Skip to main content

Illumio REST APIs 25.4

Enforcement Boundaries

Note

Enforcement Boundaries are still available. However, they have been replaced by Deny Rules.

Enforcement Boundaries in the REST API

The RBAC roles Global Org Owner and Global Admin can manage Enforcement Boundaries without restrictions.

You can only use Enforcement Boundaries with managed workloads. You cannot apply Enforcement Boundaries to NEN-controlled or other unmanaged workloads.

One or more ports on a workload are enforced ("port enforcement"), leaving the remaining ports unenforced. Instead of configuring workloads directly, enforcement is controlled using policies.

Workloads have to be placed in selective mode when using Enforcement Boundaries. Therefore, to use an Enforcement Boundary, you need to perform two separate configurations:

Set the workload policy state to selective.
Create a security policy with a scope that includes the workload.

Enforcement Boundaries Methods

Functionality	HTTP	URI
View the configured enforcement boundaries.	`GET`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries:/id`
Edit the specified enforcement boundary.	`PUT`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries/:id`
Create a new enforcement boundary.	`POST`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries`
Delete the specified enforcement boundary.	`DELETE`	`[api_version][org_href]/sec_policy/:version/ enforcement_boundaries/:id`

Was this helpful?

Would you like to provide feedback? Just click here to suggest edits.