InlineNsxBaseRule1
{
"destination_groups": [
"string"
],
"destinations_excluded": false,
"direction": "string",
"disabled": false,
"ip_protocol": "string",
"is_default": false,
"logged": false,
"notes": "string",
"profiles": [
"string"
],
"rule_id": 0,
"scope": [
"string"
],
"sequence_number": 0,
"service_entries": [
"string"
],
"services": [
"string"
],
"source_groups": [
"string"
],
"sources_excluded": false,
"tag": "string"
}We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.
If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups
Define direction of traffic.
Flag to deactivate the rule. Default is activated.
Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.
A flag to indicate whether rule is a default rule.
Flag to enable packet logging. Default is deactivated.
User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.
Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.
This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.
The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.
This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number
In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.
In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.
We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.
If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups
User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.