Security Policy Entries defines what action to take for a particular type of traffic, based on its origin and its destination, its protocol, EtherType, eventual ports, DSCP value and other information.
This object has no members.
The name of the parent Template for this acl entry
Format: free
SDK attribute: ACLTemplateName
The action of the ACL entry DROP or FORWARD or REDIRECT or FORWARDING_PATH_LIST. Actions REDIRECT and FORWARDING_PATH_LIST are allowed only for IngressAdvancedForwardingEntry. Possible values are DROP, FORWARD, REDIRECT, FORWARDING_PATH_LIST. If FORWARDING_PATH_LIST is selected in IngressAdvancedForwardingEntry, user will have to attach a ForwardingPathList (list of forwarding action-uplink preference entries) to the ACL.
Allowed values: DROP, FORWARD, FORWARDING_PATH_LIST, REDIRECT, TRANSPARENT
SDK attribute: action
Overrides the source IP for Ingress and destination IP for Egress, MAC entries will use this address as the match criteria.
Format: free
SDK attribute: addressOverride
Address Override Type can be IPV4, IPV6 or MACRO_GROUP.
Allowed values: IPV4, IPV6, MACRO_GROUP
SDK attribute: addressOverrideType
Type of application selected, ALL (all applications in match criteria), NONE (no application in match criteria), APPLICATION (specific application in match criteria).
Allowed values: ALL, APPLICATION, NONE
Default value: NONE
SDK attribute: appType
Associated application UUID.
Format: free
Max length: 255
SDK attribute: associatedApplicationID
Associated forwarding path list UUID.
Format: free
Max length: 255
SDK attribute: associatedForwardingPathListID
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
Format: free
SDK attribute: associatedLiveEntityID
In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
Format: free
SDK attribute: associatedLiveTemplateID
This property reflects the type of traffic in case an ACL entry is created using an Service or Service Group. In case a protocol and port are specified for the ACL entry, this property has to be empty (null). Supported values are L4_SERVICE, L4_SERVICE_GROUP and empty.
Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType
If a traffic type is specified as Service or Service Group, then the associated Id of Service / Service Group should be specifed here
Format: free
SDK attribute: associatedTrafficTypeID
The ID of the Virtual Firewall Rule, if this was derived as part of the Virtual Firewall Rule creation
Format: free
SDK attribute: associatedVirtualFirewallRuleID
Description of the ACL entry
Format: free
SDK attribute: description
The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: destinationPort
The name of the domain/domain template for the aclTemplateNames parent
Format: free
SDK attribute: domainName
DSCP match condition to be set in the rule. It is either * or from 0-63
Format: free
SDK attribute: DSCP
Remarking value for the DSCP field in IP header of customer packet.DSCP value range from enumeration of 65 values: NONE, 0, 1, ..., 63
SDK attribute: DSCPRemarking
Metadata objects associated with this entity. This will contain a list of Metadata objects if the API request is made using the special flag to enable the embedded Metadata feature. Only a maximum of Metadata objects is returned based on the value set in the system configuration.
SDK attribute: embeddedMetadata
The name of the enterprise for the domains parent
Format: free
SDK attribute: enterpriseName
Specify if scope of entity is Data center or Enterprise level
Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope
Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
Format: free
SDK attribute: etherType
External object ID. Used for integration with third party systems
Format: free
SDK attribute: externalID
Backup datapath option if VNF/VM is down
Allowed values: FAIL_TO_BLOCK, FAIL_TO_WIRE
Default value: FAIL_TO_BLOCK
SDK attribute: failsafeDatapath
Value of the Service Class to be overridden in the packet when the match conditions are satisfied Possible values are NONE, A, B, C, D, E, F, G, H, .
Allowed values: A, B, C, D, E, F, G, H, NONE
Format: free
SDK attribute: FCOverride
Is flow logging enabled for this particular template
SDK attribute: flowLoggingEnabled
The ICMP Code when protocol selected is ICMP.
Format: free
SDK attribute: ICMPCode
The ICMP Type when protocol selected is ICMP.
Format: free
SDK attribute: ICMPType
Overrides the source IPv6 for Ingress and destination IPv6 for Egress, MAC entries will use this address as the match criteria.
Format: free
SDK attribute: IPv6AddressOverride
This flag denotes whether the Uplink Preference configured by the user will work with AAR or will over-ride AAR.
Default value: false
SDK attribute: isSLAAware
ID of the user who last updated the object.
Format: free
SDK attribute: lastUpdatedBy
Indicates whether the Location Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: SUBNETTEMPLATE, ZONETEMPLATE, POLICYGROUPTEMPLATE, PGEXPRESSIONTEMPLATE, REDIRECTIONTARGETTEMPLATE, SUBNET, ZONE, POLICYGROUP, PGEXPRESSION, REDIRECTIONTARGET.
Allowed values: PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE
SDK attribute: locationEntityType
The ID of the location entity (Subnet/Zone/VportTag/PolicyGroupExpression)
Format: free
SDK attribute: locationID
Type of the location entity.
Allowed values: ANY, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
SDK attribute: locationType
ID of the associated Mirror Destination Group.
Format: free
Max length: 255
SDK attribute: mirrorDestinationGroupID
Destination ID of the mirror destination object.
Format: free
SDK attribute: mirrorDestinationID
Indicates whether the Network Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: SUBNETTEMPLATE, ZONETEMPLATE, POLICYGROUPTEMPLATE, PGEXPRESSIONTEMPLATE, SUBNET, ZONE, POLICYGROUP, PGEXPRESSION.
Allowed values: PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE
SDK attribute: networkEntityType
The destination network entity that is referenced(subnet/zone/macro/PolicyGroupExpression)
Format: free
SDK attribute: networkID
Type of the source network.
Allowed values: ANY, ENDPOINT_DOMAIN, ENDPOINT_SUBNET, ENDPOINT_ZONE, ENTERPRISE_NETWORK, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, PUBLIC_NETWORK, SAAS_APPLICATION_GROUP, SUBNET, UNDERLAY_INTERNET_POLICYGROUP, ZONE
SDK attribute: networkType
State of the policy. Possible values are DRAFT, LIVE, .
Allowed values: DRAFT, LIVE
Format: free
SDK attribute: policyState
The priority of the ACL entry that determines the order of entries
Format: free
SDK attribute: priority
Protocol number that must be matched
Format: free
SDK attribute: protocol
Indicates whether the Redirection Target of ACL Entry was derived from a L3 Domain template or instance. Possible Values: REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE.
Allowed values: REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE
SDK attribute: redirectionTargetEntityType
The type of redirection rewrite. Currently only VLAN is supported
Allowed values: VLAN
SDK attribute: redirectRewriteType
The redirect rewrite value. Currently only vlan id is supported
Format: free
SDK attribute: redirectRewriteValue
VPort tag to which traffic will be redirected to, when ACL entry match criteria succeeds
Format: free
SDK attribute: redirectVPortTagID
Indicates the preferencial path selection for network traffic for this ACL.
Allowed values: DEFAULT, PRIMARY, PRIMARY_SECONDARY, SECONDARY, SECONDARY_PRIMARY
Default value: DEFAULT
SDK attribute: remoteUplinkPreference
Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: sourcePort
The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
Format: free
SDK attribute: statsID
Indicates if stats logging is enabled for this particular template
SDK attribute: statsLoggingEnabled
Indicates the preferencial path selection for network traffic for this ACL - default is DEFAULT when the attribute is applicable.
Allowed values: DEFAULT, PRIMARY, PRIMARY_SECONDARY, SECONDARY, SECONDARY_PRIMARY, SYMMETRIC
SDK attribute: uplinkPreference
The range can be a single number or a range. Eg : 1,10,15-17
Format: free
SDK attribute: vlanRange
ID of web filter category or web domain name entity used
Format: free
Max length: 255
SDK attribute: webFilterID
Indicates if web filter statistics logging is enabled for this particular template
Default value: false
SDK attribute: webFilterStatsLoggingEnabled
Indicates type of web filter being set
Allowed values: WEB_CATEGORY, WEB_DOMAIN_NAME
SDK attribute: webFilterType