Creates a VPC firewall for a transit router.
Try it now
Test
RAM authorization
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| Lang |
string |
No |
The language of the response message. Valid values:
|
zh |
| FirewallName |
string |
No |
The name of the firewall. |
VPC边界防火墙云企业网企业版 |
| RouteMode |
string |
No |
The routing mode. Valid values:
|
managed |
| TransitRouterId |
string |
No |
The ID of the transit router instance. |
tr-m5etmb2q7e0mxcur**** |
| RegionNo |
string |
No |
The region ID of the transit router instance. |
cn-hangzhou |
| FirewallVpcCidr |
string |
No |
The CIDR block of the firewall VPC in automatic mode. |
10.0.0.0/16 |
| FirewallSubnetCidr |
string |
No |
The CIDR block of the vSwitch in the firewall VPC that hosts the firewall's elastic network interface (ENI). This parameter applies only in automatic mode. |
10.0.1.0/24 |
| TrAttachmentSlaveCidr |
string |
No |
The CIDR block of the secondary vSwitch used to connect to the transit router. This parameter applies only in automatic mode. |
10.0.0.16/28 |
| TrAttachmentMasterCidr |
string |
No |
The CIDR block of the primary vSwitch used to connect to the transit router. This parameter applies only in automatic mode. |
10.0.3.0/24 |
| CenId |
string |
No |
The ID of the Cloud Enterprise Network (CEN) instance. |
cen-4xbjup276au29r**** |
| FirewallDescription |
string |
No |
The description of the firewall. |
VPC边界防火墙云企业网企业版 |
| FirewallVpcId |
string |
No |
The ID of the VPC where the firewall ENI is created. This parameter applies only in manual mode. |
vpc-wz9r5qvryn0lg3atb**** |
| FirewallVswitchId |
string |
No |
The ID of the vSwitch where the firewall ENI is created. This parameter applies only in manual mode. |
vsw-uf6ydz3vqj77mr5l6**** |
| TrAttachmentSlaveZone |
string |
No |
The secondary zone for the vSwitch. |
cn-chengdu-b |
| TrAttachmentMasterZone |
string |
No |
The primary zone for the vSwitch. |
cn-chengdu-a |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
|||
| FirewallId |
string |
The ID of the VPC firewall instance. |
vfw-tr-37e22bf0d9b34870**** |
| RequestId |
string |
The ID of the request. |
822B9125-6E1A-551C-8EAF-6E7AE7444B00 |
Examples
Success response
JSON format
{
"FirewallId": "vfw-tr-37e22bf0d9b34870****",
"RequestId": "822B9125-6E1A-551C-8EAF-6E7AE7444B00"
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | ErrorTrResourceNotReady | Transit Router has not been detected by cloud firewall | |
| 400 | ErrorAliUid | The aliuid is invalid. | The aliuid is invalid. |
| 400 | ErrorParameters | Error Parameters | The parameter is invalid. |
| 400 | ErrorUserCenTrNotEnabled | This account has not enabled CEN Transit Router Enterprise Edition Cloud Firewal. Please contact Cloud Firewall Support team. | This account does not support CEN Enterprise Edition Cloud Firewall for the time being. Please contact the Cloud Firewall service team to add white before operation. |
| 400 | ErrorAuthentication | authentication error | The authentication failed. |
| 400 | ErrorUserCredentials | User credentials failed. | Unauthorized, not accessible, please first authorize firewall permissions. |
| 400 | ErrorCenTRAssociationNotFound | CEN-TR attachment association not found. | CEN-TR attachment association not found. |
| 400 | ErrorUserNotFound | User not found | The user does not exist. |
| 400 | ErrorDBSelectError | A database select error occurred. | The error message returned because an internal error has occurred in querying the database. |
| 400 | ErrorCenNotSupportTREnterpriseAutoMode | VPC firewall does not support TR Enterprise Edition auto mode protection, please use manual mode protection | VPC firewalls do not support the CEN-TR automatic mode. |
| 400 | ErrorVpcFirewallExist | Vpc firewall already exist. | The firewall is already configured and cannot be configured repeatedly. |
| 400 | ErrorInvalidTrFirewallType | Firewall type is invalid. | The firewall type cannot be identified. |
| 400 | ErrorVpcDoNotSupportSubnetRouting | The VPC for which the firewall is created does not support subnet routing. Create a custom route table for the VPC to enable subnet routing first. | The VPC for which the firewall is created does not support subnet routing. Create a custom route table for the VPC to enable subnet routing first. |
| 400 | ErrorVpcAndTrNotInTheSameAccount | Vpc and transit router should in the account when create cloud firewall manual mode. | When creating a cloud firewall in the cloud enterprise network manual mode, the VPC and forwarding router configured for the firewall must be under the same account. |
| 400 | ErrorCidrFormat | Network segment CIDR format error, please select again | The format of the specified CIDR block is invalid. Enter another value. |
| 400 | ErrorVswitchCidrIpNumNotEnough | No enough private proxy IP in vswitch cidr. | The firewall switch does not have enough private IP addresses. |
| 400 | ErrorTrFwVswCidrConflict | Illegal tr firewall cidr configuration. | Tr firewall configuration network segment is invalid. |
| 400 | ErrorDBNoRow | No rows in database. | No data found. |
| 400 | ErrorRecordLog | record operation log error. | Update operation log error. |
| 400 | ErrorVpcFirewallZoneId | VPC firewall zone error. | VPC firewall zone selection error |
| 400 | ErrorInvalidMemberUidStatus | invalid member uid status. | The status of the member account is invalid. This operation is not supported. |
| 400 | ErrorGeneralInstanceSpecFull | Cloud Firewall instance specifications are full. | Cloud Firewall instance specifications are full. |
| 400 | ErrorBandwidthPenalty | Cloud Firewall bandwidth is being overused. | Cloud Firewall bandwidth is being overused. |
| 400 | ErrorFirewallQuotaNotEmpty | The quota for VPC firewalls is exceeded. | The quota is insufficient. You cannot configure the VPC firewall. Increase the quota. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.