Defines the template for a Virtual Firewall Policy that helps to group a set of rules either based on functions or actions


  • name (Mandatory): A unique name set by an operator identifying the Virtual Firewall Rule Template.
  • last_updated_by: ID of the user who last updated the object.
  • last_updated_date: Time stamp when this object was last updated.
  • active: If enabled, it means that this rule is active
  • default_allow_ip: If enabled a default RUle of Allow All is added as the last entry in the list of rule entries
  • default_allow_non_ip: If enabled, non ip traffic will be dropped
  • default_install_acl_implicit_rules: If enabled, implicit rule will allow intra domain traffic by default
  • description: A concise description of the Virtual Firewall Rule Template that gives a small preview of its use.
  • allow_address_spoof: If enabled, it will disable the default anti-spoof Rule for this domain that essentially prevents any VM to send packets that do not originate from that particular VM
  • embedded_metadata: Metadata objects associated with this entity. This will contain a list of Metadata objects if the API request is made using the special flag to enable the embedded Metadata feature. Only a maximum of Metadata objects is returned based on the value set in the system configuration.
  • entity_scope: Specify if scope of entity is Data center or Enterprise level
  • policy_state: States if the policy is Live or Draft
  • creation_date: Time stamp when this object was created.
  • priority: The priority of the rule entry that determines the order of entries
  • priority_type: Possible values: TOP or BOTTOM or NONE. TOP and BOTTOM ACL policies can only be defined and managed on the template level. These allow for careful control of Rule priority handling.
  • associated_egress_adv_fwd_rule_template_id: The read only id of the auto generated Egress Advance Forwarding Rule Template ID
  • associated_egress_template_id: The read only id of the auto generated Egress Template
  • associated_ingress_adv_fwd_rule_template_id: The read only id of the auto generated Ingress Advance Forwarding Rule Template ID
  • associated_ingress_template_id: The read only id of the auto generated Ingress Template
  • associated_live_entity_id: In the draft mode, the rule entry refers to this LiveEntity. In non-drafted mode, this is null.
  • auto_generate_priority: This option affects how Rule entry priorities are generated when not specified. If ‘false’, the priority is generated by incrementing the current highest priority by 100. If ‘true’, a random priority will be generated, which is advised when creating many entries concurrently without specifying the priority. This will cause the ACL entry to be randomly placed in the existing list of ACL entries. Therefore it is advised to only enable this when allow rules are being created.
  • owner: Identifies the user that has created this object.
  • external_id: External object ID. Used for integration with third party systems


class fetcher
nupermission.NUPermission permissions
numetadata.NUMetadata metadatas
nuvirtualfirewallrule.NUVirtualFirewallRule virtual_firewall_rules
nuglobalmetadata.NUGlobalMetadata global_metadatas