Egress forwarding policy rules define what action to take for a particular type of traffic, based on its origin, destination, protocol, EtherType, ports, DSCP value and other information. Supported actions are to redirect traffic, change the forwarding class of the traffic or to allow traffic to pass untouched.
This object has no members.
The name of the parent Template for this acl entry
Format: free
SDK attribute: ACLTemplateName
The action of the ACL entry. Possible values are DROP, FORWARD, REDIRECT. Action REDIRECT is allowed only for EgressAdvancedForwardingEntry.
Allowed values: DROP, FORWARD, REDIRECT, TRANSPARENT
SDK attribute: action
Overrides the source IP for Egress and destination IP for Ingress, mac entries will use this address as the match criteria.
Format: free
SDK attribute: addressOverride
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
Format: free
SDK attribute: associatedLiveEntityID
In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
Format: free
SDK attribute: associatedLiveTemplateID
The associated Traffic type. L4 Service / L4 Service Group
Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType
The associated Traffic Type ID
Format: free
SDK attribute: associatedTrafficTypeID
The ID of the Virtual Firewall Rule, if this was derived as part of the Virtual Firewall Rule creation
Format: free
SDK attribute: associatedVirtualFirewallRuleID
Time stamp when this object was created.
SDK attribute: creationDate
Description of the ACL entry
Format: free
SDK attribute: description
The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: destinationPort
The name of the domain/domain template for the aclTemplateNames parent
Format: free
SDK attribute: domainName
DSCP match condition to be set in the rule. It is either * or from 0-63
Format: free
SDK attribute: DSCP
Metadata objects associated with this entity. This will contain a list of Metadata objects if the API request is made using the special flag to enable the embedded Metadata feature. Only a maximum of Metadata objects is returned based on the value set in the system configuration.
SDK attribute: embeddedMetadata
The name of the enterprise for the domains parent
Format: free
SDK attribute: enterpriseName
Specify if scope of entity is Data center or Enterprise level
Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope
Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
Format: free
SDK attribute: etherType
External object ID. Used for integration with third party systems
Format: free
SDK attribute: externalID
Backup datapath option if VNF/VM is down
Allowed values: FAIL_TO_BLOCK, FAIL_TO_WIRE
Default value: FAIL_TO_BLOCK
SDK attribute: failsafeDatapath
Value of the Service Class to be overridden in the packet when the match conditions are satisfied Possible values are NONE, A, B, C, D, E, F, G, H, .
Allowed values: A, B, C, D, E, F, G, H, NONE
Format: free
SDK attribute: FCOverride
Is flow logging enabled for this particular template
SDK attribute: flowLoggingEnabled
The ICMP Code when protocol selected is ICMP.
Format: free
SDK attribute: ICMPCode
The ICMP Type when protocol selected is ICMP.
Format: free
SDK attribute: ICMPType
Overrides the source IPv6 for Egress and destination IPv6 for Egress, mac entries will use this address as the match criteria.
Format: free
SDK attribute: IPv6AddressOverride
ID of the user who last updated the object.
Format: free
SDK attribute: lastUpdatedBy
Time stamp when this object was last updated.
SDK attribute: lastUpdatedDate
Indicates whether the Location Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE.
Allowed values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE
SDK attribute: locationEntityType
The ID of the destination location entity (Subnet/Zone/VportTag/PolicyGroupExpression)
Format: free
SDK attribute: locationID
Type of the destination location entity.
Allowed values: ANY, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
SDK attribute: locationType
ID of the associated Mirror Destination Group.
Format: free
Max length: 255
SDK attribute: mirrorDestinationGroupID
Destination ID of the mirror destination object.
Format: free
SDK attribute: mirrorDestinationID
Indicates whether the Network Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, SAASAPPLICATIONGROUP, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE.
Allowed values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, SAASAPPLICATIONGROUP, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE
SDK attribute: networkEntityType
The source network entity id that is referenced(subnet/zone/macro/PolicyGroupExpression)
Format: free
SDK attribute: networkID
Type of the source network.
Allowed values: ANY, ENDPOINT_DOMAIN, ENDPOINT_SUBNET, ENDPOINT_ZONE, ENTERPRISE_NETWORK, INTERNET_POLICYGROUP, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, PUBLIC_NETWORK, SAAS_APPLICATION_GROUP, SUBNET, UNDERLAY_INTERNET_POLICYGROUP, ZONE
SDK attribute: networkType
Identifies the user that has created this object.
Format: free
SDK attribute: owner
State of the policy. Possible values are DRAFT, LIVE, .
Allowed values: DRAFT, LIVE
SDK attribute: policyState
The priority of the ACL entry that determines the order of entries
Format: free
SDK attribute: priority
Protocol number that must be matched
Format: free
SDK attribute: protocol
Indicates whether the Redirection Target of ACL Entry was derived from a L3 Domain template or instance. Possible Values: REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE.
Allowed values: REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE
SDK attribute: redirectionTargetEntityType
VPort tag to which traffic will be redirected to, when ACL entry match criteria succeeds
Format: free
SDK attribute: redirectVPortTagID
Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: sourcePort
The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
Format: free
SDK attribute: statsID
Indicates if stats logging is enabled for this particular template
SDK attribute: statsLoggingEnabled
Indicates the preferencial path selection for network traffic for this ACL - default is DEFAULT when the attribute is applicable.
Allowed values: DEFAULT, PRIMARY, PRIMARY_SECONDARY, SECONDARY, SECONDARY_PRIMARY, SYMMETRIC
SDK attribute: uplinkPreference
ID of web filter category or web domain name entity used
Format: free
Max length: 255
SDK attribute: webFilterID
Indicates if web filter statistics logging is enabled for this particular template
Default value: false
SDK attribute: webFilterStatsLoggingEnabled
Indicates type of web filter being set
Allowed values: WEB_CATEGORY, WEB_DOMAIN_NAME
SDK attribute: webFilterType