Class CIM_PacketFilterCondition


  extends CIM_PolicyCondition
PacketFilterCondition specifies packet selection criteria (via association to FilterLists) for firewall policies, IPsec policies and similar uses. It is used as an anchor point to associate various types of filters with policy rules via the FilterOfPacketCondition association. By definition, policy rules that aggregate PacketFilterCondition are assumed to operate against every packet received and/or transmitted from an ingress and/or egress point. (Whether policy condition evaluation occurs at ingress or egress is specified by the Direction property in the associated FilterList.) PacketFilterCondition MAY also be used to define the specific CredentialManagementService that validates the credentials carried in a packet. This is accomplished using the association, AcceptCredentialFrom. Associated objects (such as FilterListsor Credential ManagementServices) represent components of the condition that MAY or MAY NOT apply at a given rule evaluation. For example, an AcceptCredentialFrom evaluation is only performed when a credential is available to be evaluated and compared against the list of trusted credential management services. Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated when an ID payload is available for checking. Condition components that do not have applicability at rule evaluation time, MUST be evaluated to TRUE.
Details...
This class is not implemented.

Class Qualifiers

NameData TypeValueScopeFlavors
DescriptionstringPacketFilterCondition specifies packet selection criteria (via association to FilterLists) for firewall policies, IPsec policies and similar uses. It is used as an anchor point to associate various types of filters with policy rules via the FilterOfPacketCondition association. By definition, policy rules that aggregate PacketFilterCondition are assumed to operate against every packet received and/or transmitted from an ingress and/or egress point. (Whether policy condition evaluation occurs at ingress or egress is specified by the Direction property in the associated FilterList.) PacketFilterCondition MAY also be used to define the specific CredentialManagementService that validates the credentials carried in a packet. This is accomplished using the association, AcceptCredentialFrom. Associated objects (such as FilterListsor Credential ManagementServices) represent components of the condition that MAY or MAY NOT apply at a given rule evaluation. For example, an AcceptCredentialFrom evaluation is only performed when a credential is available to be evaluated and compared against the list of trusted credential management services. Similarly, a PeerIDPayloadFilterEntry MAY only be evaluated when an ID payload is available for checking. Condition components that do not have applicability at rule evaluation time, MUST be evaluated to TRUE.None TRANSLATABLE= true
MappingStringsstringIPSP Policy Model.IETF|SAConditionNone None
UMLPackagePathstringCIM::PolicyNone None
Versionstring2.8.0TOSUBCLASS= falseTRANSLATABLE= true

Local Class Properties

NameData TypeQualifiers
NameData TypeValueScopeFlavors
Captionstring
DescriptionstringThe Caption property is a short textual description (one- line string) of the object.None TRANSLATABLE= true
MaxLenuint3264None None
CommonNamestring
DescriptionstringA user-friendly name of this policy-related object.None TRANSLATABLE= true
CreationClassNamestring
DescriptionstringCreationClassName indicates the name of the class or the subclass used in the creation of an instance. When used with the other key properties of this class, this property allows all instances of this class and its subclasses to be uniquely identified.None TRANSLATABLE= true
KeybooleantrueNone OVERRIDABLE= false
MaxLenuint32256None None
Descriptionstring
DescriptionstringThe Description property provides a textual description of the object.None TRANSLATABLE= true
ElementNamestring
DescriptionstringA user-friendly name for the object. This property allows each instance to define a user-friendly name in addition to its key properties, identity data, and description information. Note that the Name property of ManagedSystemElement is also defined as a user-friendly name. But, it is often subclassed to be a Key. It is not reasonable that the same property can convey both identity and a user-friendly name, without inconsistencies. Where Name exists and is not a Key (such as for instances of LogicalDevice), the same information can be present in both the Name and ElementName properties. Note that if there is an associated instance of CIM_EnabledLogicalElementCapabilities, restrictions on this properties may exist as defined in ElementNameMask and MaxElementNameLen properties defined in that class.None TRANSLATABLE= true
InstanceIDstring
DescriptionstringInstanceID is an optional property that may be used to opaquely and uniquely identify an instance of this class within the scope of the instantiating Namespace. Various subclasses of this class may override this property to make it required, or a key. Such subclasses may also modify the preferred algorithms for ensuring uniqueness that are defined below. To ensure uniqueness within the NameSpace, the value of InstanceID should be constructed using the following "preferred" algorithm: <OrgID>:<LocalID> Where <OrgID> and <LocalID> are separated by a colon (:), and where <OrgID> must include a copyrighted, trademarked, or otherwise unique name that is owned by the business entity that is creating or defining the InstanceID or that is a registered ID assigned to the business entity by a recognized global authority. (This requirement is similar to the <Schema Name>_<Class Name> structure of Schema class names.) In addition, to ensure uniqueness, <OrgID> must not contain a colon (:). When using this algorithm, the first colon to appear in InstanceID must appear between <OrgID> and <LocalID>. <LocalID> is chosen by the business entity and should not be reused to identify different underlying (real-world) elements. If not null and the above "preferred" algorithm is not used, the defining entity must assure that the resulting InstanceID is not reused across any InstanceIDs produced by this or other providers for the NameSpace of this instance. If not set to null for DMTF-defined instances, the "preferred" algorithm must be used with the <OrgID> set to CIM.None TRANSLATABLE= true
PolicyConditionNamestring
DescriptionstringA user-friendly name of this PolicyCondition.None TRANSLATABLE= true
KeybooleantrueNone OVERRIDABLE= false
MaxLenuint32256None None
PolicyKeywordsstring
DescriptionstringAn array of keywords for characterizing / categorizing policy objects. Keywords are of one of two types: - Keywords defined in this and other MOFs, or in DMTF white papers. These keywords provide a vendor- independent, installation-independent way of characterizing policy objects. - Installation-dependent keywords for characterizing policy objects. Examples include 'Engineering', 'Billing', and 'Review in December 2000'. This MOF defines the following keywords: 'UNKNOWN', 'CONFIGURATION', 'USAGE', 'SECURITY', 'SERVICE', 'MOTIVATIONAL', 'INSTALLATION', and 'EVENT'. These concepts are self-explanatory and are further discussed in the SLA/Policy White Paper. One additional keyword is defined: 'POLICY'. The role of this keyword is to identify policy-related instances that may not be otherwise identifiable, in some implementations. The keyword 'POLICY' is NOT mutually exclusive of the other keywords specified above.None TRANSLATABLE= true
PolicyRuleCreationClassNamestring
DescriptionstringFor a rule-specific PolicyCondition, the CreationClassName of the PolicyRule object with which this Condition is associated. For a reusable Policy Condition, a special value, 'NO RULE', should be used to indicate that this Condition is reusable and not associated with a single PolicyRule.None TRANSLATABLE= true
KeybooleantrueNone OVERRIDABLE= false
MaxLenuint32256None None
PolicyRuleNamestring
DescriptionstringFor a rule-specific PolicyCondition, the name of the PolicyRule object with which this Condition is associated. For a reusable PolicyCondition, a special value, 'NO RULE', should be used to indicate that this Condition is reusable and not associated with a single PolicyRule.None TRANSLATABLE= true
KeybooleantrueNone OVERRIDABLE= false
MaxLenuint32256None None
SystemCreationClassNamestring
DescriptionstringThe name of the class or the subclass used in the creation of the System object in whose scope this PolicyCondition is defined. This property helps to identify the System object in whose scope this instance of PolicyCondition exists. For a rule-specific PolicyCondition, this is the System in whose context the PolicyRule is defined. For a reusable PolicyCondition, this is the instance of PolicyRepository (which is a subclass of System) that holds the Condition. Note that this property, and the analogous property SystemName, do not represent propagated keys from an instance of the class System. Instead, they are properties defined in the context of this class, which repeat the values from the instance of System to which this PolicyCondition is related, either directly via the PolicyConditionInPolicyRepository association or indirectly via the PolicyConditionInPolicyRule aggregation.None TRANSLATABLE= true
KeybooleantrueNone OVERRIDABLE= false
MaxLenuint32256None None
SystemNamestring
DescriptionstringThe name of the System object in whose scope this PolicyCondition is defined. This property completes the identification of the System object in whose scope this instance of PolicyCondition exists. For a rule-specific PolicyCondition, this is the System in whose context the PolicyRule is defined. For a reusable PolicyCondition, this is the instance of PolicyRepository (which is a subclass of System) that holds the Condition.None TRANSLATABLE= true
KeybooleantrueNone OVERRIDABLE= false
MaxLenuint32256None None

Copyright © 2008-2020 VMware, Inc. All rights reserved.