_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_owner |
Owner of this resource |
OwnerResourceLink |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
action |
Action
Action enforced on the packets which matches the distributed service rule. Currently DS Layer supports below actions. ALLOW - Forward any packet when a rule with this action gets a match (Used by Firewall). DROP - Drop any packet when a rule with this action gets a match. Packets won't go further(Used by Firewall). REJECT - Terminate TCP connection by sending TCP reset for a packet when a rule with this action gets a match (Used by Firewall). REDIRECT - Redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DO_NOT_REDIRECT - Do not redirect any packet to a partner appliance when a rule with this action gets a match (Used by Service Insertion). DETECT - Detect IDS Signatures. |
string |
Required Enum: ALLOW, DROP, REJECT, REDIRECT, DO_NOT_REDIRECT, DETECT |
applied_tos |
AppliedTo List
List of object where rule will be enforced. The section level field overrides this one. Null will be treated as any. |
array of ResourceReference |
Maximum items: 128 |
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
destinations |
Destination List
List of the destinations. Null will be treated as any. |
array of ResourceReference |
Maximum items: 128 |
destinations_excluded |
Negation of destination
Negation of the destination. |
boolean |
Default: "False" |
direction |
Rule direction
Rule direction in case of stateless distributed service rules. This will only considered if section level parameter is set to stateless. Default to IN_OUT if not specified. |
string |
Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
disabled |
Rule enable/disable flag
Flag to disable rule. Disabled will only be persisted but never provisioned/realized. |
boolean |
Default: "False" |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
id |
Identifier of the resource |
string |
Readonly |
ip_protocol |
IPv4 vs IPv6 packet type
Type of IP packet that should be matched while enforcing the rule. |
string |
Enum: IPV4, IPV6, IPV4_IPV6 Default: "IPV4_IPV6" |
is_default |
Default rule
Flag to indicate whether rule is default. |
boolean |
Readonly |
logged |
Enable logging flag
Flag to enable packet logging. Default is disabled. |
boolean |
Default: "False" |
notes |
Notes
User notes specific to the rule. |
string |
Maximum length: 2048 |
priority |
Rule priority
Priority of the rule. |
integer |
Readonly |
redirect_tos |
Redirect_Tos List
A rule can be redirected to ServiceInstance, InstanceEndpoint for North/South Traffic. A rule can be redirected to ServiceChain for East/West Traffic. For REDIRECT action, redirect_tos is mandatory. For DO_NOT_REDIRECT action, redirect_tos is optional. |
array of ResourceReference |
Maximum items: 1 |
resource_type |
Must be set to the value ServiceInsertionRule |
string |
|
rule_tag |
Tag
User level field which will be printed in CLI and packet logs. |
string |
Maximum length: 32 |
section_id |
Section Id
ID of the section to which this rule belongs. |
string |
Readonly |
services |
Service List
List of the services. Null will be treated as any. |
array of ServiceInsertionService |
Maximum items: 128 |
sources |
Source List
List of sources. Null will be treated as any. |
array of ResourceReference |
Maximum items: 128 |
sources_excluded |
Negation of source
Negation of the source. |
boolean |
Default: "False" |