VirtualFirewallPolicy

Defines the template for a Virtual Firewall Policy that helps to group a set of rules either based on functions or actions

Overview

active boolean filterable   orderable  
allowAddressSpoof boolean filterable   orderable  
associatedEgressTemplateID string read only   autogenerated  
associatedIngressTemplateID string read only   autogenerated  
associatedLiveEntityID string read only   autogenerated   filterable  
autoGeneratePriority boolean creation only   filterable   orderable  
defaultAllowIP boolean filterable   orderable  
defaultAllowNonIP boolean filterable   orderable  
defaultInstallACLImplicitRules boolean filterable   orderable  
description string filterable  
entityScope enum (ENTERPRISE | GLOBAL) autogenerated  
externalID string filterable   orderable   locally unique  
lastUpdatedBy string autogenerated  
name string required   filterable   orderable  
policyState enum (DRAFT | LIVE) read only   filterable   orderable  
priority integer filterable   orderable  
priorityType enum (BOTTOM | TOP) filterable   orderable  

API Resource

/virtualfirewallpolicies/id
delete get put

Parents

/virtualfirewallpolicies
get
/domains/id/virtualfirewallpolicies
get post
/l2domains/id/virtualfirewallpolicies
get post
/l2domaintemplates/id/virtualfirewallpolicies
get post
/domaintemplates/id/virtualfirewallpolicies
get post

Children

/virtualfirewallpolicies/id/metadatas
get post
/virtualfirewallpolicies/id/virtualfirewallrules
get post
/virtualfirewallpolicies/id/globalmetadatas
get post put

Members

This object has no members.

Attributes documentation

active boolean filterable   orderable  
Discussion

If enabled, it means that this rule is active

Charateristics

Default value: false
SDK attribute: active

allowAddressSpoof boolean filterable   orderable  
Discussion

If enabled, it will disable the default anti-spoof Rule for this domain that essentially prevents any VM to send packets that do not originate from that particular VM

Charateristics

Default value: false
SDK attribute: allowAddressSpoof

associatedEgressTemplateID string read only   autogenerated  
Discussion

The read only id of the auto generated Egress Template

Charateristics

Format: free
SDK attribute: associatedEgressTemplateID

associatedIngressTemplateID string read only   autogenerated  
Discussion

The read only id of the auto generated Ingress Template

Charateristics

Format: free
SDK attribute: associatedIngressTemplateID

associatedLiveEntityID string read only   autogenerated   filterable  
Discussion

In the draft mode, the rule entry refers to this LiveEntity. In non-drafted mode, this is null.

Charateristics

Format: free
SDK attribute: associatedLiveEntityID

autoGeneratePriority boolean creation only   filterable   orderable  
Discussion

This option affects how Rule entry priorities are generated when not specified. If 'false', the priority is generated by incrementing the current highest priority by 100. If 'true', a random priority will be generated, which is advised when creating many entries concurrently without specifying the priority. This will cause the ACL entry to be randomly placed in the existing list of ACL entries. Therefore it is advised to only enable this when allow rules are being created.

Charateristics

Default value: false
SDK attribute: autoGeneratePriority

defaultAllowIP boolean filterable   orderable  
Discussion

If enabled a default RUle of Allow All is added as the last entry in the list of rule entries

Charateristics

Default value: false
SDK attribute: defaultAllowIP

defaultAllowNonIP boolean filterable   orderable  
Discussion

If enabled, non ip traffic will be dropped

Charateristics

Default value: false
SDK attribute: defaultAllowNonIP

defaultInstallACLImplicitRules boolean filterable   orderable  
Discussion

If enabled, implicit rule will allow intra domain traffic by default

Charateristics

Default value: false
SDK attribute: defaultInstallACLImplicitRules

description string filterable  
Discussion

A concise description of the Virtual Firewall Rule Template that gives a small preview of its use.

Charateristics

Format: free
Max length: 255
SDK attribute: description

entityScope enum autogenerated  
Discussion

Specify if scope of entity is Data center or Enterprise level

Charateristics

Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope

externalID string filterable   orderable   locally unique  
Discussion

External object ID. Used for integration with third party systems

Charateristics

Format: free
SDK attribute: externalID

lastUpdatedBy string autogenerated  
Discussion

ID of the user who last updated the object.

Charateristics

Format: free
SDK attribute: lastUpdatedBy

name string required   filterable   orderable  
Discussion

A unique name set by an operator identifying the Virtual Firewall Rule Template.

Charateristics

Format: free
Min length: 1
Max length: 255
SDK attribute: name

policyState enum read only   filterable   orderable  
Discussion

States if the policy is Live or Draft

Charateristics

Allowed values: DRAFT, LIVE
SDK attribute: policyState

priority integer filterable   orderable  
Discussion

The priority of the rule entry that determines the order of entries

Charateristics

Max value: 1000000000
SDK attribute: priority

priorityType enum filterable   orderable  
Discussion

Possible values: TOP or BOTTOM. TOP and BOTTOM ACL policies can only be defined and managed on the template level. These allow for careful control of Rule priority handling.

Charateristics

Allowed values: BOTTOM, TOP
SDK attribute: priorityType