VirtualFirewallRule

Defines the Virtual Firewall rules

Overview

ACLTemplateName string read only  
action enum (DROP | FORWARD | REDIRECT) required   filterable   orderable  
associatedL7ApplicationSignatureID string
associatedLiveEntityID string read only   filterable  
associatedTrafficType enum (L4_SERVICE | L4_SERVICE_GROUP) filterable   orderable  
associatedTrafficTypeID string filterable   orderable  
description string filterable  
destinationPort string filterable   orderable  
domainName string read only  
DSCP string
enterpriseName string read only  
entityScope enum (ENTERPRISE | GLOBAL) autogenerated  
externalID string filterable   orderable   locally unique  
flowLoggingEnabled boolean
ICMPCode string
ICMPType string
lastUpdatedBy string autogenerated  
locationID string filterable   orderable  
locationType enum (ANY | ENTERPRISE_NETWORK | INTERNET_POLICYGROUP | NETWORK_MACRO_GROUP | PGEXPRESSION | POLICYGROUP | SUBNET | ZONE) required   filterable   orderable  
mirrorDestinationID string
networkID string filterable   orderable  
networkType enum (ANY | ENTERPRISE_NETWORK | INTERNET_POLICYGROUP | NETWORK_MACRO_GROUP | PGEXPRESSION | POLICYGROUP | SUBNET | ZONE) filterable   orderable  
overlayMirrorDestinationID string
policyState enum (DRAFT | LIVE) read only   filterable   orderable  
priority integer filterable   orderable  
protocol string filterable   orderable  
sourcePort string filterable   orderable  
statsID string read only   autogenerated   filterable   orderable  
statsLoggingEnabled boolean

API Resource

/virtualfirewallrules/id
delete get post put

Parents

/virtualfirewallpolicies/id/virtualfirewallrules
delete get post put

Children

/virtualfirewallrules/id/metadatas
get post
/virtualfirewallrules/id/globalmetadatas
get post put
/virtualfirewallrules/id/jobs
post
/virtualfirewallrules/id/statistics
get

Members

This object has no members.

Attributes documentation

ACLTemplateName string read only  
Discussion

The name of the parent template for this rule entry

Charateristics

Format: free
SDK attribute: ACLTemplateName

action enum required   filterable   orderable  
Discussion

The action of the rule, DROP or FORWARD or REDIRECT. Action REDIRECT is allowed only for IngressAdvancedForwardingEntry Possible values are DROP, FORWARD, REDIRECT, .

Charateristics

Allowed values: DROP, FORWARD, REDIRECT
SDK attribute: action

associatedL7ApplicationSignatureID string
Discussion

The UUID of the associated L7 Application Signature

Charateristics

Format: free
SDK attribute: associatedL7ApplicationSignatureID

associatedLiveEntityID string read only   filterable  
Discussion

In the draft mode, the rule entry refers to this LiveEntity. In live mode, this is null.

Charateristics

Format: free
SDK attribute: associatedLiveEntityID

associatedTrafficType enum filterable   orderable  
Discussion

This property reflects the type of traffic in case a rule entry is created using an L4 Service or L4 Service Group. In case a protocol and port are specified for the ACL entry, this property has to be empty (null). Supported values are L4_SERVICE, L4_SERVICE_GROUP and empty.

Charateristics

Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType

associatedTrafficTypeID string filterable   orderable  
Discussion

If a traffic type is specified as L4 Service or Service Group, then the associated Id of Service / Service Group should be specifed here

Charateristics

Format: free
SDK attribute: associatedTrafficTypeID

description string filterable  
Discussion

Description of the rule entry

Charateristics

Format: free
Max length: 255
SDK attribute: description

destinationPort string filterable   orderable  
Discussion

The destination port to be matched if protocol is UDP or TCP. Value should be either * or a single port number or a port range like 1,2.. or 1 - 10

Charateristics

Format: free
Max length: 255
SDK attribute: destinationPort

domainName string read only  
Discussion

The name of the domain/domain template for the Rule TemplateName.

Charateristics

Format: free
SDK attribute: domainName

DSCP string
Discussion

DSCP match condition to be set in the rule. It is either * or from 0-63

Charateristics

Format: free
SDK attribute: DSCP

enterpriseName string read only  
Discussion

The name of the enterprise for the domain's parent

Charateristics

Format: free
SDK attribute: enterpriseName

entityScope enum autogenerated  
Discussion

Specify if scope of entity is Data center or Enterprise level

Charateristics

Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope

externalID string filterable   orderable   locally unique  
Discussion

External object ID. Used for integration with third party systems

Charateristics

Format: free
SDK attribute: externalID

flowLoggingEnabled boolean
Discussion

Is flow logging enabled for this particular template

Charateristics

Default value: false
SDK attribute: flowLoggingEnabled

ICMPCode string
Discussion

The ICMP Code when protocol selected is ICMP.

Charateristics

Format: free
SDK attribute: ICMPCode

ICMPType string
Discussion

The ICMP Type when protocol selected is ICMP.

Charateristics

Format: free
SDK attribute: ICMPType

lastUpdatedBy string autogenerated  
Discussion

ID of the user who last updated the object.

Charateristics

Format: free
SDK attribute: lastUpdatedBy

locationID string filterable   orderable  
Discussion

The ID of the source endpoint (Subnet/Zone/PortGroup/PolicyGroupExpression/NetworkMacro/Internet Policy Group/Enterprise Network)

Charateristics

Format: free
SDK attribute: locationID

locationType enum required   filterable   orderable  
Discussion

Type of the source endpoint (Subnet/Zone/PortGroup/PolicyGroupExpression/NetworkMacro/Internet Policy Group/Enterprise Network)

Charateristics

Allowed values: ANY, ENTERPRISE_NETWORK, INTERNET_POLICYGROUP, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
SDK attribute: locationType

mirrorDestinationID string
Discussion

Destination ID of the mirror destination object.

Charateristics

Format: free
SDK attribute: mirrorDestinationID

networkID string filterable   orderable  
Discussion

The ID of the destination endpoint (Subnet/Zone/PortGroup/PolicyGroupExpression/NetworkMacro/Internet Policy Group/Enterprise Network)

Charateristics

Format: free
SDK attribute: networkID

networkType enum filterable   orderable  
Discussion

Type of the destination endpoint (Subnet/Zone/PortGroup/PolicyGroupExpression/NetworkMacro/Internet Policy Group/Enterprise Network)

Charateristics

Allowed values: ANY, ENTERPRISE_NETWORK, INTERNET_POLICYGROUP, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
Default value: ANY
SDK attribute: networkType

overlayMirrorDestinationID string
Discussion

ID of the overlay mirror destination

Charateristics

Format: free
SDK attribute: overlayMirrorDestinationID

policyState enum read only   filterable   orderable  
Discussion

State of the policy.

Charateristics

Allowed values: DRAFT, LIVE
SDK attribute: policyState

priority integer filterable   orderable  
Discussion

The priority of the rule entry that determines the order of entries

Charateristics

Max value: 1000000000
SDK attribute: priority

protocol string filterable   orderable  
Discussion

Protocol number that must be matched

Charateristics

Format: free
SDK attribute: protocol

sourcePort string filterable   orderable  
Discussion

Source port to be matched if protocol is UDP or TCP. Value should be either * or a single port number or a port range like 1,2.. or 1 - 10

Charateristics

Format: free
Max length: 255
SDK attribute: sourcePort

statsID string read only   autogenerated   filterable   orderable  
Discussion

The statsID that is created in the VSD and identifies this Rule Template Entry. This is auto-generated by VSD

Charateristics

Format: free
SDK attribute: statsID

statsLoggingEnabled boolean
Discussion

Is stats logging enabled for this particular template

Charateristics

Default value: false
SDK attribute: statsLoggingEnabled