Defines the template for a Virtual Firewall Policy that helps to group a set of rules either based on functions or actions


  • name (Mandatory): A unique name set by an operator identifying the Virtual Firewall Rule Template.
  • last_updated_by: ID of the user who last updated the object.
  • active: If enabled, it means that this rule is active
  • default_allow_ip: If enabled a default RUle of Allow All is added as the last entry in the list of rule entries
  • default_allow_non_ip: If enabled, non ip traffic will be dropped
  • default_install_acl_implicit_rules: If enabled, implicit rule will allow intra domain traffic by default
  • description: A concise description of the Virtual Firewall Rule Template that gives a small preview of its use.
  • allow_address_spoof: If enabled, it will disable the default anti-spoof Rule for this domain that essentially prevents any VM to send packets that do not originate from that particular VM
  • entity_scope: Specify if scope of entity is Data center or Enterprise level
  • policy_state: States if the policy is Live or Draft
  • priority: The priority of the rule entry that determines the order of entries
  • priority_type: Possible values: TOP or BOTTOM. TOP and BOTTOM ACL policies can only be defined and managed on the template level. These allow for careful control of Rule priority handling.
  • associated_egress_template_id: The read only id of the auto generated Egress Template
  • associated_ingress_template_id: The read only id of the auto generated Ingress Template
  • associated_live_entity_id: In the draft mode, the rule entry refers to this LiveEntity. In non-drafted mode, this is null.
  • auto_generate_priority: This option affects how Rule entry priorities are generated when not specified. If ‘false’, the priority is generated by incrementing the current highest priority by 100. If ‘true’, a random priority will be generated, which is advised when creating many entries concurrently without specifying the priority. This will cause the ACL entry to be randomly placed in the existing list of ACL entries. Therefore it is advised to only enable this when allow rules are being created.
  • external_id: External object ID. Used for integration with third party systems


class fetcher
numetadata.NUMetadata metadatas
nuvirtualfirewallrule.NUVirtualFirewallRule virtual_firewall_rules
nuglobalmetadata.NUGlobalMetadata global_metadatas