Enforcement Boundaries

Warning

Enforcement Boundaries are still available in 24.2 APIs. However, they are being replaced by the Deny rules explained in the topic https://docs.illumio.com/core/24.2/Content/Guides/security-policy/create-security-policy/rules.htm

Enforcement Boundaries in the REST API

The RBAC roles Global Org Owner and Global Admin can manage Enforcement Boundaries without restrictions.

You can only use Enforcement Boundaries with managed workloads. You cannot apply Enforcement Boundaries to NEN-controlled or other unmanaged workloads.

One or more ports on a workload are enforced ("port enforcement"), leaving the remaining ports unenforced. Instead of configuring workloads directly, enforcement is controlled using policies.

Workloads have to be placed in selective mode when using Enforcement Boundaries. Therefore, to use an Enforcement Boundary, you need to perform two separate configurations:

Set the workload policy state to selective.
Create a security policy with a scope that includes the workload.

Enforcement Boundaries Methods

Functionality	HTTP	URI
View the configured enforcement boundaries.	`GET`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries:/id`
Edit the specified enforcement boundary.	`PUT`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries/:id`
Create a new enforcement boundary.	`POST`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries`
Delete the specified enforcement boundary	`DELETE`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries/:id`

REST APIs for 24.5