Security Policy Entries defines what action to take for a particular type of traffic, based on its origin and its destination, its protocol, EtherType, eventual ports, DSCP value and other information.
This object has no members.
The name of the parent Template for this acl entry
Format: free
SDK attribute: ACLTemplateName
The action of the ACL entry.
Allowed values: DROP, FORWARD
SDK attribute: action
Overrides the source IP for Ingress and destination IP for Egress, MAC entries will use this address as the match criteria.
Format: free
SDK attribute: addressOverride
The UUID of the associated L7 Application signature
Format: free
SDK attribute: associatedL7ApplicationSignatureID
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
Format: free
SDK attribute: associatedLiveEntityID
In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
Format: free
SDK attribute: associatedLiveTemplateID
This property reflects the type of traffic in case an ACL entry is created using an Service or Service Group. In case a protocol and port are specified for the ACL entry, this property has to be empty (null). Supported values are L4_SERVICE, L4_SERVICE_GROUP and empty.
Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType
If a traffic type is specified as Service or Service Group, then the associated Id of Service / Service Group should be specifed here
Format: free
SDK attribute: associatedTrafficTypeID
The ID of the Virtual Firewall Rule, if this was derived as part of the Virtual Firewall Rule creation
Format: free
SDK attribute: associatedVirtualFirewallRuleID
Description of the ACL entry
Format: free
SDK attribute: description
The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: destinationPort
The name of the domain/domain template for the aclTemplateNames parent
Format: free
SDK attribute: domainName
DSCP match condition to be set in the rule. It is either * or from 0-63
Format: free
SDK attribute: DSCP
The name of the enterprise for the domains parent
Format: free
SDK attribute: enterpriseName
Specify if scope of entity is Data center or Enterprise level
Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope
Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
Format: free
SDK attribute: etherType
External object ID. Used for integration with third party systems
Format: free
SDK attribute: externalID
Is flow logging enabled for this particular template
Format: free
SDK attribute: flowLoggingEnabled
The ICMP Code when selected protocol is ICMP
Format: free
SDK attribute: ICMPCode
The ICMP Type when selected protocol is ICMP
Format: free
SDK attribute: ICMPType
Overrides the source IPv6 for Ingress and destination IP for Egress, MAC entries will use this address as the match criteria.
Format: free
SDK attribute: IPv6AddressOverride
ID of the user who last updated the object.
Format: free
SDK attribute: lastUpdatedBy
The ID of the destination endpoint (Subnet/Zone/VportTag/PolicyGroup/PolicyGroupExpression)
Format: free
SDK attribute: locationID
Type of the destination endpoint (Subnet/Zone/VportTag/PolicyGroup/PolicyGroupExpression
Allowed values: ANY, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
SDK attribute: locationType
Destination ID of the mirror destination object.
Format: free
SDK attribute: mirrorDestinationID
The ID of the source endpoint (Subnet/Zone/Macro/MacroGroup/PortGroup/PolicyGroupExpression)
Format: free
SDK attribute: networkID
Type of the source endpoint (Subnet/Zone/Macro/MacroGroup/PortGroup/PolicyGroupExpression)
Allowed values: ANY, ENDPOINT_DOMAIN, ENDPOINT_SUBNET, ENDPOINT_ZONE, ENTERPRISE_NETWORK, INTERNET_POLICYGROUP, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, PUBLIC_NETWORK, SAAS_APPLICATION_GROUP, SUBNET, UNDERLAY_INTERNET_POLICYGROUP, ZONE
SDK attribute: networkType
State of the policy. Possible values are DRAFT, LIVE, .
Allowed values: DRAFT, LIVE
Format: free
SDK attribute: policyState
The priority of the ACL entry that determines the order of entries
Format: free
SDK attribute: priority
Protocol number that must be matched
Format: free
SDK attribute: protocol
Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: sourcePort
True means that this ACL entry is stateful, so there will be a corresponding rule that will be created by OVS in the network. False means that there is no corresponding rule created by OVS in the network.
SDK attribute: stateful
The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
Format: free
SDK attribute: statsID
Is stats logging enabled for this particular template
Format: free
SDK attribute: statsLoggingEnabled
ID of web filter category or web domain name entity used
Format: free
Max length: 255
SDK attribute: webFilterID
Indicates type of web filter being set
Allowed values: WEB_CATEGORY, WEB_DOMAIN_NAME
SDK attribute: webFilterType