_create_time |
Timestamp of resource creation |
EpochMsTimestamp |
Readonly Sortable |
_create_user |
ID of the user who created this resource |
string |
Readonly |
_last_modified_time |
Timestamp of last modification |
EpochMsTimestamp |
Readonly Sortable |
_last_modified_user |
ID of the user who last modified this resource |
string |
Readonly |
_links |
References related to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink |
Readonly |
_protection |
Indicates protection status of this resource
Protection status is one of the following:
PROTECTED - the client who retrieved the entity is not allowed
to modify it.
NOT_PROTECTED - the client who retrieved the entity is allowed
to modify it
REQUIRE_OVERRIDE - the client who retrieved the entity is a super
user and can modify it, but only when providing
the request header X-Allow-Overwrite=true.
UNKNOWN - the _protection field could not be determined for this
entity.
|
string |
Readonly |
_revision |
Generation of this resource config
The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int |
|
_schema |
Schema for this resource |
string |
Readonly |
_self |
Link to this resource |
SelfResourceLink |
Readonly |
_system_owned |
Indicates system owned resource |
boolean |
Readonly |
children |
subtree for this type within policy tree
subtree for this type within policy tree containing nested elements.
|
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildBgpNeighborConfig ChildBgpRoutingConfig ChildByodPolicyServiceInstance ChildCommunicationEntry ChildCommunicationMap ChildCommunityList ChildComputeClusterIdfwConfiguration ChildConstraint ChildDeploymentZone ChildDfwFirewallConfiguration ChildDhcpRelayConfig ChildDhcpServerConfig ChildDomain ChildDomainDeploymentMap ChildEndpointPolicy ChildEndpointRule ChildEnforcementPoint ChildFloodProtectionProfile ChildFloodProtectionProfileBindingMap ChildForwardingPolicy ChildForwardingRule ChildGatewayPolicy ChildGroup ChildGroupMonitoringProfileBindingMap ChildIPDiscoveryProfile ChildIPFIXDFWCollectorProfile ChildIPFIXDFWProfile ChildIPFIXL2CollectorProfile ChildIPFIXL2Profile ChildIPSecVpnDpdProfile ChildIPSecVpnIkeProfile ChildIPSecVpnLocalEndpoint ChildIPSecVpnService ChildIPSecVpnSession ChildIPSecVpnTunnelProfile ChildIpAddressAllocation ChildIpAddressBlock ChildIpAddressPool ChildIpAddressPoolSubnet ChildL2VPNService ChildL2VPNSession ChildL2Vpn ChildL2VpnContext ChildL3Vpn ChildL3VpnContext ChildLBAppProfile ChildLBClientSslProfile ChildLBMonitorProfile ChildLBPersistenceProfile ChildLBPool ChildLBServerSslProfile ChildLBService ChildLBVirtualServer ChildLocaleServices ChildMacDiscoveryProfile ChildPolicyContextProfile ChildPolicyDnsForwarder ChildPolicyDnsForwarderZone ChildPolicyEdgeCluster ChildPolicyEdgeNode ChildPolicyExcludeList ChildPolicyFirewallSessionTimerProfile ChildPolicyLabel ChildPolicyLbMonitorProfile ChildPolicyLbPersistenceProfile ChildPolicyLbPoolAccess ChildPolicyLbRule ChildPolicyLbVirtualServer ChildPolicyNat ChildPolicyNatRule ChildPolicyServiceChain ChildPolicyServiceInstance ChildPolicyServiceProfile ChildPolicyTransportZone ChildPortDiscoveryProfileBindingMap ChildPortMirroringProfile ChildPortMonitoringProfileBindingMap ChildPortQoSProfileBindingMap ChildPortSecurityProfileBindingMap ChildPrefixList ChildQoSProfile ChildRedirectionPolicy ChildRedirectionRule ChildRule ChildSecurityPolicy ChildSegment ChildSegmentDiscoveryProfileBindingMap ChildSegmentMonitoringProfileBindingMap ChildSegmentPort ChildSegmentQoSProfileBindingMap ChildSegmentSecurityProfile ChildSegmentSecurityProfileBindingMap ChildService ChildServiceEntry ChildServiceInstanceEndpoint ChildServiceInterface ChildServiceReference ChildServiceSegment ChildSessionTimerProfileBindingMap ChildSite ChildSpoofGuardProfile ChildSslTrustObjectData ChildStandaloneHostIdfwConfiguration ChildStaticARPConfig ChildStaticRoutes ChildTier0 ChildTier0DeploymentMap ChildTier0Interface ChildTier0RouteMap ChildTier1 ChildTier1DeploymentMap ChildTier1Interface ChildTlsCertificate ChildTlsCrl ChildTlsTrustData ChildVirtualEndpoint |
|
description |
Description of this resource |
string |
Maximum length: 1024 Sortable |
display_name |
Identifier to use when displaying entity in logs or GUI
Defaults to ID if not set |
string |
Maximum length: 255 Sortable |
expression |
Expression
The expression list must follow below criteria:
1. A non-empty expression list, must be of odd size. In a list, with
indices starting from 0, all non-conjunction expressions must be at
even indices, separated by a conjunction expression at odd
indices.
2. The total of ConditionExpression and NestedExpression in a list
should not exceed 5.
3. The total of IPAddressExpression, MACAddressExpression, external
IDs in an ExternalIDExpression and paths in a PathExpression must not exceed
500.
4. Each expression must be a valid Expression. See the definition of
the Expression type for more information.
|
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
|
extended_expression |
Extended Expression
Extended Expression allows additional higher level context to be
specified for grouping criteria. (e.g. user AD group)
This field allow users to specified user context as the source of a
firewall rule for IDFW feature.
Current version only support a single IdentityGroupExpression. In the
future, this might expand to support other conjunction and non-conjunction
expression.
The extended expression list must follow below criteria:
1. Contains a single IdentityGroupExpression. No conjunction expression is
supported.
2. No other non-conjunction expression is supported, except for
IdentityGroupExpression.
3. Each expression must be a valid Expression. See the definition of
the Expression type for more information.
4. Extended expression are implicitly AND with expression.
5. No nesting can be supported if this value is used.
6. If a Group is using extended expression, this group must be the only
member in the source field of an communication map.
|
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
Maximum items: 1 |
id |
Unique identifier of this resource |
string |
Sortable |
marked_for_delete |
Indicates whether the intent object is marked for deletion
Intent objects are not directly deleted from the system when a delete
is invoked on them. They are marked for deletion and only when all the
realized entities for that intent object gets deleted, the intent object
is deleted. Objects that are marked for deletion are not returned in
GET call. One can use the search API to get these objects.
|
boolean |
Readonly Default: "False" |
parent_path |
Path of its parent
Path of its parent |
string |
Readonly |
path |
Absolute path of this object
Absolute path of this object |
string |
Readonly |
relative_path |
Relative path of this object
Path relative from its parent |
string |
Readonly |
resource_type |
Must be set to the value Group |
string |
|
state |
Realization state of this group |
string |
Enum: IN_PROGRESS, SUCCESS, FAILURE |
tags |
Opaque identifiers meaningful to the API user |
array of Tag |
Maximum items: 30 |