Egress forwarding policy rules define what action to take for a particular type of traffic, based on its origin, destination, protocol, EtherType, ports, DSCP value and other information. Supported actions are to redirect traffic, change the forwarding class of the traffic or to allow traffic to pass untouched.
This object has no members.
The name of the parent Template for this acl entry
Format: free
SDK attribute: ACLTemplateName
The action of the ACL entry. Possible values are DROP, FORWARD, REDIRECT. Action REDIRECT is allowed only for EgressAdvancedForwardingEntry.
Allowed values: DROP, FORWARD, REDIRECT
SDK attribute: action
Overrides the source IP for Egress and destination IP for Ingress, mac entries will use this address as the match criteria.
Format: free
SDK attribute: addressOverride
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
Format: free
SDK attribute: associatedLiveEntityID
In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
Format: free
SDK attribute: associatedLiveTemplateID
The associated Traffic type. L4 Service / L4 Service Group
Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType
The associated Traffic Type ID
Format: free
SDK attribute: associatedTrafficTypeID
Description of the ACL entry
Format: free
SDK attribute: description
The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: destinationPort
The name of the domain/domain template for the aclTemplateNames parent
Format: free
SDK attribute: domainName
DSCP match condition to be set in the rule. It is either * or from 0-63
Format: free
SDK attribute: DSCP
The name of the enterprise for the domains parent
Format: free
SDK attribute: enterpriseName
Specify if scope of entity is Data center or Enterprise level
Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope
Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
Format: free
SDK attribute: etherType
External object ID. Used for integration with third party systems
Format: free
SDK attribute: externalID
Backup datapath option if VNF/VM is down
Allowed values: FAIL_TO_BLOCK, FAIL_TO_WIRE
Default value: FAIL_TO_BLOCK
SDK attribute: failsafeDatapath
Value of the Service Class to be overridden in the packet when the match conditions are satisfied Possible values are NONE, A, B, C, D, E, F, G, H, .
Allowed values: A, B, C, D, E, F, G, H, NONE
Format: free
SDK attribute: FCOverride
Is flow logging enabled for this particular template
Format: free
SDK attribute: flowLoggingEnabled
The ICMP Code when protocol selected is ICMP.
Format: free
SDK attribute: ICMPCode
The ICMP Type when protocol selected is ICMP.
Format: free
SDK attribute: ICMPType
Overrides the source IPv6 for Egress and destination IPv6 for Egress, mac entries will use this address as the match criteria.
Format: free
SDK attribute: IPv6AddressOverride
ID of the user who last updated the object.
Format: free
SDK attribute: lastUpdatedBy
The ID of the destination location entity (Subnet/Zone/VportTag/PolicyGroupExpression)
Format: free
SDK attribute: locationID
Type of the destination location entity.
Allowed values: ANY, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
SDK attribute: locationType
Destination ID of the mirror destination object.
Format: free
SDK attribute: mirrorDestinationID
The source network entity id that is referenced(subnet/zone/macro/PolicyGroupExpression)
Format: free
SDK attribute: networkID
Type of the source network.
Allowed values: ANY, ENDPOINT_DOMAIN, ENDPOINT_SUBNET, ENDPOINT_ZONE, ENTERPRISE_NETWORK, INTERNET_POLICYGROUP, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, PUBLIC_NETWORK, SUBNET, UNDERLAY_INTERNET_POLICYGROUP, ZONE
SDK attribute: networkType
State of the policy. Possible values are DRAFT, LIVE, .
Allowed values: DRAFT, LIVE
SDK attribute: policyState
The priority of the ACL entry that determines the order of entries
Format: free
SDK attribute: priority
Protocol number that must be matched
Format: free
SDK attribute: protocol
VPort tag to which traffic will be redirected to, when ACL entry match criteria succeeds
Format: free
SDK attribute: redirectVPortTagID
Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: sourcePort
The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
Format: free
SDK attribute: statsID
Is stats logging enabled for this particular template
Format: free
SDK attribute: statsLoggingEnabled
Indicates the preferencial path selection for network traffic for this ACL - default is DEFAULT when the attribute is applicable.
Allowed values: DEFAULT, PRIMARY, PRIMARY_SECONDARY, SECONDARY, SECONDARY_PRIMARY, SYMMETRIC
SDK attribute: uplinkPreference
ID of web filter category or web domain name entity used
Format: free
Max length: 255
SDK attribute: webFilterID
Indicates type of web filter being set
Allowed values: WEB_CATEGORY, WEB_DOMAIN_NAME
SDK attribute: webFilterType