Name | Description | Type | Notes |
---|---|---|---|
_links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
_owner | Owner of this resource | OwnerResourceLink | Readonly |
_revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
_schema | Schema for this resource | string | Readonly |
_self | Link to this resource | SelfResourceLink | Readonly |
action | Action Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. |
string | Required Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT |
applied_tos | AppliedTo List List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any. |
array of ResourceReference | Maximum items: 128 |
context_profiles | Context Profiles NS Profile object which accepts attributes and sub-attributes of various network services (ex. L7 AppId, domain name, encryption algorithm) as key value pairs. |
array of ResourceReference | Maximum items: 128 |
description | Description of this resource | string | Maximum length: 1024 Sortable |
destinations | Destination List List of the destinations. Null will be treated as any. |
array of ResourceReference | Maximum items: 128 |
destinations_excluded | Negation of destination Negation of the destination. |
boolean | Default: "False" |
direction | Rule direction Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
disabled | Rule enable/disable flag Flag to disable rule. Disabled will only be persisted but never provisioned/realized. |
boolean | Default: "False" |
display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
extended_sources | Extended Sources List of NSGroups that have end point attributes like AD Groups(SID), process name, process hash etc. For Flash release, only NSGroups containing AD Groups are supported. |
array of ResourceReference | Maximum items: 128 |
id | Identifier of the resource | string | Readonly |
ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. |
string | Enum: IPV4, IPV6, IPV4_IPV6 Default: "IPV4_IPV6" |
is_default | Default rule Flag to indicate whether rule is default. |
boolean | Readonly |
logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
notes | Notes User notes specific to the rule. |
string | Maximum length: 2048 |
priority | Rule priority Priority of the rule. |
integer | Readonly |
resource_type | Must be set to the value FirewallRule | string | |
rule_tag | Tag User level field which will be printed in CLI and packet logs. |
string | Maximum length: 32 |
section_id | Section Id Section Id of the section to which this rule belongs to. |
string | Readonly |
services | Service List List of the services. Null will be treated as any. |
array of FirewallService | Maximum items: 128 |
sources | Source List List of sources. Null will be treated as any. |
array of ResourceReference | Maximum items: 128 |
sources_excluded | Negation of source Negation of the source. |
boolean | Default: "False" |