Security Policy Entries defines what action to take for a particular type of traffic, based on its origin and its destination, its protocol, EtherType, eventual ports, DSCP value and other information.
This object has no members.
The name of the parent Template for this acl entry
Format: free
SDK attribute: ACLTemplateName
The action of the ACL entry DROP or FORWARD or REDIRECT. Action REDIRECT is allowed only for IngressAdvancedForwardingEntry Possible values are DROP, FORWARD, REDIRECT, .
Allowed values: DROP, FORWARD, TRANSPARENT
SDK attribute: action
Overrides source IP for Ingress.
Format: free
SDK attribute: addressOverride
The UUID of the associated L7 Application signature
Format: free
SDK attribute: associatedL7ApplicationSignatureID
In the draft mode, the ACL entry refers to this LiveEntity. In non-drafted mode, this is null.
Format: free
SDK attribute: associatedLiveEntityID
In the draft mode, the ACL entity refers to this live entity parent. In non-drafted mode, this is null
Format: free
SDK attribute: associatedLiveTemplateID
This property reflects the type of traffic in case an ACL entry is created using an Service or Service Group. In case a protocol and port are specified for the ACL entry, this property has to be empty (null). Supported values are L4_SERVICE, L4_SERVICE_GROUP and empty.
Allowed values: L4_SERVICE, L4_SERVICE_GROUP
SDK attribute: associatedTrafficType
If a traffic type is specified as Service or Service Group, then the associated Id of Service / Service Group should be specifed here
Format: free
SDK attribute: associatedTrafficTypeID
The ID of the Virtual Firewall Rule, if this was derived as part of the Virtual Firewall Rule creation
Format: free
SDK attribute: associatedVirtualFirewallRuleID
Time stamp when this object was created.
SDK attribute: creationDate
Description of the ACL entry
Format: free
SDK attribute: description
The destination port to be matched if protocol is UDP or TCP. Value should be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: destinationPort
The name of the domain/domain template for the aclTemplateNames parent
Format: free
SDK attribute: domainName
DSCP match condition to be set in the rule. It is either * or from 0-63
Format: free
SDK attribute: DSCP
Metadata objects associated with this entity. This will contain a list of Metadata objects if the API request is made using the special flag to enable the embedded Metadata feature. Only a maximum of Metadata objects is returned based on the value set in the system configuration.
SDK attribute: embeddedMetadata
The name of the enterprise for the domains parent
Format: free
SDK attribute: enterpriseName
Specify if scope of entity is Data center or Enterprise level
Allowed values: ENTERPRISE, GLOBAL
SDK attribute: entityScope
Ether type of the packet to be matched. etherType can be * or a valid hexadecimal value
Format: free
SDK attribute: etherType
External object ID. Used for integration with third party systems
Format: free
SDK attribute: externalID
Is flow logging enabled for this particular template
SDK attribute: flowLoggingEnabled
The ICMP Code when protocol selected is ICMP.
Format: free
SDK attribute: ICMPCode
The ICMP Type when protocol selected is ICMP.
Format: free
SDK attribute: ICMPType
Overrides source IPv6 for Ingress.
Format: free
SDK attribute: IPv6AddressOverride
ID of the user who last updated the object.
Format: free
SDK attribute: lastUpdatedBy
Time stamp when this object was last updated.
SDK attribute: lastUpdatedDate
Indicates whether the Location Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE.
Allowed values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, REDIRECTIONTARGET, REDIRECTIONTARGETTEMPLATE, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE
SDK attribute: locationEntityType
The ID of the source endpoint (Subnet/Zone/VportTag/PortGroup/PolicyGroupExpression)
Format: free
SDK attribute: locationID
Type of the source endpoint (Subnet/Zone/VportTag/PortGroup/PolicyGroupExpression)
Allowed values: ANY, PGEXPRESSION, POLICYGROUP, SUBNET, ZONE
SDK attribute: locationType
ID of the associated Mirror Destination Group.
Format: free
Max length: 255
SDK attribute: mirrorDestinationGroupID
Destination ID of the mirror destination object.
Format: free
SDK attribute: mirrorDestinationID
Indicates whether the Network Entity of ACL Entry was derived from a L2/L3 Domain template or instance. Possible Values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, SAASAPPLICATIONGROUP, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE.
Allowed values: ENTERPRISENETWORK, NETWORKMACROGROUP, PGEXPRESSION, PGEXPRESSIONTEMPLATE, POLICYGROUP, POLICYGROUPTEMPLATE, PUBLICNETWORK, SAASAPPLICATIONGROUP, SUBNET, SUBNETTEMPLATE, ZONE, ZONETEMPLATE
SDK attribute: networkEntityType
The ID of the destination endpoint (Subnet/Zone/Macro/MacroGroup/PolicyGroup/PolicyGroupExpression)
Format: free
SDK attribute: networkID
Type of the destination endpoint (Subnet/Zone/Macro/MacroGroup/PolicyGroup/PolicyGroupExpression)
Allowed values: ANY, ENDPOINT_DOMAIN, ENDPOINT_SUBNET, ENDPOINT_ZONE, ENTERPRISE_NETWORK, NETWORK_MACRO_GROUP, PGEXPRESSION, POLICYGROUP, PUBLIC_NETWORK, SAAS_APPLICATION_GROUP, SUBNET, UNDERLAY_INTERNET_POLICYGROUP, ZONE
SDK attribute: networkType
ID of the overlay mirror destination
Format: free
SDK attribute: overlayMirrorDestinationID
Identifies the user that has created this object.
Format: free
SDK attribute: owner
State of the policy.
Allowed values: DRAFT, LIVE
SDK attribute: policyState
The priority of the ACL entry that determines the order of entries
Format: free
SDK attribute: priority
Protocol number that must be matched
Format: free
SDK attribute: protocol
Web Domain Reputation Score. Valid values are LOW_RISK, MEDIUM_RISK and HIGH_RISK. Applicable when webFilterType is WEB_DOMAIN_REPUTATION.
Allowed values: HIGH_RISK, LOW_RISK, MEDIUM_RISK
SDK attribute: reputationScore
Source port to be matched if protocol is UDP or TCP. Value can be either * or single port number or a port range
Format: free
Max length: 255
SDK attribute: sourcePort
True means that this ACL entry is stateful, so there will be a corresponding rule that will be created by OVS in the network. False means that there is no corresponding rule created by OVS in the network.
SDK attribute: stateful
The statsID that is created in the VSD and identifies this ACL Template Entry. This is auto-generated by VSD
Format: free
SDK attribute: statsID
Indicates if stats logging is enabled for this particular template
SDK attribute: statsLoggingEnabled
ID of web filter category or web domain name entity used
Format: free
Max length: 255
SDK attribute: webFilterID
Indicates if web filter statistics logging is enabled for this particular template
Default value: false
SDK attribute: webFilterStatsLoggingEnabled
Indicates type of web filter being set
Allowed values: WEB_CATEGORY, WEB_DOMAIN_NAME, WEB_DOMAIN_REPUTATION
SDK attribute: webFilterType