Egress forwarding policy rules define what action to take for a particular type of traffic, based on its origin, destination, protocol, EtherType, ports, DSCP value and other information. Supported actions are to redirect traffic, change the forwarding class of the traffic or to allow traffic to pass untouched.


  • acl_template_name: The name of the parent Template for this acl entry
  • icmp_code: The ICMP Code when protocol selected is ICMP.
  • icmp_type: The ICMP Type when protocol selected is ICMP.
  • fc_override: Value of the Service Class to be overridden in the packet when the match conditions are satisfied Possible values are NONE, A, B, C, D, E, F, G, H, .
  • ipv6_address_override: Overrides the source IPv6 for Egress and destination IPv6 for Egress, mac entries will use this address as the match criteria.
  • dscp (Mandatory): DSCP match condition to be set in the rule. It is either * or from 0-63
  • failsafe_datapath: Backup datapath option if VNF/VM is down
  • last_updated_by: ID of the user who last updated the object.
  • action (Mandatory): The action of the ACL entry. Possible values are DROP, FORWARD, REDIRECT. Action REDIRECT is allowed only for EgressAdvancedForwardingEntry.
  • address_override: Overrides the source IP for Egress and destination IP for Ingress, mac entries will use this address as the match criteria.
  • web_filter_id: ID of web filter category or web domain name entity used
  • web_filter_type: Indicates type of web filter being set
  • redirect_vport_tag_id: VPort tag to which traffic will be redirected to, when ACL entry match criteria succeeds
  • description: Description of the ACL entry
  • destination_port: The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
  • network_id: The source network entity id that is referenced(subnet/zone/macro/PolicyGroupExpression)
  • network_type: Type of the source network.
  • mirror_destination_id: Destination ID of the mirror destination object.
  • flow_logging_enabled: Is flow logging enabled for this particular template
  • enterprise_name: The name of the enterprise for the domains parent
  • entity_scope: Specify if scope of entity is Data center or Enterprise level
  • location_id: The ID of the destination location entity (Subnet/Zone/VportTag/PolicyGroupExpression)
  • location_type (Mandatory): Type of the destination location entity.
  • policy_state: State of the policy. Possible values are DRAFT, LIVE, .
  • domain_name: The name of the domain/domain template for the aclTemplateNames parent
  • source_port: Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
  • uplink_preference: Indicates the preferencial path selection for network traffic for this ACL - default is DEFAULT when the attribute is applicable.
  • priority: The priority of the ACL entry that determines the order of entries
  • protocol: Protocol number that must be matched
  • associated_live_entity_id: In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
  • associated_live_template_id: In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
  • associated_traffic_type: The associated Traffic type. L4 Service / L4 Service Group
  • associated_traffic_type_id: The associated Traffic Type ID
  • stats_id: The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
  • stats_logging_enabled: Is stats logging enabled for this particular template
  • ether_type (Mandatory): Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
  • external_id: External object ID. Used for integration with third party systems


class fetcher
numetadata.NUMetadata metadatas
nuglobalmetadata.NUGlobalMetadata global_metadatas