Company logoHelp Center
Visit www.threatlocker.com

/portalAPI/NetworkAccessPolicy/*

11 min. readlast update: 03.28.2025

This article will encompass all portalAPI calls that are related to /portalAPI/NetworkAccessPolicy/* endpoints

 

Be sure to input the instance your organization exists on for each call. This is indicated with the "INSTANCE" text in each endpoint. Linked here is a KB to find your instance: 

Locating Your Organization's Instance | ThreatLocker Help Center

 

NetworkAccessPolicyInsert

https://portalapi.INSTANCE.threatlocker.com/portalapi/NetworkAccessPolicy/NetworkAccessPolicyInsert

  • Method: POST
  • Description: This API is used when clicking the Modules drop-down menu on the left side of the ThreatLocker Portal, clicking Network Control, clicking the New Policy button in the top left of the page, entering all the Network Control policy details, and then clicking the Create button where this API is called to create the new Network Control policy. If creating a Network Control policy in a different organization than the currently logged in/managed organization, utilize the managedOrganizationId header as described below. If this is not completed, it can result in unexpected behavior/policy creation.
  • Required Body/Parameters
    • Valid APIKey/Authorization Token in header
    • Fields
      • allDestinations: This field determines whether this Network Control policy will effect all possible destination locations, including all IPv4, IPv6, and applied ThreatLocker Tags. This field is in contrast to the destinationLocations field, which specifies individual destination locations.
        • Expects: true or false
      • allPorts: This field determines whether this Network Control policy will effect all ports, including but not limited to, 20-21 (FTP), 3389 (RDP), and 8811 (ThreatLocker Objects).
        • Expects: true or false
      • allSources: This field determines whether this Network Control policy will effect all possible source locations, including IPv4, IPv6, ThreatLocker Tags, Keywords, and Objects. This field is in contrast to the sourceLocations field, which specifies individual destination locations.
        • Expects: true or false
      • computerGroupId: This field determines where the Network Control policy will be applied. This field corresponds to the "Applies To" section of the "Create Network Policy" sidebar in the Portal. Any valid organizationId, computerGroupId, or computerId can be entered. For instance, if looking to apply the Network Control policy at the entire organization level, enter the organizationId into this field.
        • Expects a GUID in format: "00000000-0000-0000-0000-000000000000"
      • description: This field is purely optional and informational. This is used to potentially provide more context/information about what the policy does, why it was created, or anything the administrator creating the policy deems useful
        • Expects: Any text input
      • destinationLocations: This field specifies the destination locations this Network Control policy will effect and is required when the allDestinations field is set to false. Listed below are the fields required for each destination location:

 

Note: In order to use tags in association with this field, it is recommended to utilize the https://portalapi.INSTANCE.threatlocker.com/portalapi/Tag/TagGetDowndownOptionsByOrganizationId (GET) API to get the full names ("label") and tagIds ("value") that can be used.

/portalAPI/Tag/* | ThreatLocker Help Center

 

        • ruleLocationTypeId: This field expects one of the below Integer values to be entered corresponding to the type of destination location entered.
          • IPv4 = 1
          • IPv6 = 2
          • Tag = 3
          • Text (Domain) = 5  (Outbound only)
        • text: If ruleLocationTypeId is set to IPv4 or IPv6, this field expects either the IPv4 or IPv6 value, in correct CIDR notation. If ruleLocationTypeId is set to Tag, this field expects the complete name of the tag ("label") as shown in this example: "ThreatLocker\\NinjaOne(Built-In)".
          When using a tag in the same organization as where the policy is being created, only the name of the tag needs to be entered. However, when using a parent organization's tag, the complete name needs to be used as indicated in this notation: "ParentOrganization\\TagName"
        • value: This field varies depending on what is entered into the ruleLocationId and text fields above. When using an IPv4 or IPv6 rule, the same the IP address used in the text field is expected in correct CIDR notation. When using a tag, this field expects the tagId ("value") to be entered.
      • direction: This field determines the direction of the network traffic that will be effected by the Network Control policy created. This field expects one of the following Integer values to be entered:
        • Inbound = 1
        • Outbound = 2
      • name: This field specifies the name that will be attached with the Network Control policy upon creation.
        • Expects: Any text input
      • networkAccessRulePortDtos: This field specifies the port(s) this Network Control policy will effect and is required when the allPorts field is set to false. This field expects either individual port(s) numbers or a port range to be entered separated by commas as shown in this example: "20-25", "53", "3389". This example, when entered into this field, will have the Network Control Policy effect ports 20 through 25, 55, and 3389
      • policyActionId: This field determines the action that the Network Control policy will take where this policy is applied. This field expects one of the following Integer values to be entered:
        • Permit = 1
        • Deny = 2
      • policyScheduleStatus: This field determines what the policy schedule/expiration status is of the Network Control policy. This field expects one of the following Integer values to be entered: 
        • No schedule/expiration = 0
        • Expiration = 1
        • Schedule = 2
      • policySchedules: This field determines the exipration or schedule of the Network Control policy created. This field expects policyScheduleStatus to have a value or 1 or 2.
        • When setting an expiration (policyScheduleStatus = 1), a new field is used called "endDate" to specify when the policy will expire. endDate expects a time entered in UTC in format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
        • When setting a schedule (policyScheduleStatus = 2), the following fields are use for each defined schedule of the policy.
          • dayOfTheWeek: This field determines the day of the week when the policy will be enabled. This field expects an Integer between 0 through 6, 0 being Sunday and 6 being Saturday.
          • durationHours: This field determines the amount of hours that the policy will be enabled. This field expects any valid Integer value, anything less than 24.
          • durationMinutes: This field determines the amount of minutes that the policy will be enabled. This field expects any valid Integer value, anything less than 60.
          • startTime: This field expects the start time to be entered in a 24 hour format "YYYY-MM-DDTHH:MM:SSZ", where YYYY is the year, the first MM is the month, DD is the day, HH are the hours, the second MM are the minutes, and SS are the seconds. The T must be included to designate the time and should not be changed or removed.
      • protocol: This field specifies the network protocol this Network Control policy will effect. This field expects one of the following Integer values to be entered:
        • Only TCP = 1
        • Only UDP = 2
        • Both TCP and UDP = 3
      • sourceLocations: This field specifies the source locations this Network Control policy will effect and is required when the allSources field is set to false. Listed below are the fields required for each source location:

 

Note: In order to use tags in association with this field, it is recommended to utilize the https://portalapi.INSTANCE.threatlocker.com/portalapi/Tag/TagGetDowndownOptionsByOrganizationId (GET) API to get the full names ("label") and tagIds ("value") that can be used.

/portalAPI/Tag/* | ThreatLocker Help Center

 

        • ruleLocationId: This field expects one of the below Integer values to be entered corresponding to the type of source location entered.
          • IPv4 = 1
          • IPv6 = 2
          • Tag = 3
          • Keyword = 4 (Inbound Only)
          • Object = 6 (Inbound Only)
        • text: If ruleLocationTypeId is set to IPv4 or IPv6 this field expects either the IPv4 or IPv6 value, in correct CIDR notation. If ruleLocationTypeId is set to Keyword this field expects the Keyword as text. If ruleLocationTypeId is set to Tag, this field expects the complete name of the tag ("label") as shown in this example: "ThreatLocker\\NinjaOne(Built-In)". When using a tag in the same organization as where the policy is being created, only the name of the tag needs to be entered. However, when using a parent organization's tag, the complete name needs to be used as indicated in this notation: "ParentOrganization\\TagName". If ruleLocationTypeId is set to Object will be applied (organization, computer group, or computer) this field expects Object name.
        • value: This field varies depending on what is entered into the ruleLocationId and text fields above. When using an IPv4 or IPv6 rule, the same the IP address used in the text field is expected in correct CIDR notation. When using a Keyword rule, the text of the Keyword is expected. When using a tag, this field expects the tagId ("value") to be entered. When using an Object, this field expects the id value associated with where the Object will be applied, either the organizationId, computerGroupId, or computerId.
      • status: This field determines whether the policy will be active or inactive upon policy creation. This field expects one of the following Integer values to be entered:
        • Active = 1
        • Inactive = 3
    • Required body
{
  "allDestinations": <Boolean>,
  "allPorts": <Boolean>,
  "allSources": <Boolean>,
  "computerGroupId": "00000000-0000-0000-0000-000000000000",
  "description": "<String>",
  "destinationLocations": [
    {
      "ruleLocationTypeId": <Integer>,
      "text": "<String>",
      "value": "<String>"
    },
    {
      "ruleLocationTypeId": <Integer>,
      "text": "<String>",
      "value": "<String>"
    }
  ],
  "direction": <Integer>,
  "endDate": "YYYY-MM-DDTHH:MM:SSZ",
  "name": "<String>",
  "networkAccessRulePortDtos": [
    "<String>",
    "<String>",
    "<String>"
  ],
  "policyActionId": <Integer>,
  "policyScheduleStatus": <Integer>,
  "policySchedules": [
    {
      "dayoftheWeek": <Integer>,
      "startTime": "YYYY-MM-DDTHH:MM:SSZ",
      "durationHours": <Integer>,
      "durationMinutes": <Integer>
    },
    {
      "dayoftheWeek": <Integer>,
      "startTime": "YYYY-MM-DDTHH:MM:SSZ",
      "durationHours": <Integer>,
      "durationMinutes": <Integer>
    }
  ],
  "protocol": <Integer>,
  "sourceLocations": [
    {
      "ruleLocationTypeId": <Integer>,
      "text": "<String>",
      "value": "<String>"
    },
    {
      "ruleLocationTypeId": <Integer>,
      "text": "<String>",
      "value": "<String>"
    }
  ],
  "status": <Integer>
}
  • Optional Body/Parameters
    • In header: "managedOrganizationId": <GUID> in format "00000000-0000-0000-0000-000000000000"
  • Permissions Needed for User
    • Edit Network Control Policies
Was this article helpful?