected express connect routers.
ecr	string	The protected express connect router.	[ "ecr-d6yi3kl5qxmvkz****" ]
PeerTrList	array	The protected peer transit routers.
peerTr	string	The protected peer transit router.	[ "tr-2zegxdvs5f2je81ph****" ]
VbrList	array	The protected virtual border routers (VBRs).
vbr	string	The protected VBR.	[ "vbr-2zegxdvs5f2je81ph****" ]
VpcList	array	The protected VPCs.
vpc	string	The protected VPC.	["vpc-2zegxdvs5f2je81ph****"]
VpnList	array	The protected VPN gateways.
vpn	string	The protected VPN gateway.	[ "vpn-2zegxdvs5f2je81ph****" ]
RegionNo	string	The region ID of the transit router.	cn-hangzhou
RegionStatus	string	Indicates whether you can create a VPC firewall in a specified region. Valid values: enable: yes disable: no	enable
ResultCode	string	The result code of the operation that creates the VPC firewall. Valid values: RegionDisable: VPC Firewall is not supported in the region of the network instance. You cannot create a VPC firewall for the network instance. Empty string: You can create a VPC firewall for the network instance.	RegionDisable
RouteMode	string	The routing mode of the VPC firewall. Valid values: managed: automatic mode manual: manual mode	managed
TransitRouterId	string	The ID of the transit router.	tr-2vcmhjs88nil55fvu****
UnprotectedResource	object	The unprotected resources.
Count	integer	The number of unprotected resources.	1
EcrList	array	The unprotected express connect routers.
ecr	string	The unprotected express connect router.	[ "ecr-d6yi3kl5qxmvkz****" ]
PeerTrList	array	The unprotected peer transit routers.
peerTr	string	The unprotected peer transit router.	[ "tr-2zegxdvs5f2je81ph****" ]
VbrList	array	The unprotected VBRs.
vbr	string	The unprotected VBR.	[ "vbr-2zegxdvs5f2je81ph****" ]
VpcList	array	The unprotected VPCs.
vpc	string	The unprotected VPC.	[ "vpc-2zegxdvs5f2je81ph****" ]
VpnList	array	The unprotected VPN gateways.
vpn	string	The unprotected VPN gateway.	[ "vpn-2zegxdvs5f2je81ph****" ]
VpcFirewallName	string	The instance name of the VPC firewall.	test

Examples

Sample success responses

JSONformat

{
  "TotalCount": "6",
  "RequestId": "1471E2EC-F706-5F11-A79B-BD583ACB8297",
  "VpcTrFirewalls": [
    {
      "CenId": "cen-03f8s0z052ka3v****",
      "CenName": "cen_swas",
      "CloudFirewallVpcOrderType": "PayByCenOwner",
      "FirewallId": "vfw-tr-99bc4f0fc88b4d00****",
      "FirewallSwitchStatus": "opened",
      "IpsConfig": {
        "BasicRules": 1,
        "EnableAllPatch": 1,
        "RuleClass": 3,
        "RunMode": 1
      },
      "OwnerId": 0,
      "PrecheckStatus": "passed",
      "ProtectedResource": {
        "Count": 1,
        "EcrList": [
          "[\n    \"ecr-d6yi3kl5qxmvkz****\"\n]"
        ],
        "PeerTrList": [
          "[\n      \"tr-2zegxdvs5f2je81ph****\"\n]"
        ],
        "VbrList": [
          "[\n      \"vbr-2zegxdvs5f2je81ph****\"\n]"
        ],
        "VpcList": [
          "[\"vpc-2zegxdvs5f2je81ph****\"]"
        ],
        "VpnList": [
          "[\n      \"vpn-2zegxdvs5f2je81ph****\"\n]"
        ]
      },
      "RegionNo": "cn-hangzhou",
      "RegionStatus": "enable",
      "ResultCode": " RegionDisable",
      "RouteMode": "managed",
      "TransitRouterId": "tr-2vcmhjs88nil55fvu****",
      "UnprotectedResource": {
        "Count": 1,
        "EcrList": [
          "[\n    \"ecr-d6yi3kl5qxmvkz****\"\n]"
        ],
        "PeerTrList": [
          "[\n      \"tr-2zegxdvs5f2je81ph****\"\n]"
        ],
        "VbrList": [
          "[\n      \"vbr-2zegxdvs5f2je81ph****\"\n]"
        ],
        "VpcList": [
          "[\n      \"vpc-2zegxdvs5f2je81ph****\"\n]"
        ],
        "VpnList": [
          "[\n      \"vpn-2zegxdvs5f2je81ph****\"\n]"
        ]
      },
      "VpcFirewallName": "test"
    }
  ]
}

Error codes

HTTP status code	Error code	Error message	Description
400	ErrorUserNotFound	User not found	The user does not exist.
400	ErrorUserCredentials	User credentials failed.	Unauthorized, not accessible, please first authorize firewall permissions.
400	ErrorDBTxError	A database transaction error occurred.	The error message returned because an internal error has occurred in the database transaction.
400	ErrorDBSelectError	A database select error occurred.	The error message returned because an internal error has occurred in querying the database.
400	ErrorUnMarshalJSON	internal error.	Internal Error

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2024-09-06	API Description Update. The Error code has changed	View Change Details
2024-08-15	The response structure of the API has changed	View Change Details
2023-06-13	The response structure of the API has changed	View Change Details