Egress forwarding policy rules define what action to take for a particular type of traffic, based on its origin, destination, protocol, EtherType, ports, DSCP value and other information. Supported actions are to redirect traffic, change the forwarding class of the traffic or to allow traffic to pass untouched.
acl_template_name: The name of the parent Template for this acl entry
icmp_code: The ICMP Code when protocol selected is ICMP.
icmp_type: The ICMP Type when protocol selected is ICMP.
fc_override: Value of the Service Class to be overridden in the packet when the match conditions are satisfied Possible values are NONE, A, B, C, D, E, F, G, H, .
ipv6_address_override: Overrides the source IPv6 for Egress and destination IPv6 for Egress, mac entries will use this address as the match criteria.
dscp(Mandatory): DSCP match condition to be set in the rule. It is either * or from 0-63
failsafe_datapath: Backup datapath option if VNF/VM is down
last_updated_by: ID of the user who last updated the object.
last_updated_date: Time stamp when this object was last updated.
action(Mandatory): The action of the ACL entry. Possible values are DROP, FORWARD, REDIRECT. Action REDIRECT is allowed only for EgressAdvancedForwardingEntry.
address_override: Overrides the source IP for Egress and destination IP for Ingress, mac entries will use this address as the match criteria.
web_filter_id: ID of web filter category or web domain name entity used
web_filter_stats_logging_enabled: Indicates if web filter statistics logging is enabled for this particular template
web_filter_type: Indicates type of web filter being set
redirect_vport_tag_id: VPort tag to which traffic will be redirected to, when ACL entry match criteria succeeds
redirection_target_entity_type: Indicates whether the Redirection Target of ACL Entry was derived from a L3 Domain template or instance. Possible Values: REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE.
description: Description of the ACL entry
destination_port: The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
network_entity_type: Indicates whether the Network Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, SAASAPPLICATIONGROUP, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE.
network_id: The source network entity id that is referenced(subnet/zone/macro/PolicyGroupExpression)
network_type: Type of the source network.
mirror_destination_group_id: ID of the associated Mirror Destination Group.
mirror_destination_id: Destination ID of the mirror destination object.
flow_logging_enabled: Is flow logging enabled for this particular template
embedded_metadata: Metadata objects associated with this entity. This will contain a list of Metadata objects if the API request is made using the special flag to enable the embedded Metadata feature. Only a maximum of Metadata objects is returned based on the value set in the system configuration.
enterprise_name: The name of the enterprise for the domains parent
entity_scope: Specify if scope of entity is Data center or Enterprise level
location_entity_type: Indicates whether the Location Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE.
location_id: The ID of the destination location entity (Subnet/Zone/VportTag/PolicyGroupExpression)
location_type(Mandatory): Type of the destination location entity.
policy_state: State of the policy. Possible values are DRAFT, LIVE, .
domain_name: The name of the domain/domain template for the aclTemplateNames parent
source_port: Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
uplink_preference: Indicates the preferencial path selection for network traffic for this ACL - default is DEFAULT when the attribute is applicable.
creation_date: Time stamp when this object was created.
priority: The priority of the ACL entry that determines the order of entries
protocol: Protocol number that must be matched
associated_live_entity_id: In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
associated_live_template_id: In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
associated_traffic_type: The associated Traffic type. L4 Service / L4 Service Group
associated_traffic_type_id: The associated Traffic Type ID
associated_virtual_firewall_rule_id: The ID of the Virtual Firewall Rule, if this was derived as part of the Virtual Firewall Rule creation
stats_id: The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
stats_logging_enabled: Indicates if stats logging is enabled for this particular template
ether_type(Mandatory): Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
owner: Identifies the user that has created this object.
external_id: External object ID. Used for integration with third party systems