Defines the template of Ingress Advanced Forwarding entries
This object has no members.
The name of the parent Template for this acl entry
Format: free
SDK attribute: ACLTemplateName
The action of the ACL entry DROP or FORWARD or REDIRECT. Action REDIRECT is allowed only for IngressAdvancedForwardingEntry Possible values are DROP, FORWARD, REDIRECT, .
Allowed values: DROP, FORWARD, REDIRECT
Format: free
SDK attribute: action
Overrides the source IP for Ingress and destination IP for Egress, MAC entries will use this address as the match criteria.
Format: free
SDK attribute: addressOverride
Type of application selected, ALL (all applications in match criteria), NONE (no application in match criteria), APPLICATION (specific application in match criteria).
Allowed values: ALL, APPLICATION, NONE
Default value: NONE
SDK attribute: appType
Associated application UUID.
Format: free
SDK attribute: associatedApplicationID
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
Format: free
SDK attribute: associatedLiveEntityID
This property reflects the type of traffic in case an ACL entry is created using an L4 Service or L4 Service Group. In case a protocol and port are specified for the ACL entry, this property has to be empty (null). Supported values are L4_SERVICE, L4_SERVICE_GROUP and empty.
Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType
If a traffic type is specified as L4 Service or Service Group, then the associated Id of Service / Service Group should be specifed here
Format: free
SDK attribute: associatedTrafficTypeID
Description of the ACL entry
Format: free
SDK attribute: description
The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: destinationPort
The name of the domain/domain template for the aclTemplateNames parent
Format: free
SDK attribute: domainName
DSCP match condition to be set in the rule. It is either * or from 0-63
Format: free
SDK attribute: DSCP
The name of the enterprise for the domains parent
Format: free
SDK attribute: enterpriseName
Specify if scope of entity is Data center or Enterprise level
Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope
Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
Format: free
SDK attribute: etherType
External object ID. Used for integration with third party systems
Format: free
SDK attribute: externalID
Backup datapath option if VNF/VM is down
Allowed values: FAIL_TO_BLOCK, FAIL_TO_WIRE
Default value: FAIL_TO_BLOCK
SDK attribute: failsafeDatapath
Value of the Service Class to be overridden in the packet when the match conditions are satisfied Possible values are NONE, A, B, C, D, E, F, G, H, .
Allowed values: A, B, C, D, E, F, G, H, NONE
Format: free
SDK attribute: FCOverride
Is flow logging enabled for this particular template
Format: free
SDK attribute: flowLoggingEnabled
The ICMP Code when protocol selected is ICMP.
Format: free
SDK attribute: ICMPCode
The ICMP Type when protocol selected is ICMP.
Format: free
SDK attribute: ICMPType
Overrides the source IPv6 for Ingress and destination IPv6 for Egress, MAC entries will use this address as the match criteria.
Format: free
SDK attribute: IPv6AddressOverride
This flag denotes whether the Uplink Preference configured by the user will work with AAR or will over-ride AAR.
Default value: false
SDK attribute: isSLAAware
ID of the user who last updated the object.
Format: free
SDK attribute: lastUpdatedBy
The ID of the location entity (Subnet/Zone/VportTag/PolicyGroupExpression)
Format: free
SDK attribute: locationID
Type of the location entity.
Allowed values: ANY, PGEXPRESSION, POLICYGROUP, REDIRECTIONTARGET, SUBNET, VPORTTAG, ZONE
SDK attribute: locationType
Destination ID of the mirror destination object.
Format: free
SDK attribute: mirrorDestinationID
Name of the entity.
Format: free
Min length: 1
Max length: 255
SDK attribute: name
The destination network entity that is referenced(subnet/zone/macro/PolicyGroupExpression)
Format: free
SDK attribute: networkID
Type of the source network.
Allowed values: ANY, ENDPOINT_DOMAIN, ENDPOINT_SUBNET, ENDPOINT_ZONE, ENTERPRISE_NETWORK, INTERNET_POLICYGROUP, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, PUBLIC_NETWORK, SUBNET, UNDERLAY_INTERNET_POLICYGROUP, ZONE
SDK attribute: networkType
State of the policy. Possible values are DRAFT, LIVE, .
Allowed values: DRAFT, LIVE
Format: free
SDK attribute: policyState
The priority of the ACL entry that determines the order of entries
Format: free
SDK attribute: priority
Protocol number that must be matched
Format: free
SDK attribute: protocol
The type of redirection rewrite. Currently only VLAN is supported
Allowed values: VLAN
SDK attribute: redirectRewriteType
The redirect rewrite value. Currently only vlan id is supported
Format: free
SDK attribute: redirectRewriteValue
VPort tag to which traffic will be redirected to, when ACL entry match criteria succeeds
Format: free
SDK attribute: redirectVPortTagID
Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: sourcePort
The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
Format: free
SDK attribute: statsID
Is stats logging enabled for this particular template
Format: free
SDK attribute: statsLoggingEnabled
Indicates the preferencial path selection for network traffic for this ACL - default is DEFAULT when the attribute is applicable.
Allowed values: DEFAULT, PRIMARY, PRIMARY_SECONDARY, SECONDARY, SECONDARY_PRIMARY, SYMMETRIC
SDK attribute: uplinkPreference
The range can be a single number or a range. Eg : 1,10,15-17
Format: free
SDK attribute: vlanRange