NSX-T Data Center Global Manager REST API

# *************************************************************************** # Copyright 2020-2024 VMware, Inc. All rights reserved. VMware Confidential. # ***************************************************************************

ALBEnforcementPointState (schema)

Enforcement point state for ALB

Valid ENUM values for ALBEnforcementPointState

Name	Description	Type	Notes
ALBEnforcementPointState	Enforcement point state for ALB Valid ENUM values for ALBEnforcementPointState	string	Enum: ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API

ALGTypeServiceEntry (schema)

An ServiceEntry that represents an ALG protocol

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alg	The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead.	string	Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	The destination_port cannot be empty and must be a single value.	array of PortElement	Required Minimum items: 1 Maximum items: 1
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ALGTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports		array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

AbstractSpace (schema)

The space in which policy is being defined

Represents the space in which the policy is being defined.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value AbstractSpace	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
connectivity_strategy	Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added.	string	Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE

AcceptableComponentVersion (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
acceptable_versions	List of component versions	array of string	Required
component_type	Node type	string	Required Enum: HOST, EDGE, CCP, MP
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value AcceptableComponentVersion	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

AcceptableComponentVersionList (schema)

Name	Description	Type	Notes
results	Acceptable version whitelist for different components	array of AcceptableComponentVersion	Required

Action (schema)

Reaction Action

Reaction Action is the action to take when the stipulated criteria specified
in the event exist over the source. Some example actions include:
- Notify Admin (or VMC's SRE) via email.
- Populate a specific label with the IPSec VPN Session.
- Remove the IPSec VPN Session from a specific label.
This is an abstract type. Concrete child types:
PatchResources
SetFields

Name	Description	Type	Notes
resource_type	Resource Type Reaction Action resource type.	string	Required Enum: PatchResources, SetFields

ActionRequest (schema)

Action request object

Name	Description	Type	Notes
action	Action to be performed Action required to be performed on intent	string

ActionableResource (schema)

Resources managed during restore process

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_address	A resource reference on which actions can be performed	string	Format: hostname-or-ip
ipv6_address	ipv6 address IPv6 address of the current node	string	Format: hostname-or-ip
resource_type	Must be set to the value ActionableResource	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ActionableResourceListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
instruction_id	Id of the instruction set whose instructions are to be returned	string	Required
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ActionableResourceListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of ActionableResource	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ActiveDirectoryIdentitySource (schema)

An Active Directory identity source service

An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alternative_domain_names	Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.	array of string
base_dn	DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use.	string	Required
group_cache_ttl	Group cache time-to-live, in seconds NSX keeps a cache of Active Directory group membership for groups that have a configured NSX role, in order to speed up authentication. The cache will be refreshed after the time-to-live has expired. Until the cache is refreshed, any new groups added to Active Directory will not be visible to NSX. By default, the cached is refreshed once per minute.	int	Default: "60"
id	Unique identifier of this resource	string	Sortable
ldap_servers	LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.	array of IdentitySourceLdapServer	Maximum items: 3
resolve_nested_groups	Resolve nested groups If true, NSX will recursively find all groups that the user belongs to, even if the groups are nested. This can perform slowly for users who are in many deeply nested groups. You can disable this option to improve performance, but only the groups that directly contain the user will be considered for access control decisions.	boolean	Default: "True"
resource_type	Must be set to the value ActiveDirectoryIdentitySource	string	Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ActiveStandbySyncStatus (schema)

Name	Description	Type	Notes
description	Description of the status.	string	Required
full_sync_status	Status of full sync.	FullSyncStatus	Required
is_data_consistent	Indicates whether the data is consistent. Always returned as true when queried on an active Global Manager node.	boolean	Required
percentage_completed	Percentage estimate of synchronization progress. Ranges from 0 to 100. This value is only returned when queried on an active Global Manager node.	integer
remaining_entries_to_send	Number of entries pending synchronization. This value is only returned when queried on an active Global Manager node.	integer
standby_site	Name of standby site.	string	Required
status	Status of synchronization between active and standby Global Manager nodes.	string	Required Enum: UNAVAILABLE, ERROR, ONGOING, NOT_STARTED
sync_type	Type of synchronization currently in effect between active and standby Global Manager nodes.	string	Required Enum: UNAVAILABLE, DELTA_SYNC, FULL_SYNC

AddClusterNodeVMInfo (schema)

Info for AddClusterNodeVM

Contains a list of cluster node VM deployment requests and optionally
a clustering configuration.

Name	Description	Type	Notes
deployment_requests	List of deployment requests Cluster node VM deployment requests to be deployed by the Manager.	array of ClusterNodeVMDeploymentRequest	Required Minimum items: 1
clustering_config	Configuration for auto-clustering of VMs post-deployment This property is deprecated since ClusteringConfig is no longer needed for auto-installation and will be ignored if provided.	ClusteringConfig	Deprecated

AddressBindingEntry (schema) (Deprecated)

Combination of IP-MAC-VLAN binding

An address binding entry is a combination of the IP-MAC-VLAN binding for
a logical port. The address bindings can be obtained via various methods
like ARP snooping, DHCP snooping etc. or by user configuration.

Name	Description	Type	Notes
binding	Combination of IP-MAC-VLAN binding	PacketAddressClassifier
binding_timestamp	Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user	EpochMsTimestamp
source	Address binding source Source from which the address binding entry was obtained	AddressBindingSource	Default: "UNKNOWN"

AddressBindingSource (schema) (Deprecated)

Source from which the address binding is obtained

Name	Description	Type	Notes
AddressBindingSource	Source from which the address binding is obtained	string	Deprecated Enum: INVALID, UNKNOWN, USER_DEFINED, ARP_SNOOPING, DHCP_SNOOPING, VM_TOOLS, ND_SNOOPING, DHCPV6_SNOOPING, VM_TOOLS_V6

AdvanceClusterRestoreInput (schema)

Name	Description	Type	Notes
id	Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided	string	Required Readonly
resources	List of resources for which the instruction is applicable.	array of SelectableResourceReference	Required

AdvanceClusterRestoreRequest (schema)

Name	Description	Type	Notes
data	List of instructions and their associated data	array of AdvanceClusterRestoreInput	Required

AdvertisedNetworkCsvRecord (schema)

Name	Description	Type	Notes
network	Advertised Network Advertised network address.	string	Required Readonly
rule_filter_type	Advertised rule filter type Advertised rule filter type	string	Readonly
status	Advertisement status of network advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config	string	Readonly

AdvertisedNetworksListRequestParameters (schema)

Advertised networks list parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	Enforcement point path String Path of the enforcement point.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

AggregateDNSForwarderStatistics (schema)

Aggregate of DNS forwarder statistics

Aggregate of DNS forwarder statistics across enforcement points.

Name	Description	Type	Notes
intent_path	String path of the DNS forwarder intent String path of the DNS forwarder intent.	string	Required
statistics_per_enforcement_point	List of DNS forwarder statistics per enforcement point List of DNS forwarder statistics per enforcement point.	array of DNSForwarderStatisticsPerEnforcementPoint (Abstract type: pass one of the following concrete types) NsxTDNSForwarderStatistics	Readonly

AggregateDNSForwarderStatus (schema)

Aggregate of DNS forwarder status

Aggregate of DNS forwarder status across enforcement points.

Name	Description	Type	Notes
intent_path	String path of the DNS forwarder intent String path of the DNS forwarder intent.	string	Required
status_per_enforcement_point	List of DNS forwarder status per enforcement point List of DNS forwarder status per enforcement point.	array of DNSForwarderStatusPerEnforcementPoint (Abstract type: pass one of the following concrete types) NsxTDNSForwarderStatus	Readonly

AggregatePolicyDnsAnswer (schema)

Aggregate of DNS forwarder nslookup answer

Aggregate of DNS forwarder nslookup answer across enforcement points.

Name	Description	Type	Notes
dns_answer_per_enforcement_point	List of DNS forwarder nslookup answer per enforcement point List of DNS forwarder nslookup answer per enforcement point.	array of PolicyDnsAnswerPerEnforcementPoint	Readonly
intent_path	String path of the DNS forwarder intent String path of the DNS forwarder intent.	string	Required

AggregatePolicyRuntimeInfo (schema)

Aggregate of PolicyRuntimeInfoPerEP

Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points.

Name	Description	Type	Notes
intent_path	String Path of the intent object Intent path of object, forward slashes must be escaped using %2F.	string	Required Readonly

AggregatedDataCounter (schema)

Name	Type	Notes
rx_bytes	DataCounter	Readonly
rx_packets	DataCounter	Readonly
tx_bytes	DataCounter	Readonly
tx_packets	DataCounter	Readonly

AggregatedDataCounterEx (schema)

Name	Type	Notes
distributed_dhcp_server_packets	DistributedDhcpServerPackets	Readonly
dropped_by_firewall_packets	DfwDropCounters	Readonly
dropped_by_security_packets	PacketsDroppedBySecurity	Readonly
mac_learning	MacLearningCounters	Readonly
rx_bytes	DataCounter	Readonly
rx_packets	DataCounter	Readonly
tx_bytes	DataCounter	Readonly
tx_packets	DataCounter	Readonly

AggregatedLogicalRouterPortCounters (schema)

Aggregate of logical router port statistics

Provides the following aggregated information of the logical router ports:

- Incoming packet counters on the logical router ports. It includes the total number of packets
received, dropped, and the number of errors and failures causing the drops. The counters are from the
time the logical router port was created. The interface statistics from a given transport node will be
reset on edge reboot or edge dataplane restart of that node.
- Outgoing packet counters on the logical router ports. It includes the total number of packets
sent, dropped, and the number of errors and failures causing the drops. The counters are from the time
logical router port was created. The logical router port statistics from a given transport node will be
reset on edge reboot or edge dataplane restart of that node.
- Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP
is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet,
could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP
resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface,
TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol
or L4 port.
- Some of the IPSec packet drop reasons include the missing security association or VTI interface. It
also includes packets dropped due to policy lookup error or block policy.
- Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
rx	Packets in statistics Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly
tx	Packets out statistics Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly

AllIdsEventsRequestQueryParameters (schema)

Query parameters passed to the ids-events API

Represents the query parameters, such as the tenancy context,
that the ids-events API accepts.

Name	Description	Type	Notes
context		TenancyContextQueryParameter
enforcement_point_path		EnforcementPointPathQueryParameter

AllocationBasedOnFailureDomain (schema)

Placement based on failure domain of edge node

Auto place TIER1 logical routers, DHCP and MDProxy contexts on two edge
nodes (active and standby) from different failure domains.

Name	Description	Type	Notes
action_type	Must be set to the value AllocationBasedOnFailureDomain	AllocationRuleActionType	Required
enabled	Flag to enable failure domain based allocation Enable placement algorithm to consider failure domain of edge transport nodes and place active and standby contexts in different failure domains.	boolean	Default: "False"

AllocationPool (schema)

Name	Description	Type	Notes
active_service_count	Number of active services on edge node Represents the number of acitve services running on the edge node.	int	Readonly
standby_service_count	Number of standby services on edge node Represents the number of standby services running on the edge node.	int	Readonly
sub_pools	Edge node sub-pool allocation details Allocation details of sub-pools configured on edge node.	array of SubPool

AllocationRule (schema)

Allocation rule on edge cluster

Allocation rule on edge cluster which will be considered in auto placement
of TIER1 logical routers, DHCP and MDProxy.

Name	Description	Type	Notes
action	Action for allocation rule Set action for each allocation rule	AllocationRuleAction (Abstract type: pass one of the following concrete types) AllocationBasedOnFailureDomain	Required

AllocationRuleAction (schema)

Set action for allocation rule

Define action for each allocation rule which added on edge cluster.
This is an abstract type. Concrete child types:
AllocationBasedOnFailureDomain

Name	Description	Type	Notes
action_type	Type of action for allocation rule Set action for each allocation rule on edge cluster which will help in auto placement.	AllocationRuleActionType	Required

AllocationRuleActionType (schema)

Type of action for allocation rule

Set action for each allocation rule on edge cluster which will help in auto
placement.

Name	Description	Type	Notes
AllocationRuleActionType	Type of action for allocation rule Set action for each allocation rule on edge cluster which will help in auto placement.	string	Enum: AllocationBasedOnFailureDomain

AntreaContainerClusterNode (schema)

Antrea container cluster and its nodes requiring a support bundle

Name	Description	Type	Notes
cluster_id	The UUID of the container cluster	string	Required
nodes	List of at most 200 container node UUIDs requiring a support bundle	array of string	Minimum items: 1

AntreaSupportBundleContainerNode (schema)

Name	Description	Type	Notes
clusters	List of AntreaContainerClusterNodes identifying container clusters and their nodes	array of AntreaContainerClusterNode	Minimum items: 1
container_type	Must be set to the value AntreaSupportBundleContainerNode	string	Required Enum: ANTREA

AntreaTraceflowConfig (schema)

Antrea traceflow configuration

The configuration for Antrea traceflow.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
container_cluster_id	Container cluster ID Container cluster ID in inventory. This property is used to identify multiple clusters under single NSX-T.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_external_id	Destination external id Destination external id for Antrea traceflow. Must be ContainerApplicationInstance or ContainerApplication. Ignored if destination_ip provided in packet data.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if intent is transient This field indicates if intent is transient and will be cleaned up by the system if set to true.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
packet	Packet configuration Configuration of packet data.	AntreaTraceflowPacketData
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value AntreaTraceflowConfig	string
source_external_id	Source external id Source external id for Antrea traceflow. Must be ContainerApplicationInstance external_id.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

AntreaTraceflowIcmpEchoRequestHeader (schema)

IcmpEchoHeader for Antrea traceflow

IcmpEchoRequest header stuffs for Antrea traceflow.

Name	Description	Type	Notes
id	IcmpEchoRequest id Id of IcmpEchoRequest.	integer
sequence	Icmp sequence Sequence number of IcmpEchoRequest.	integer

AntreaTraceflowIpHeader (schema)

IpHeader for Antrea traceflow

Ip header stuffs for Antrea traceflow.

Name	Description	Type
dstIp	Destination ip Destination ip address in IpHeader.	string
flags	Flags Protocol setting in IpHeader.	integer
protocol	Protocol Protocol setting in IpHeader.	integer
srcIp	Source ip Source ip address in IpHeader.	string
ttl	Time to live TTL value in IpHeader. Default is 64.	integer

AntreaTraceflowIpv6Header (schema)

Ipv6Header for Antrea traceflow

Ipv6 header stuffs for Antrea traceflow.

Name	Description	Type
dstIp	Destination ip Destination ip address in Ipv6Header.	string
hopLimit	Hop limit Hop limit setting in Ipv6Header.	integer
nextHeader	Next header Next header setting in Ipv6Header.	integer
srcIp	Source ip Source ip address in Ipv6Header.	string

AntreaTraceflowPacketData (schema)

Packet data for Antrea traceflow

Packet data stuffs for Antrea traceflow.

Name	Description	Type	Notes
frameSize	Packet frame size This property is used to set packet data size.	integer
ipHeader	Ipv4 header configuration This property is used to set ipv4 header data.	AntreaTraceflowIpHeader
ipv6Header	Ipv6 header configuration This property is used to set ipv6 header data.	AntreaTraceflowIpv6Header
payload	Packet payload This property is used to set payload data.	string
resourceType	Packet resource type This property is used to set resource type.	string	Enum: FIELDS_PACKET_DATA, BINARY_PACKET_DATA
transportHeader	Transport header configuration This property is used to set transport header data.	AntreaTraceflowTransportHeader
transportType	Transport type This property is used to set transport type.	string	Enum: UNICAST, MULTICAST, BROADCAST, UNKNOWN

AntreaTraceflowTcpHeader (schema)

TcpHeader for Antrea traceflow

Tcp header stuffs for Antrea traceflow.

Name	Description	Type
dstPort	Destination port Destination port number in TcpHeader.	integer
srcPort	Source port Source port number in TcpHeader.	integer
tcpFlags	Tcp flags Tcp flags in TcpHeader. SYN flag must be set for traceflow.	integer

AntreaTraceflowTransportHeader (schema)

TransportHeader for Antrea traceflow

Transport header stuffs for Antrea traceflow.

Name	Description	Type
icmpEchoRequestHeader	IcmpEchoRequestHeader for Antrea traceflow IcmpEchoRequest header stuffs for Antrea traceflow.	AntreaTraceflowIcmpEchoRequestHeader
tcpHeader	TcpHeader for Antrea traceflow Tcp header stuffs for Antrea traceflow.	AntreaTraceflowTcpHeader
udpHeader	UdpHeader for Antrea traceflow Udp header stuffs for Antrea traceflow.	AntreaTraceflowUdpHeader

AntreaTraceflowUdpHeader (schema)

UdpHeader for Antrea traceflow

Udp header stuffs for Antrea traceflow.

Name	Description	Type	Notes
dstPort	Destination port Destination port number in UdpHeader.	integer
srcPort	Source port Source port number in UdpHeader.	integer

AphInfo (schema)

Apliance proxy hub information

APH information.

Name	Description	Type	Notes
address	IP address of APH service	string	Required
certificate	PEM Certificate of APH service	string	Required
fqdn	FQDN, only returned by GET /sites and GET /sites/self	string
node_id	Node ID of the APH service	string	Required
port	Port of APH service	integer	Required
use_fqdn	whether or not fqdn flag is on	boolean
uuid	ID of the APH service	string	Required

ApiError (schema)

Detailed information about an API Error

Name	Description	Type
details	Further details about the error	string
error_code	A numeric error code	integer
error_data	Additional data about the error	object
error_message	A description of the error	string
module_name	The module name where the error occurred	string
related_errors	Other errors related to this error	array of RelatedApiError

ApiRequestBody (schema)

API Request Body

API Request Body is an Event Source that represents an API request body that
is being reveived as part of an API. Supported Request Bodies are those received
as part of a PATCH/PUT/POST request.

Name	Description	Type	Notes
resource_pointer	Resource Pointer Regex path representing a regex expression on resources. This regex is used to identify the request body(ies) that is/are the source of the Event. For instance: specifying "Lb* \| /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question.	string	Required
resource_type	Must be set to the value ApiRequestBody	string	Required Enum: ResourceOperation, ApiRequestBody

ApiServiceConfig (schema)

Configuration of the API service

Properties that affect the configuration of the NSX API service.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
basic_authentication_enabled	Enable or disable basic authentication Identifies whether basic authentication is enabled or disabled in API calls.	boolean	Default: "True"
cipher_suites	Cipher suites used to secure contents of connection The TLS cipher suites that the API service will negotiate.	array of CipherSuite	Minimum items: 1
client_api_concurrency_limit	Client API concurrency limit in calls A per-client concurrency limit. This is the maximum number of outstanding requests that a client can have. For example, a client can open multiple connections to NSX and submit operations on each connection. When this limit is exceeded, the server returns a 503 Service Unavailable error to the client. To disable API concurrency limiting, set this value to 0.	integer	Minimum: 0 Default: "40"
client_api_rate_limit	Client API rate limit in calls per second The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0.	integer	Minimum: 0 Default: "100"
connection_timeout	NSX connection timeout NSX connection timeout, in seconds. To disable timeout, set to 0.	integer	Minimum: 0 Maximum: 2147483647 Default: "30"
cookie_based_authentication_enabled	Enable or disable cookie-based authentication Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create.	boolean	Default: "True"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
global_api_concurrency_limit	Global API concurrency limit in calls The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.	integer	Minimum: 0 Default: "199"
id	Unique identifier of this resource	string	Sortable
lockout_immune_addresses	IP addresses which are not subject to lockout on failed login attempts The list of IP addresses which are not subjected to a lockout on failed login attempts.	array of IPAddress
protocol_versions	TLS protocol versions The TLS protocol versions that the API service will negotiate.	array of ProtocolVersion	Minimum items: 1
redirect_host	Hostname/IP to use in redirect headers Host name or IP address to use for redirect location headers, or empty string to derive from current request. To disable, set redirect_host to the empty string ("").	HostnameOrIPv4AddressOrEmptyString	Default: ""
resource_type	Must be set to the value ApiServiceConfig	string
session_timeout	NSX session inactivity timeout	integer	Minimum: 0 Maximum: 2147483647 Default: "1800"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ApplianceManagementSuppressRedirectQueryParameter (schema)

Name	Description	Type	Notes
suppress_redirect	Suppress redirect status if applicable Do not return a redirect HTTP status.	boolean	Default: "False"

ApplianceManagementTaskListResult (schema)

Appliance management task query results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Task property results	array of ApplianceManagementTaskProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ApplianceManagementTaskProperties (schema)

Appliance management task properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
async_response_available	True if response for asynchronous request is available	boolean	Readonly
cancelable	True if this task can be canceled	boolean	Readonly
description	Description of the task	string	Readonly
details	Details about the task if known	object	Readonly
end_time	The end time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
id	Identifier for this task	string	Readonly Pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
message	A message describing the disposition of the task	string	Readonly
progress	Task progress if known, from 0 to 100	integer	Readonly Minimum: 0 Maximum: 100
request_is_async	True if request was invoked with Vmw-Async:true header; otherwise, false	boolean	Readonly
request_method	HTTP request method	string	Readonly
request_uri	URI of the method invocation that spawned this task	string	Readonly
start_time	The start time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
status	Current status of the task	ApplianceManagementTaskStatus	Readonly
user	Name of the user who created this task	string	Readonly

ApplianceManagementTaskQueryParameters (schema)

Name	Description	Type	Notes
fields	Fields to include in query results Comma-separated field names to include in query result	string
request_method	Request method(s) to include in query result Comma-separated request methods to include in query result	string	Pattern: "^(=\|!=\|~\|!~)?.+$"
request_path	Request URI path(s) to include in query result Comma-separated request paths to include in query result	string	Pattern: "^(=\|!=\|~\|!~)?.+$"
request_uri	Request URI(s) to include in query result Comma-separated request URIs to include in query result	string	Pattern: "^(=\|!=\|~\|!~)?.+$"
status	Status(es) to include in query result Comma-separated status values to include in query result	string	Pattern: "^(=\|!=\|~\|!~)?.+$"
user	Names of users to include in query result Comma-separated user names to include in query result	string	Pattern: "^(=\|!=\|~\|!~)?.+$"

ApplianceManagementTaskStatus (schema)

Current status of the appliance management task

Name	Description	Type	Notes
ApplianceManagementTaskStatus	Current status of the appliance management task	string	Enum: running, error, success, canceling, canceled, killed

ApplicationConnectivityStrategy (schema)

Application specific connectivity strategy

Allows more granular policies for application workloads

Name	Description	Type	Notes
application_connectivity_strategy	Application connectivity strategy App connectivity strategies	string	Required Enum: ALLOW_INTRA, ALLOW_EGRESS, ALLOW_INGRESS, DROP_INGRESS, DROP_EGRESS
default_application_rule_id	Default rule ID associated with the application_connectivity_strategy Based on the value of the app connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule.	integer	Readonly
logging_enabled	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"

ApplyCertificateParameters (schema)

Name	Description	Type	Notes
node_id	Node Id Optional node-id to which to apply the certificate. The cluster_certificate field of the matching Certificate Profile must be false, as those get applied to all nodes.	string	Maximum length: 255
service_type	Service Type Service Type of the CertificateProfile to apply the certificate to.	ServiceType	Required

ArpHeader (schema)

Name	Description	Type	Notes
dst_ip	The destination IP address	IPv4Address	Required
op_code	Arp message type This field specifies the nature of the Arp message being sent.	string	Required Enum: ARP_REQUEST, ARP_REPLY Default: "ARP_REQUEST"
src_ip	The source IP address This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0.	IPv4Address

ArpSnoopingConfig (schema)

ARP Snooping Configuration

Contains ARP snooping related configuration.

Name	Description	Type	Notes
arp_binding_limit	Maximum number of ARP bindings Number of arp snooped IP addresses Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached.	int	Minimum: 1 Maximum: 256 Default: "1"
arp_snooping_enabled	Is ARP snooping enabled or not Indicates whether ARP snooping is enabled	boolean	Default: "True"

ArpTableRequestParameters (schema)

Routes request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface.	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.	string
host_transport_node_path	Policy path of host transport node Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Attribute (schema)

Attributes

Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance.

Name	Description	Type	Notes
attribute_type	Attributetype. Attribute Type can be of any of the allowed enum type.	string	Enum: IP_ADDRESS, PORT, PASSWORD, STRING, LONG, BOOLEAN
display_name	Display name Attribute display name string value.	string
key	key Attribute key string value.	string	Required
read_only	read only Read only Attribute cannot be overdidden by service instance/deployment.	boolean	Default: "False"
value	value Attribute value string value.	string

AttributeVal (schema)

Attribute values of realized type

Contains type specific properties of generic realized entity

Name	Description	Type	Notes
data_type	Datatype of property represented by this attribute Datatype of the property	string	Required Readonly Enum: STRING, DATE, INTEGER, BOOLEAN
key	Key for the attribute value Attribute key	string
multivalue	multivalue flag If attribute has a single value or collection of values	boolean	Readonly
values	List of values for the attribute List of attribute values	array of string	Readonly

AuthServiceProperties (schema)

Auth Service properties

Name	Description	Type	Notes
logging_level	Service logging level	string	Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO"

AuthenticationPolicyProperties (schema)

Configuration of authentication and password policies for the NSX node

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_retry_prompt	Prompt user at most N times before returning with error.	integer	Readonly Default: "3"
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
api_failed_auth_lockout_period	Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types.	integer	Minimum: 0 Maximum: 9000 Default: "900"
api_failed_auth_reset_period	Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types.	integer	Minimum: 0 Maximum: 9000 Default: "900"
api_max_auth_failures	Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types.	integer	Minimum: 0 Maximum: 50 Default: "5"
cli_failed_auth_lockout_period	Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.	integer	Minimum: 0 Maximum: 604800 Default: "900"
cli_max_auth_failures	Number of authentication failures that trigger CLI lockout	integer	Minimum: 0 Maximum: 10 Default: "5"
digits	Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N digits. N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
hash_algorithm	Hash algorithm Sets hash/cryptographic algorithm type for new passwords.	string	Enum: sha512, sha256 Default: "sha512"
lower_chars	Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having lower case characters in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N lower case characters. N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
max_repeats	Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
max_sequence	Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
maximum_password_length	Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters.	integer	Minimum: 8 Maximum: 128 Default: "128"
minimum_password_length	Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with `minimum_password_length` less than current default value, then upgraded appliance will reset the configured setting back to recommended default; which can be explicitly modified back to original value or any other integer greater than or equal to supported minimum value. VMware recommends to set strong passwords for systems and appliances, further suggests to maintain strong `minimum_password_length` value. NSX resets this value to default and recommends to maintain upgraded default value or above for password complexity requirement. If any existing user passwords are set with length of less than newly configured `minimum_password_length`, then its recommended to reset the user passwords as per newly configured password complexity compliance. If existing `minimum_password_length` is greater than or equal to default value, which shall be retained as it is in newly upgraded appliance. By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed.	integer	Minimum: 8 Maximum: 128 Default: "12"
minimum_unique_chars	Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
password_remembrance	Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0.	integer	Minimum: 0 Default: "0"
special_chars	Number of special characters in password Number of special characters (!@#$&..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password. N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length* value upto N special case characters. N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
upper_chars	Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N upper case characters. N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"

AuthenticationScheme (schema)

Name	Description	Type	Notes
scheme_name	Authentication scheme name	string	Required

AutoEnableGatewayFirewallConfig (schema)

Auto Enable Gateway Firewall

Config to auto enable gateway firewall for new Tier1 and Tier0 gateway.
By default gateway firewall is dsiabled for new VCF deployments.

Name	Description	Type	Notes
auto_enable_firewall_on_new_gateway	Auto Enable Gateway Firewall Flag auto enables or disables if set to false, gateway firewall for new Tier1 and Tier0 gateways. Flag doesn't change gateway firewall status of existing gateways.	boolean	Required

AutoRds (schema)

Auto assigned Route Distinguishers

This object holds auto assigned route distinguishers for Layer 2 and Layer 3 configurations.

Name	Description	Type	Notes
l2_auto_rds	List of layer 2 Auto assigned Route Distinguisher	array of L2AutoRD
l3_auto_rd	Layer 3 Auto assigned Route Distinguisher This field is auto assigned by the system. The auto RD seed is populated when user does not assign a route_distinguisher field in the gateway.	string

AutoRejectIPOptionsGatewayFirewallConfig (schema)

Auto Reject IP Options Packets

Config to auto reject network packets having IP options on all Tier0 or Tier1 gateways.
By default auto reject is is disabled for all Tier0 or Tier1 gateways.

Name	Description	Type	Notes
auto_reject_ip_options_gateway_firewall	Auto Reject Packets with IP Options This flag, if set to true, auto rejects network packets having IP options header populated before gateway firewall classification on all Tier0 or Tier1 gateways in compliance with NDcPP certification. By default flag is set to false.	boolean	Required

AutoUpdateErrorsOnAirgappedSites (schema)

Auto-update/Update-now errors on airgapped Sites.

Name	Description	Type	Notes
failure_reason	Reason for auto-update/update-now failure. Reason for auto-update/update-now failure.	string	Readonly
site_path	String Path of the site The path of the site where auto-update/update-now is failed	string	Readonly

AutoUpdateErrorsOnAirgappedSitesListResult (schema)

Collection of auto-update/update-now errors on airgapped sites

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Auto-update/update-now error on airgapped sites list results	array of AutoUpdateErrorsOnAirgappedSites	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

AviConnectionInfo (schema)

Avi Connection Info

Credential info to connect to a AVI type of enforcement point.

Name	Description	Type	Notes
certificate	Certificate used when on-borading workflow created by LCM/VCF. Certificate used when on-borading workflow created by LCM/VCF.	string
enforcement_point_address	Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"	string	Required
expires_at	Expiry time of the token Expiry time of the token will be set by LCM at the time of Enforcement Point Creation.	string
is_default_cert	Advanced Load Balancer controller using default portal certificate. Advanced Load Balancer controller using default portal certificate.	boolean
managed_by	Managed by used when on-borading workflow created by LCM/VCF. Managed by used when on-borading workflow created by LCM/VCF.	string
password	Password or Token for Avi Controller Password or Token for Avi Controller.	secure_string	Required
resource_type	Must be set to the value AviConnectionInfo	string	Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
status	Enforcement point state for ALB This is connection property which checks whether ALB is connected to the controller. Enum options - ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API. Default value is DEACTIVATE_API.	ALBEnforcementPointState	Required Default: "DEACTIVATE_API"
tenant	Tenant A tenant is an isolated instance of Avi Controller. Each Avi user account is associated with one or more tenants. The tenant associated with a user account defines the resources that user can access within Avi Vantage. When a user logs in, Avi restricts their access to only those resources that are in the same tenant	string	Required
thumbprint	Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. Only used during onboarding and not updated during follow-up certificate changes.	string
username	Username Username.	secure_string	Required
cloud	Cloud Clouds are containers for the environment that Avi Vantage is installed or operating within. During initial setup of Vantage, a default cloud, named Default-Cloud, is created. This is where the first Controller is deployed, into Default-Cloud. Additional clouds may be added, containing SEs and virtual services. This is a deprecated property. Cloud has been renamed to cloud_name and it will added from specific ALB entity.	string	Deprecated
version	Version Avi supports API versioning for backward compatibility with automation scripts written for an object model older than the current one. Such scripts need not be updated to keep up with object model changes This is a deprecated property. The version is now auto populated from property file and its value can be read using APIs	string	Deprecated

Axes (schema)

Axes of a graph

Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs.

Name	Description	Type	Notes
x_label	Label for X axis of a graph	Label
x_labels	A list of X-Axis Labels with condition support. A list of X-Axis Labels with condition support. If needed, this property can be used to provide a list of x-axis label with condition support. For a label with single condition,'x-label' property can be used.	array of Label	Minimum items: 0
y_axis_unit_labels	A list of Y-Axis unit Labels with condition support. A list of Y-Axis unit Labels with condition support. If needed, this property can be used to provide a list of y-axis unit label with condition support. This unit label can be used to display the point value along with units like percentage, milliseconds etc.	array of Label	Minimum items: 0
y_axis_units	A list of Y-Axis unit with condition support. A list of Y-Axis unit with condition support. If needed, this property can be used to provide a list of y-axis unit with condition support. This unit could be like percentage, seconds, milliseconds etc.	array of AxisUnit	Minimum items: 0
y_label	Label for Y axis of a graph	Label
y_labels	A list of Y-Axis Labels with condition support. A list of Y-Axis Labels with condition support. If needed, this property can be used to provide a list of y-axis label with condition support. For a label with single condition,'y-label' property can be used.	array of Label	Minimum items: 0

AxisUnit (schema)

Axis unit of a graph

Represents X and Y axis unit of a graph.

Name	Description	Type	Notes
condition	Expression for evaluating condition If the condition is met then the above unit will be displayed. to UI. If no condition is provided, then the unit will be displayed unconditionally.	string	Maximum length: 1024
unit	An Axis unit. An Axis unit.	string	Enum: COUNT, PERCENT, BYTES, MILLISECONDS, SECONDS, MINUTE, HOUR, DAY, KILO_BYTES, MEGA_BYTES, GIGA_BYTES

BackupConfiguration (schema)

Configuration for taking manual/automated backup

Name	Description	Type	Notes
after_inventory_update_interval	A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups.	integer	Minimum: 300 Maximum: 86400
backup_enabled	true if automated backup is enabled	boolean	Default: "False"
backup_schedule	Set when backups should be taken - on a weekly schedule or at regular intervals.	BackupSchedule (Abstract type: pass one of the following concrete types) IntervalBackupSchedule WeeklyBackupSchedule
inventory_summary_interval	The minimum number of seconds between each upload of the inventory summary to backup server.	integer	Minimum: 30 Maximum: 3600 Default: "240"
passphrase	Passphrase used to encrypt backup files. Passphrase used to encrypt backup files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character).	secure_string
remote_file_server	The server to which backups will be sent.	RemoteFileServer

BackupFrameRequestParameters (schema)

Backup Frame Request Parameters

Parameters (site_id, etc), that describes a backup/restore frame

Name	Description	Type	Notes
frame_type	Frame type This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site.	string	Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE Default: "LOCAL_LOCAL_MANAGER"
site_id	Site ID Site ID of LM site, which will be supported in a frame	string	Default: "localhost"

BackupOperationHistory (schema)

Past backup operation details

Name	Description	Type	Notes
cluster_backup_statuses	Statuses of previous cluster backups	array of BackupOperationStatus
inventory_backup_statuses	Statuses of previous inventory backups	array of BackupOperationStatus
node_backup_statuses	Statuses of previous node backups	array of BackupOperationStatus
overall_backup_status	Overall status of last backup This attribute is used to indicate the overall backup status	string	Enum: NOT_AVAILABLE, IN_PROGRESS, SUCCESS, FAILED

BackupOperationStatus (schema)

Backup operation status

Name	Description	Type	Notes
backup_id	Unique identifier of a backup	string	Required
end_time	Time when operation was ended	EpochMsTimestamp
error_code	Error code	string	Enum: BACKUP_NOT_RUN_ON_MASTER, BACKUP_SERVER_UNREACHABLE, BACKUP_AUTHENTICATION_FAILURE, BACKUP_PERMISSION_ERROR, BACKUP_TIMEOUT, BACKUP_BAD_FINGERPRINT, BACKUP_GENERIC_ERROR, UPGRADE_IN_PROGRESS, CERTIFICATE_ROTATION_IN_PROGRESS
error_message	Error code details	string
start_time	Time when operation was started	EpochMsTimestamp
success	True if backup is successfully completed, else false	boolean	Required

BackupOverview (schema)

Backup overview

Data for a single backup/restore card

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
backup_config	Backup configuration Configuration to generate a manual/automated backup	BackupConfiguration	Required
backup_operation_history	Last backup status Status of the last backup execution per component	BackupOperationHistory	Required
current_backup_operation_status	Current backup status Backup status decribes type, phase, success/failure and time of a \| latest backup execution	CurrentBackupOperationStatus	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
restore_status	Current restore status Status of restore process executing/executed on appliance	ClusterRestoreStatus	Required
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of timestamps of backed-up cluster files	array of ClusterBackupInfo	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BackupOverviewRequestParameters (schema)

Backup overview request parameters

Parameters, that REST API client needs to provide, in order to get data for
a backup/restore card with or without a list of generated backups.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
frame_type	Frame type This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site.	string	Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE Default: "LOCAL_LOCAL_MANAGER"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
show_backups_list	Need a list of backups True to request a list of backups	boolean	Default: "True"
site_id	UUID of the site UUID of LM site, which will be supported in a frame	string	Default: "localhost"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BackupSchedule (schema)

Abstract base type for Weekly or Interval Backup Schedule

This is an abstract type. Concrete child types:
IntervalBackupSchedule
WeeklyBackupSchedule

Name	Description	Type	Notes
resource_type	Schedule type	string	Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule

BackupUiFramesInfo (schema)

Name	Description	Type	Notes
active_gm	Does site have active GM	string	Readonly Enum: ACTIVE, STANDBY, NONE, INVALID
api_endpoint	prefix to be used for api call	string	Required Readonly Enum: global-manager, nsxapi, ica
frame_type	Type of service, for which backup is handled	string	Required Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE
site_id	Id of the site	string	Required Readonly
site_version	Version of the site	string	Required Readonly

BackupUiFramesInfoList (schema)

Name	Description	Type	Notes
backup_frames_list	List of backup frames(and metadata) to be displayed in UI	array of BackupUiFramesInfo	Required Readonly

BareMetalServer (schema)

Name	Description	Type	Notes
_last_sync_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cpu_cores	CPU cores Number of CPU cores of the bare metal server in the NSX.	integer
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_id	External id External id to identify the bare metal server in the NSX.	string	Required
os_info	OS information OS information of the bare metal server in the NSX.	OsInfo
resource_type	Must be set to the value BareMetalServer	string	Required
scope	List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC.	array of DiscoveredResourceScope
source_id	Source id Identifier of the source from where the bare metal server is discovered, bare metal controller in this case.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

BareMetalServerGroupAssociationRequestParams (schema)

List request parameters containing BMS external ID and enforcement point path

Name	Description	Type	Notes
bms_external_id	BMS external ID	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BareMetalServerInterface (schema)

Name	Description	Type	Notes
_last_sync_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
bms_external_id	BMS External ID External ID of the bare metal server to which this interface belongs.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_id	External id External id to identify the bare metal server interface in the NSX.	string	Required
ip_addresses	IP address IP Addresses of the bare metal server interface	array of string
is_mgmt_interface	Flag for management interface It is a boolean flag which indicates whether the interface is management interface or not If set to true, indicates the given interface is management interface If set to false, indicates the given interface is not management interface.	boolean
mac_address	MAC address MAC address of the bare metal server interface.	string
resource_type	Must be set to the value BareMetalServerInterface	string	Required
scope	List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC.	array of DiscoveredResourceScope
source_id	Source id Id of the bare metal controller (BMC) which is discovering Bare Metal Server.	string
state	State State of the the bare metal server interface.	string	Enum: INVALID, UNKNOWN, UP, DOWN
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

BareMetalServerInterfaceGroupAssociationRequestParams (schema)

List request parameters containing BMSI external ID and enforcement point path

Name	Description	Type	Notes
bmsi_external_id	BMSI external ID	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BareMetalServerInterfaceListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	bare metal interfaces details	array of BareMetalServerInterface	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BareMetalServerListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Bare metal server details	array of BareMetalServer	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BaseCompatibilityCheckResult (schema)

Precheck result for onboaring standby Global Manager or remote Site to
federation
description: |
Result of prechecks run for onboarding standby Global Manager or remote
site. The checks include NSX version compatibility with active Global
Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are
soft limits.

Name	Description	Type	Notes
local_nsx_version	Local Site NSX version where active Global Mananger is running Local Site NSX version where active Global Mananger is running.	string	Readonly
nsx_version	Remote Site NSX version Remote Site NSX version.	string	Readonly
rtt	Round trip time to the remote Site or Global Manager from active Global Manager Round trip time to the remote Site or Global Manager from active Global Manager.	integer	Readonly
rtt_exceeded	Flag to indicate if RTT to remote Site exceeds the recommended limit Flag to indicate if RTT to remote Site exceeds the recommended limit.	boolean	Readonly
version_compatible	Flag to indicate if remote Site NSX version is compatible Flag to indicate if remote Site NSX version is compatible with active Global Manager.	boolean	Readonly

BaseConsolidatedStatusPerEnforcementPoint (schema)

Base class for ConsolidatedStatusPerEnforcementPoint

Consolidated Realized Status Per Enforcement Point.
This is an abstract type. Concrete child types:
ConsolidatedStatusNsxT
ConsolidatedStatusPerEnforcementPoint

Name	Description	Type	Notes
alarm	Alarm Information Details Alarm information details.	PolicyRuntimeAlarm	Readonly
consolidated_status	Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point.	ConsolidatedStatus	Readonly
enforcement_point_id	Enforcement Point Id Enforcement Point Id.	string	Readonly
enforcement_point_path	Enforcement point Path Policy Path referencing the enforcement point where the info is fetched.	string	Readonly
resource_type		string	Required
site_path	Site Path The site where this enforcement point resides.	string	Readonly

BaseEdgeStatisticsRequestParameters (schema)

Routes request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface.	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.	string
host_transport_node_path	Policy path of host transport node Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BaseEndpoint (schema)

An endpoint to be used in redirection rule

Represents an endpoint which will be used as subject in rule.
It is a polymorphic type object which can be either of the types -
1. Virtual
2. Logical
We have 2 separate objects representing these 2 types.
VirtualEndPoint for Virtual type and ServiceInstanceEndpoint
for Logical.
This is an abstract type. Concrete child types:
ServiceInstanceEndpoint
VirtualEndpoint

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BaseEndpoint	string	Required Enum: VirtualEndpoint, ServiceInstanceEndpoint
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_ips	IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected.	array of IPInfo	Required Minimum items: 1 Maximum items: 1
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BaseInterfaceGroup (schema)

Base gateway Interface group

Tier0/Tier1 Interface group for interface grouping.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
members	Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location.	array of GatewayInterfaceReference
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BaseInterfaceGroup	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BaseListRequestParameters (schema)

Routes request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BasePolicyServiceInstance (schema)

Represents an instance of partner Service and its configuration

Represents an instance of partner Service and its configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
deployment_mode	Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.	string	Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
partner_service_name	Name of Partner Service Unique name of Partner Service in the Marketplace	string	Required
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BasePolicyServiceInstance	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_type	Transport Type Transport to be used while deploying Service-VM.	string	Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BaseRule (schema)

A rule represent base properties for ,dfw, forwarding, redirection rule

A rule indicates the action to be performed for various types of traffic flowing between workload groups.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_groups	Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
destinations_excluded	Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups	boolean	Default: "False"
direction	Direction Define direction of traffic.	string	Enum: IN, OUT, IN_OUT Default: "IN_OUT"
disabled	Flag to deactivate the rule Flag to deactivate the rule. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_protocol	IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.	string	Enum: IPV4, IPV6, IPV4_IPV6
is_default	Default rule flag A flag to indicate whether rule is a default rule.	boolean	Readonly
logged	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
notes	Text for additional notes on changes User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.	string	Maximum length: 2048
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profiles	Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.	array of string	Maximum items: 128
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BaseRule	string
rule_id	Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.	integer	Readonly
scope	The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.	array of string	Maximum items: 128
sequence_number	Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number	int	Minimum: 0
service_entries	Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Maximum items: 128
services	Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
source_groups	Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
sources_excluded	Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups	boolean	Default: "False"
tag	Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BaseRuleListResult (schema)

Paged Collection of Rules

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BaseTier0Interface (schema)

Tier-0 interface configuration

Tier-0 interface configuration for external connectivity.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_relay_path	policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BaseTier0Interface	string
subnets	IP address and subnet specification for interface Specify IP address and network prefix for interface.	array of InterfaceSubnet	Required Minimum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BasicAuthenticationScheme (schema)

Name	Description	Type	Notes
password	Password to authenticate with	string	Required
scheme_name	Authentication scheme name	string	Required Enum: basic
username	User name to authenticate with	string	Required Pattern: "^.+$"

BatchParameter (schema)

Options that affect how batch operations are processed

Name	Description	Type	Notes
atomic	Ignored (transactional atomicity flag) This flag is ignored. Transactional atomicity is no longer supported.	boolean	Default: "False"

BatchRequest (schema)

A set of operations to be performed in a single batch

Name	Description	Type	Notes
continue_on_error	Continue even if an error is encountered.	boolean	Default: "True"
requests		array of BatchRequestItem

BatchRequestItem (schema)

A single request within a batch of operations

Name	Description	Type	Notes
body		object
method	method type(POST/PUT/DELETE/UPDATE) http method type	string	Required Enum: GET, POST, PUT, DELETE, PATCH
uri	Internal uri of the call relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters	string	Required

BatchResponse (schema)

The reponse to a batch operation

Name	Description	Type	Notes
has_errors	errors indicator Indicates if any of the APIs failed	boolean
results	Bulk list results	array of BatchResponseItem	Required
rolled_back	indicates if all items were rolled back. Optional flag indicating that all items were rolled back even if succeeded initially	boolean

BatchResponseItem (schema)

A single respose in a list of batched responses

Name	Description	Type	Notes
body	object returned by api object returned by api	object
code	object returned by api http status code	integer	Required
headers	object returned by api The headers returned by the API call	object

BfdHealthMonitoringConfig (schema)

Bfd Health Monitoring Options

Bfd Health Monitoring Options used specific to BFD Transport Zone profiles

Name	Description	Type	Notes
enabled	Whether the heartbeat is enabled. A PATCH or PUT request with "enabled" false (with no probe intervals) will set or reset the probe_interval to their default value.	boolean	Required
latency_enabled	Whether the latency is enabled. The flag is to turn on/off latency. A PATCH or PUT request with "latency_enabled" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI.	boolean
probe_interval	The time interval (in millisec) between probe packets for tunnels between transport nodes.	integer	Minimum: 300 Default: "1000"

BfdProfile (schema)

Bidirectional Forwarding Detection configuration for BGP peers

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
interval	Time interval between heartbeat packets in milliseconds Time interval between heartbeat packets in milliseconds.	int	Minimum: 50 Maximum: 60000 Default: "500"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
multiple	Declare dead multiple Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down.	int	Minimum: 2 Maximum: 16 Default: "3"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BfdProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BfdProfileListResult (schema)

Paged Collection of BfdProfile

Paged Collection of BfdProfile.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Bfd Profile List Results Bfd Profile list results.	array of BfdProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BgpAddressFamily (schema)

Name	Description	Type	Notes
in_prefix_count	Count of in prefixes Count of in prefixes	integer	Readonly
out_prefix_count	Count of out prefixes Count of out prefixes	integer	Readonly
type	BGP address family type BGP address family type	string	Required Readonly Enum: IPV4_UNICAST, VPNV4_UNICAST, IPV6_UNICAST, L2VPN_EVPN, VPNV6_UNICAST

BgpBfdConfig (schema)

BFD configuration for BGP peers

Name	Description	Type	Notes
enabled	Flag to enable BFD cofiguration Flag to enable BFD cofiguration.	boolean	Default: "False"
interval	Time interval between heartbeat packets in milliseconds Time interval between heartbeat packets in milliseconds.	int	Minimum: 50 Maximum: 60000 Default: "500"
multiple	Declare dead multiple Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down.	int	Minimum: 2 Maximum: 16 Default: "3"

BgpGracefulRestartConfig (schema)

BGP Graceful Restart Configuration

Configuration field to hold BGP restart mode and timer.

Name	Description	Type	Notes
mode	BGP Graceful Restart Configuration Mode If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers.	string	Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY Default: "HELPER_ONLY"
timer	BGP Graceful Restart Timer Configuration field to hold BGP restart timers.	BgpGracefulRestartTimer

BgpGracefulRestartTimer (schema)

BGP Graceful Restart Timers

Configuration field to hold BGP restart timers

Name	Description	Type	Notes
restart_timer	BGP Graceful Restart Timer Maximum time taken (in seconds) for a BGP session to be established after a restart. This can be used to speed up routing convergence by its peer in case the BGP speaker does not come back up after a restart. If the session is not re-established within this timer, the receiving speaker will delete all the stale routes from that peer.	integer	Minimum: 1 Maximum: 3600 Default: "180"
stale_route_timer	BGP Stale Route Timer Maximum time (in seconds) before stale routes are removed from the RIB (Routing Information Base) when BGP restarts.	integer	Minimum: 1 Maximum: 3600 Default: "600"

BgpNeighborConfig (schema)

BGP neighbor config

Contains information necessary to configure a BGP neighbor.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allow_as_in	Flag to enable allowas_in option for BGP neighbor	boolean	Default: "False"
bfd	BFD configuration for failure detection BFD configuration for failure detection. BFD is enabled with default values when not configured.	BgpBfdConfig
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Flag to enable/disable BGP peering. Flag to enable/disable BGP peering. Disabling will stop the BGP peering. True - indicates enable BGP peering, False - indicates disable BGP peering. Default is True.	boolean	Default: "True"
graceful_restart_mode	BGP Graceful Restart Configuration Mode If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers.	string	Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY
hold_down_time	Wait time in seconds before declaring peer dead Wait time in seconds before declaring peer dead.	int	Minimum: 1 Maximum: 65535 Default: "180"
id	Unique identifier of this resource	string	Sortable
keep_alive_time	Interval between keep alive messages sent to peer Interval (in seconds) between keep alive messages sent to peer.	int	Minimum: 1 Maximum: 65535 Default: "60"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_hop_limit	Maximum number of hops allowed to reach BGP neighbor Maximum number of hops allowed to reach BGP neighbor.	int	Minimum: 1 Maximum: 255 Default: "1"
neighbor_address	Neighbor IP Address	IPAddress	Required
neighbor_local_as_config	Local as configuration for BGP Neighbor Configuration field to hold the Local AS config for BGP Neighbor	BgpNeighborLocalAsConfig
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
password	Password Specify password for BGP neighbor authentication. Empty string ("") clears existing password.	secure_string	Minimum length: 0 Maximum length: 32
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_as_num	4 Byte ASN of the neighbor in ASPLAIN Format	string	Required
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BgpNeighborConfig	string
route_filtering	Enable address families and route filtering in each direction Enable address families and route filtering in each direction.	array of BgpRouteFiltering	Maximum items: 2
source_addresses	Source IP Addresses for BGP peering Source addresses should belong to Tier0 external or loopback or VTI interface IP Addresses . BGP peering is formed from all these addresses. This property is mandatory when maximum_hop_limit is greater than 1.	array of IPAddress	Maximum items: 8
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
in_route_filters	Prefix-list or route map path for IN direction Specify path of prefix-list or route map to filter routes for IN direction. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error.	array of string	Deprecated Maximum items: 1
out_route_filters	Prefix-list or route map path for OUT direction Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error.	array of string	Deprecated Maximum items: 1

BgpNeighborConfigListRequestParameters (schema)

Routing Config list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BgpNeighborConfigListResult (schema)

Paged collection of BGP Neighbor Configs

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	BGP neighbor configs list results	array of BgpNeighborConfig	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BgpNeighborLocalAsConfig (schema)

BGP neighbor local-as configuration

Name	Description	Type	Notes
as_path_modifier_type	AS_PATH modifier type for BGP local AS Optional parameter. If this property is not set, by default BGP prepends neighbor's local_as_num value to the AS_PATH for BOTH outgoing and incoming route advertisements from the peer neighbor. By setting one of the following value, user can modify the default prepend action on the AS_PATH in both inbound and outbound direction. NO_PREPEND: If type is NO_PREPEND, then the local router will NOT prepend the incoming advertisement from that peer with neighbor's local_as_num, so the AS path advertised will now prepend only the BGP local-as of the router. NO_PREPEND_REPLACE_AS - If type is "NO_PREPEND_REPLACE_AS", then the local routes will be advertised with the neighbor's local-as instead of the BGP's local-as to peer router.	string	Enum: NO_PREPEND, NO_PREPEND_REPLACE_AS
local_as_num	BGP neighbor local-as number in ASPLAIN/ASDOT Format Specify local-as number for Tier-0 to advertize to BGP peer. This overrides local_as_num configured in the BgpRoutingConfig object. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. It is supported for BgpNeighborConfig under both default tier0 and vrf tier0. When this capability is configured, it enables the BGP to prepend "local_as_num" value to the beginning of AS_PATH for BOTH outgoing and incoming route advertisements from the configured neighbor. After prepend, AS_PATH contains both "neighbor's " and BGP's .	string	Required

BgpNeighborRouteDetailsCsvRecord (schema)

BGP neighbor route details

BGP neighbor learned/advertised route details.

Name	Description	Type	Notes
as_path	AS path BGP AS path attribute.	string	Readonly
local_pref	Local preference BGP Local Preference attribute.	integer	Readonly
logical_router_id	Logical router id Logical router id	string	Required Readonly
med	Multi Exit Discriminator BGP Multi Exit Discriminator attribute.	integer	Readonly
neighbor_address	Neighbor IP address BGP neighbor peer IP address.	IPAddress	Required Readonly
neighbor_id	BGP neighbor id BGP neighbor id	string	Required Readonly
network	CIDR network address CIDR network address.	IPCIDRBlock	Required Readonly
next_hop	Next hop IP address Next hop IP address.	IPAddress	Readonly
source_address	BGP neighbor source address BGP neighbor source address.	IPAddress	Readonly
transport_node_id	Transport node id Transport node id	string	Required Readonly
weight	Weight BGP Weight attribute.	integer	Readonly

BgpNeighborRouteDetailsInCsvFormat (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
results		array of BgpNeighborRouteDetailsCsvRecord

BgpNeighborRoutes (schema)

BGP neighbor route details

BGP neighbor learned/advertised route details.

Name	Description	Type	Notes
edge_node_routes	Route details per transport node Array of BGP neighbor route details per edge node.	array of RoutesPerTransportNode	Readonly
enforcement_point_path	Enforcement point policy path	string	Required Readonly
neighbor_path	BGP neighbor policy path	string	Required Readonly

BgpNeighborRoutesListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of Bgp neighbor routes Paged Collection of Bgp neighbor routes.	array of BgpNeighborRoutes
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

BgpRouteFiltering (schema)

Enable address_families and route filtering in each direction

Name	Description	Type	Notes
address_family	Address family type Address family type. If not configured, this property automatically derived for IPv4 & IPv6 peer configuration.	string	Enum: IPV4, IPV6, L2VPN_EVPN
enabled	Enable address family Flag to enable address family.	boolean	Default: "True"
in_route_filters	Prefix-list or route map path for IN direction Specify path of prefix-list or route map to filter routes for IN direction.	array of string	Maximum items: 1
maximum_routes	Maximum number of routes for the address family Maximum number of routes for the address family.	int	Minimum: 1 Maximum: 1000000
out_route_filters	Prefix-list or route map path for OUT direction Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied.	array of string	Maximum items: 1

BgpRouteLeaking (schema)

BGP route leaking in each direction

Name	Description	Type	Notes
address_family	Address family type Address family type. Assumed IPv4 address family when not specified.	string	Enum: IPV4, IPV6
in_filter	route map path for IN direction Specify path of route map to filter routes for IN direction. If not specified then all exported routes from peer attachment will be imported.	array of string	Maximum items: 1
out_filter	route map path for OUT direction Specify path of route map to filter routes for OUT direction. If not specified then all redistribute routes will be exported.	array of string	Maximum items: 1

BgpRoutesRequestParameters (schema)

BGP Routes request parameters

Name	Description	Type	Notes
count	Number of routes to retrieve Number of routes to return in response. Not used when routes are requested in CSV format.	int	Minimum: 1 Default: "1000"
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

BgpRoutingConfig (schema)

BGP routing config

Contains BGP routing configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildBgpNeighborConfig
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ebgp_admin_distance	eBGP route administrative distance Administrative distance for IPv4 and IPv6 eBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled.	int	Minimum: 1 Maximum: 255 Default: "20"
ecmp	Flag to enable ECMP Flag to enable ECMP.	boolean
enabled	Flag to enable BGP configuration Flag to enable BGP configuration. Disabling will stop feature and BGP peering.	boolean
graceful_restart_config	BGP Graceful Restart Configuration Configuration field to hold BGP Restart mode and timer.	BgpGracefulRestartConfig
ibgp_admin_distance	iBGP route administrative distance Administrative distance for IPv4 and IPv6 iBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled.	int	Minimum: 1 Maximum: 255 Default: "200"
id	Unique identifier of this resource	string	Sortable
inter_sr_ibgp	Enable inter SR IBGP configuration Flag to enable inter SR IBGP configuration. When not specified, inter SR IBGP is automatically enabled if Tier-0 is created in ACTIVE_ACTIVE ha_mode.	boolean
local_as_num	BGP AS number in ASPLAIN/ASDOT Format Specify BGP AS number for Tier-0 to advertize to BGP peers. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. Empty string disables BGP feature. It is required by normal tier0 but not required in vrf tier0.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
multipath_relax	Flag to enable BGP multipath relax option Flag to enable BGP multipath relax option.	boolean
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BgpRoutingConfig	string
route_aggregations	List of routes to be aggregated List of routes to be aggregated.	array of RouteAggregationEntry	Maximum items: 1000
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BinaryPacketData (schema)

Name	Description	Type	Notes
frame_size	Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.	integer	Minimum: 60 Maximum: 1000 Default: "128"
payload	RFC3548 compatible base64 encoded full payload Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers.	string	Maximum length: 1336
resource_type	Must be set to the value BinaryPacketData	string	Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData"
routed	Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. The scenario where a user injects a packet with a VLAN tag into a parent port is referred to as the traceflow container case. Please note that the value of `routed` depends on the connected network of the child segment rather than the connected network of segment of the parent port in this case. Here is the explanation: The parent port in this context is the port on a segment which is referred to by a SegmentConnectionBindingMap. The bound segment of the SegmentConnectionBindingMap is the child segment. The user-crafted traceflow packet will be directly forwarded to the corresponding child segment of the parent port without interacting with any layer 2 forwarding/layer 3 routing in this scenario. The crafted packet will follow the forwarding/routing polices of the child segment's connected network. For example, if a user injects a crafted packet to port_p, and the segment (seg_p) of port_p is referred to by the binding map m1, where m1 is bound to segment seg_c, and the destination port (port_d) of the packet is the VM vNIC connected to seg_p. Although port_p and port_d are on the same segment, the 'routed' value should be set to true if the user expects the crafted packet to be correctly delivered to the destination. This is because the child segments seg_c and seg_d are on different segments and require router interaction to communicate.	boolean
transport_type	Transport type of the traceflow packet This type takes effect only for IP packet.	string	Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST"

BridgeEndpointStatistics (schema)

Name	Description	Type	Notes
endpoint_id	The id of the bridge endpoint	string	Required Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
rx_bytes		DataCounter	Readonly
rx_packets		DataCounter	Readonly
tx_bytes		DataCounter	Readonly
tx_packets		DataCounter	Readonly

BridgeEndpointStatus (schema)

Name	Description	Type	Notes
active_nodes	The Ids of the transport nodes which actively serve the endpoint.	array of string	Readonly
endpoint_id	The id of the bridge endpoint	string	Required Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly

BridgeFirewallPolicy (schema)

Contains ordered list of Rules for Bridge Firewall

Represents the Bridge Firewall Policy, which contains
the list of Bridge Firewall Rules.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value BridgeFirewallPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	Rules that are a part of this Bridge Firewall Policy	array of Rule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

BridgeProfileConfig (schema)

Bridge Profile Configuration

configuration parameters for Bridge Profile

Name	Description	Type	Notes
bridge_profile_path	Policy path to L2 Bridge profile Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique.	string	Required
uplink_teaming_policy_name	Uplink Teaming Policy Name The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one of the switching uplink teaming policy names listed in the VLAN transport zone specified by the property "vlan_transport_zone_path". When this property is not specified, the default teaming policy of the host-switch is assigned. Do not set a value when the 'bridge_profile_path' is the path of L2DistributedBridgeEndpointProfile.	string
vlan_ids	VLAN IDs VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both.	array of string	Required
vlan_transport_zone_path	Policy path of the VLAN transport zone assigned to the underlay L2 zone for bridging. The path of the VLAN transport zone that represents the underlay L2 zone in which the VLANs will be bridged to overlay segments. A unique VLAN transport zone should be assigned to each underlay L2 zone when needed for bridging. If two VLANs in two underlay L2 zones are combined together as one L2 broadcast-domain by certain L2 extension, the two underlay L2 zones still should have two different VLAN transport zones assigned to them. It is optional for distributed-bridging but required for other bridging modes. If it is not given, the distributed bridge will span all ESX transport nodes in the overlay transport zone of the segment that contains this profile.	string

BridgeProfileRequestParameters (schema)

Bridge profile request parameters

Name	Description	Type	Notes
bridge_profile_path	Bridge profile path Policy path of Bridge profile using which a bridge end point was created.	string	Required
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string

ByodPolicyServiceInstance (schema)

Represents instance of self wiring partner's service

Represents an instance of partner's service whose wiring will be done by partner itself.
As partner does all the wiring, we call it as Byod - Bring your own device.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
deployment_mode	Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.	string	Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
partner_service_name	Name of Partner Service Unique name of Partner Service in the Marketplace	string	Required
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ByodPolicyServiceInstance	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_type	Transport Type Transport to be used while deploying Service-VM.	string	Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

CACertificateData (schema)

Name	Description	Type	Notes
issued_by	Issuer of certificate CommonName of issuer of CA certificate.	string
issued_to	Subject name of certificate CommonName of owner of CA certificate.	string
not_after	Certificate expiry time The time in epoch milliseconds at which the certificate becomes invalid.	EpochMsTimestamp
type	Type of certificate Type of certificate, currently it's CA certificate.	string	Enum: CA_CERTIFICATE

CCPUpgradeStatus (schema)

Status of CCP upgrade

Name	Description	Type	Notes
can_rollback	Can perform rollback This field indicates whether we can perform upgrade rollback.	boolean	Readonly
can_skip	Can the upgrade of the remaining units in this component be skipped	boolean	Readonly
component_type	Component type for the upgrade status	string	Readonly
current_version_node_summary	Mapping of current versions of nodes and counts of nodes at the respective versions.	NodeSummaryList	Readonly
details	Details about the upgrade status	string	Readonly
node_count_at_target_version	Count of nodes at target component version Number of nodes of the type and at the component version	int	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
pre_upgrade_status	Pre-upgrade status of the component-type	UpgradeChecksExecutionStatus	Readonly
status	Upgrade status of component	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version	Target component version	string	Readonly

CNSGroupAssociationRequestParams (schema)

List request parameters containing Cloud Native Service external ID and enforcement point path

List request parameters containing Cloud Native service external ID and enforcement point path

Name	Description	Type	Notes
cns_external_id	Cloud Native Service external ID	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

CaBundle (schema)

CA certificates bundle

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificates	X509Certificates in the bundle	array of X509Certificate	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
earliest_not_after	The earliest time in epoch milliseconds at which a certificate becomes invalid.	EpochMsTimestamp	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
not_after_list	Times for each certificate in the bundle at which the certificate becomes invalid.	array of EpochMsTimestamp	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM-encoded CA bundle certificates.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CaBundle	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

CaBundleListResult (schema)

CA Bundle query result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	CA bundles list.	array of CaBundle	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CdpStatusType (schema) (Deprecated)

Status types supported of the CrlDistributionPoint

Name	Description	Type	Notes
CdpStatusType	Status types supported of the CrlDistributionPoint	string	Deprecated Enum: NOT_READY, FETCHING, READY, ERROR

CentralConfigProperties (schema)

Central Config properties

Name	Description	Type	Notes
local_override	Override Central Config	boolean	Required

Certificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Different categories of certificates to distinguish stored certificates. 'APPLIANCE_CERTIFICATE' are certs used by this cluster. 'PRINCIPAL_IDENTITY_CERTIFICATE' used by LM and GM for mutual auth. 'SITE_CERTIFICATE' are certificate of different sites. 'UNUSED_CERTIFICATE' are certs which are not applied yet. 'POLICY_CERTIFICATE' used for external services. 'CM_INVENTORY' is the root CA certificate of the Computer Manager. 'OTHER_CERTIFICATE' is category for any certificate which is not identified.	string	Readonly Enum: OTHER_CERTIFICATE, APPLIANCE_CERTIFICATE, PRINCIPAL_IDENTITY_CERTIFICATE, SITE_CERTIFICATE, UNUSED_CERTIFICATE, POLICY_CERTIFICATE, CM_INVENTORY
description	Description of this resource	string	Maximum length: 1024 Sortable
details	List of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	Whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
leaf_certificate_sha_256_thumbprint	Certificate thumbprint Unique SHA-256 thumbprint of the leaf node certificate.	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
resource_type	Must be set to the value Certificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
used_by	List of node IDs with services, that are using this certificate.	array of NodeIdServicesMap	Readonly

CertificateBinding (schema)

Certificate binding

Details on applied certificate.

Name	Description	Type	Notes
certificate_id	Certificate Id	string	Required Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
node_id	Node Id Node Id to which this certificate is applied to.	string
service_type	Service Type Service Type of the CertificateProfile to which the certificate is applied to.	ServiceType	Required

CertificateCheckingStatus (schema)

Result of checking a certificate

Name	Description	Type	Notes
error_message	Error Message Error message when checking the certificate.	string	Readonly
status	Status Status of the checked certificate.	CertificateCheckingStatusType	Required Readonly

CertificateCheckingStatusType (schema)

Status types returned when checking a certificate

Name	Description	Type	Notes
CertificateCheckingStatusType	Status types returned when checking a certificate	string	Enum: OK, CRL_NOT_READY, REJECTED, ERROR

CertificateClass (schema)

Certificate Class

Name	Description	Type	Notes
CertificateClass	Certificate Class	string	Enum: REST, RPC, CBM, FEDERATION

CertificateData (schema)

Name	Description	Type	Notes
pem_encoded	PEM encoded certificate data PEM encoded certificate data.	string	Required
private_key	Private key of certificate Private key of certificate.	secure_string	Required

CertificateFormatParameter (schema)

Format in which the certificate is returned.

By default the format returned is exactly the format in which the user provided it, which is the 'raw' format. | The 'standard' format has all extraneous characters removed and has a newline after each 64 characters.

Name	Description	Type	Notes
CertificateFormatParameter	Format in which the certificate is returned. By default the format returned is exactly the format in which the user provided it, which is the 'raw' format. \| The 'standard' format has all extraneous characters removed and has a newline after each 64 characters.	string	Enum: STANDARD, RAW

CertificateId (schema)

Name	Description	Type	Notes
certificate_id	Certificate ID	string	Required Readonly

CertificateJWTTokenResult (schema)

JWT token with new certificate

JWT token generated that contains new certificate signed with old certificate private key when certificate changes.

Name	Description	Type	Notes
jwt_token	JWT token for new certificate JWT token generated that contains new certificate.	string

CertificateList (schema)

Certificate queries result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Certificate list.	array of Certificate	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CertificateOperationStatus (schema)

Status of a certificate operation

Name	Description	Type	Notes
affected_services	Affected services A comma-separated list of services that may be affected or interrupted when this certificate operation occurs.	string	Readonly
certificate_id	Certificate Id	string	Required Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
certificate_name	Name of the new certificate. Required field presenting new certificate name in certificate replacement operation, or the certificate to be deleted.	string	Required Readonly Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
end_time	End time The end time of this certificate operation in epoch milliseconds	EpochMsTimestamp	Readonly
estimated_duration	Estimated duration Estimated time duration in seconds for this certificate operation.	integer	Readonly
id	Unique ID of the operation.	string	Required Readonly Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
message	Message Localized text explaining the details of the error or deprecation warning and remedial steps to be taken.	string	Readonly
node_id	Node Id Node Id to which this certificate is applied to.	string
old_certificate_id	Id of the old certificate Optional field presenting old certificate id in certificate replacement operation.	string	Readonly Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
old_certificate_name	Name of the old certificate Optional field presenting old certificate name in certificate replacement operation.	string	Readonly Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
operation_type	Operation Type Type of operation used for the batch.	string	Required Readonly Enum: REPLACE, DELETE
service_type	Service Type Service Type of the CertificateProfile to which the certificate is applied to.	ServiceType	Required
start_time	Start time The start time of this certificate operation in epoch milliseconds	EpochMsTimestamp	Readonly
status	Status Status of this certificate operation	string	Required Readonly Enum: OK, ERROR, PENDING, ABORTED

CertificateProfile (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
abort_on_error	Abort when there's an error If this field is true, the certificate batch operation would be aborted if an error occurs during the replacement operation for this certificate profile.	boolean	Readonly
affected_services	Affected Services A comma-separated list of service names that may be affected/interrupted when replacing the certificate for this service-type.	string	Readonly
certificate_class	Category Service-types that are in a 'class'' cannot be share a certificate with a service in another 'class'.	CertificateClass	Readonly
cluster_certificate	Cluster Certificate True if this is for a cluster certificate	boolean	Required Readonly
deprecated_in_version	Deprecated in version Version in which this certificate profile was deprecated.	string	Readonly
description	Description A longer description what the service-type is used for.	string	Readonly
extended_key_usage	Extended Key Usage Indicating whether this certificate is used for server-auth, client-auth or both.	array of CertificateUsageType	Required Readonly
node_type	Node Type List of types of node this certificate applies to.	array of NodeType	Required Readonly
processing_order	Processing Order The order in which service-type certificates are replaced in a batch-replace.	integer	Readonly
profile_name	Certificate Profile Name	string	Required Readonly
replacement_duration	Processing Duration The estimated amount of time it takes to replace the certificate for this service-type, in seconds.	integer	Readonly
requires_private_key	Requires Private Key True if this certificate needs a private key.	boolean	Required Readonly
service_type	Unique Service Type A short and unique name for the type of service this certificate is used for.	ServiceType	Required Readonly
summary	Summary A short phrase what this service-type is for.	string	Readonly
unique_use	Unique Use True if the certificate used for this service-type cannot be used anywhere else.	boolean	Required Readonly

CertificateProfileListResult (schema)

CertificateProfile query result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	CertificateProfile list.	array of CertificateProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CertificateRenewalParameters (schema)

Parameters that affect how certificate renewals are processed

Name	Description	Type	Notes
force	Force renewal of certificates If true, perform certificate renewal even if blocked.	boolean	Default: "False"

CertificateReplacementConfig (schema)

Configuration for a certificate replacement operation

Name	Description	Type	Notes
new_certificate_id	Id of the new certificate Id of the certificate which will replace the old certificate. This is optional field. If not specified, and if the old certificate is a self-signed certificate, a fresh self-signed will be generated with identical attributes as the old certificate.	string	Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
old_certificate_id	Id of the old certificate Id of the currently used certificate which needs to be replaced.	string	Required Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"

CertificateUsageType (schema)

Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER

Name	Description	Type	Notes
CertificateUsageType	Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER	string	Enum: SERVER, CLIENT

CertificatesBatchOperationResult (schema)

Result of certificates batch operation

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
end_time	End time The end time of this certificate batch operation in epoch milliseconds	EpochMsTimestamp	Readonly
pending_estimated_duration	Pending estimated duration Sum of estimated duration of pending certificate operations.	integer	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Batch results List of certificate operation statuses.	array of CertificateOperationStatus	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
start_time	Start time The start time of this certificate batch operation in epoch milliseconds	EpochMsTimestamp	Readonly
total_estimated_duration	Total estimated duration Sum of estimated duration of all certificate operations.	integer	Readonly

CertificatesBatchReplacementParameters (schema)

Parameters that affect how certificate batch operations are processed

Name	Description	Type	Notes
force	Force batch replacement If true, perform the certificate batch replacement even if blocked.	boolean	Default: "False"

CertificatesBatchReplacementRequest (schema)

Request for batch replacement of certificates

Name	Description	Type	Notes
certificate_replacements	List of certificate replacement operation configurations.	array of CertificateReplacementConfig	Required

ChildAntreaTraceflowConfig (schema)

Wrapper object for AnteaTraceflowConfig

Child wrapper for AntreaTraceflowConfig, used in hierarchical API.

Name	Description	Type	Notes
TraceflowConfig	AntreaTraceflowConfig Contains the actual AntreaTraceflowConfig object.	AntreaTraceflowConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildAntreaTraceflowConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildBfdProfile (schema)

Wrapper object for BfdProfile

Child wrapper for BfdProfile, used in hierarchical API.

Name	Description	Type	Notes
BfdProfile	Bfd Profile Contains the actual BfdProfile object.	BfdProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildBfdProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildBgpNeighborConfig (schema)

Wrapper object for BgpNeighborConfig

Child wrapper object for BgpNeighborConfig, used in hierarchical API.

Name	Description	Type	Notes
BgpNeighborConfig	BgpNeighborConfig Contains the actual BgpNeighborConfig object.	BgpNeighborConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildBgpNeighborConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildBgpRoutingConfig (schema)

Wrapper object for BgpRoutingConfig

Child wrapper object for BgpRoutingConfig, used in hierarchical API.

Name	Description	Type	Notes
BgpRoutingConfig	BgpRoutingConfig Contains the actual BgpRoutingConfig object.	BgpRoutingConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildBgpRoutingConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildBridgeFirewallPolicy (schema)

Wrapper object for BridgeFirewallPolicy

Child wrapper object for BridgeFirewallPolicy, used in hierarchical API

Name	Description	Type	Notes
BridgeFirewallPolicy	BridgeFirewallPolicy Contains the BridgeFirewallPolicy object	BridgeFirewallPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildBridgeFirewallPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildByodPolicyServiceInstance (schema)

Wrapper object for ByodPolicyServiceInstance

Child wrapper object for ByodPolicyServiceInstance used in hierarchical API.

Name	Description	Type	Notes
ByodPolicyServiceInstance	ByodPolicyServiceInstance Contains actual ByodPolicyServiceInstance.	ByodPolicyServiceInstance	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildByodPolicyServiceInstance	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildCaBundle (schema)

Child wrapper for CA certificates bundle, used in hierarchical API.

Name	Description	Type	Notes
CaBundle	CaBundle Contains the actual CaBundle object.	CaBundle	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildCaBundle	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildCommunicationEntry (schema) (Deprecated)

Wrapper object for CommunicationEntry

Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead.

Name	Description	Type	Notes
CommunicationEntry	CommunicationEntry Contains the actual CommunicationEntry object.	CommunicationEntry	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildCommunicationEntry	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildCommunicationMap (schema) (Deprecated)

Wrapper object for CommunicationMap

Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead.

Name	Description	Type	Notes
CommunicationMap	CommunicationMap Contains the actual CommunicationMap object.	CommunicationMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildCommunicationMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildCommunityList (schema)

Wrapper object for CommunityList

Child wrapper object for CommunityList, used in hierarchical API

Name	Description	Type	Notes
CommunityList	CommunityList Contains the actual CommunityList object	CommunityList	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildCommunityList	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildComputeClusterIdfwConfiguration (schema)

Wrapper object for ComputeClusterIdfwConfiguration

Name	Description	Type	Notes
ComputeClusterIdfwConfiguration	ComputeClusterIdfwConfiguration Contains the actual compute cluster idfw configuration object.	ComputeClusterIdfwConfiguration	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildComputeClusterIdfwConfiguration	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildConstraint (schema)

Wrapper object for Constraint

Child wrapper object for Constraint, used in hierarchical API

Name	Description	Type	Notes
Constraint	Constraint Contains the actual Constraint object	Constraint	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildConstraint	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildConstraintGlobalConfig (schema)

Wrapper object for ConstraintGlobalConfig

Child wrapper object for ConstraintGlobalConfig, used in hierarchical API

Name	Description	Type	Notes
GlobalConfig	ConstraintGlobalConfig Settings to Constraint global configs in NSX/NSX+ application platform.	ConstraintGlobalConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildConstraintGlobalConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDeploymentZone (schema) (Deprecated)

Wrapper object for DeploymentZone

Child wrapper object for DeploymentZone, used in hierarchical API

Name	Description	Type	Notes
DeploymentZone	DeploymentZone Contains the actual DeploymentZone object	DeploymentZone	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDeploymentZone	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDfwFirewallConfiguration (schema) (Experimental)

Wrapper object for FirewallConfiguration

Name	Description	Type	Notes
DfwFirewallConfiguration	Dfw Firewall Configuration Contains the actual dfw firewall configuration list object.	DfwFirewallConfiguration	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDfwFirewallConfiguration	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDhcpRelayConfig (schema)

Wrapper object for DhcpRelayConfig

Child wrapper object for DhcpRelayConfig, used in hierarchical API

Name	Description	Type	Notes
DhcpRelayConfig	DhcpRelayConfig Contains the actual DhcpRelayConfig object	DhcpRelayConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDhcpRelayConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDhcpServerConfig (schema)

Wrapper object for DhcpServerConfig

Child wrapper object for DhcpServerConfig, used in hierarchical API

Name	Description	Type	Notes
DhcpServerConfig	DhcpServerConfig Contains the actual DhcpServerConfig object	DhcpServerConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDhcpServerConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDhcpStaticBindingConfig (schema)

Wrapper object for DhcpStaticBindingConfig

Child wrapper for DhcpStaticBindingConfig, used in hierarchical API.

Name	Description	Type	Notes
DhcpStaticBindingConfig	DhcpStaticBindingConfig Contains the actual DhcpStaticBindingConfig object.	DhcpStaticBindingConfig (Abstract type: pass one of the following concrete types) DhcpV4StaticBindingConfig DhcpV6StaticBindingConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDhcpStaticBindingConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDistributedVlanConnection (schema)

Wrapper object for distributed vlan connection

Child wrapper object for distributed vlan connection, used in hierarchical API.

Name	Description	Type	Notes
DistributedVlanConnection	Policy distributed vlan connection Contains the actual distributed vlan connection object.	DistributedVlanConnection	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDistributedVlanConnection	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDnsSecurityProfile (schema)

Wrapper object for DnsSecurityProfile

Child wrapper object for DnsSecurityProfile, used in hierarchical API

Name	Description	Type	Notes
DnsSecurityProfile	DnsSecurityProfile Contains the actual DnsSecurityProfile object	DnsSecurityProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDnsSecurityProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDnsSecurityProfileBindingMap (schema)

Wrapper object for DnsSecurityProfileBindingMap

Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API

Name	Description	Type	Notes
DnsSecurityProfileBindingMap	DnsSecurityProfileBindingMap Contains the actual DnsSecurityProfileBindingMap object	DnsSecurityProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDnsSecurityProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDomain (schema)

Wrapper object for Domain

Child wrapper object for domain, used in hierarchical API.

Name	Description	Type	Notes
Domain	Domain Contains the actual domain object.	Domain	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDomain	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildDomainDeploymentMap (schema)

Wrapper object for DomainDeploymentMap

Child wrapper object for DomainDeploymentMap, used in hierarchical API.

Name	Description	Type	Notes
DomainDeploymentMap	DomainDeploymentMap Contains the actual DomainDeploymentMap object.	DomainDeploymentMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildDomainDeploymentMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildEndpointPolicy (schema)

Wrapper object for Endpoint Policy

Child wrapper object for EndpointPolicy used in hierarchical API.

Name	Description	Type	Notes
EndpointPolicy	EndpointPolicy Contains actual EndpointPolicy.	EndpointPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildEndpointPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildEndpointRule (schema)

Wrapper object for Endpoint Rule

Child wrapper object for EndpointRule used in hierarchical API.

Name	Description	Type	Notes
EndpointRule	EndpointRule Contains actual EndpointRule.	EndpointRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildEndpointRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildEnforcementPoint (schema)

Wrapper object for EnforcementPoint

Child wrapper object for EnforcementPoint, used in hierarchical API.

Name	Description	Type	Notes
EnforcementPoint	EnforcementPoint Contains the actual Enforcement point object.	EnforcementPoint	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildEnforcementPoint	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildEvpnConfig (schema)

Wrapper object for EvpnConfig

Child wrapper object for EvpnConfig, used in hierarchical API.

Name	Description	Type	Notes
EvpnConfig	EvpnConfig Contains the actual EvpnConfig object.	EvpnConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildEvpnConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildEvpnTunnelEndpointConfig (schema)

Wrapper object for EvpnTunnelEndpointConfig

Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API.

Name	Description	Type	Notes
EvpnTunnelEndpointConfig	EvpnTunnelEndpointConfig Contains the actual EvpnTunnelEndpointConfig object.	EvpnTunnelEndpointConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildEvpnTunnelEndpointConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildFloodProtectionProfile (schema)

Wrapper object for FloodProtectionProfile

Child wrapper object for FloodProtectionProfile,
used in hierarchical API

Name	Description	Type	Notes
FloodProtectionProfile	FloodProtectionProfile Contains the actual FloodProtectionProfile object	FloodProtectionProfile (Abstract type: pass one of the following concrete types) DistributedFloodProtectionProfile GatewayFloodProtectionProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildFloodProtectionProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildFloodProtectionProfileBindingMap (schema)

Wrapper object for FloodProtectionProfileBindingMap

Child wrapper object for FloodProtectionProfileBindingMap,
used in hierarchical API

Name	Description	Type	Notes
FloodProtectionProfileBindingMap	FloodProtectionProfileBindingMap Contains the actual FloodProtectionProfileBindingMap object	FloodProtectionProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildFloodProtectionProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildFqdnAnalysisConfig (schema)

Wrapper object for FqdnAnalysisConfig

Child wrapper object for FqdnAnalysisConfig, used in hierarchical API

Name	Description	Type	Notes
FqdnAnalysisConfig	FQDN Analysis Config Contains the actual FqdnAnalysisConfig object	FqdnAnalysisConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildFqdnAnalysisConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGatewayConnection (schema)

Wrapper object for gateway connection

Child wrapper object for gateway connection, used in hierarchical API.

Name	Description	Type	Notes
GatewayConnection	Policy gateway connection Contains the actual gateway connection object.	GatewayConnection	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGatewayConnection	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGatewayPolicy (schema)

Wrapper object for GatewayPolicy

Child wrapper object for GatewayPolicy, used in hierarchical API

Name	Description	Type	Notes
GatewayPolicy	GatewayPolicy Contains the actual GatewayPolicy object	GatewayPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGatewayPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGatewayQosProfile (schema)

Wrapper object for GatewayQosProfile

Child wrapper for GatewayQosProfile, used in hierarchical API.

Name	Description	Type	Notes
GatewayQosProfile	GatewayQosProfile Contains the actual GatewayQosProfile object.	GatewayQosProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGatewayQosProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGeneralSecurityProfile (schema)

Wrapper object for GeneralSecurityProfile

Child wrapper object for GeneralSecurityProfile,
used in hierarchical API

Name	Description	Type	Notes
GeneralSecurityProfile	GeneralSecurityProfile Contains the actual GeneralSecurityProfile object	GeneralSecurityProfile (Abstract type: pass one of the following concrete types) GatewayGeneralSecurityProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGeneralSecurityProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGeneralSecurityProfileBindingMap (schema)

Wrapper object for GeneralSecurityProfileBindingMap

Child wrapper object for GeneralSecurityProfileBindingMap,
used in hierarchical API

Name	Description	Type	Notes
GeneralSecurityProfileBindingMap	GeneralSecurityProfileBindingMap Contains the actual GeneralSecurityProfileBindingMap object	GeneralSecurityProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGeneralSecurityProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGeoIpSetting (schema)

Wrapper object for GeoIpSetting

Child wrapper object for GeoIpSetting, used in hierarchical API.

Name	Description	Type	Notes
GeoIpSetting	Geo IP Setting Contains the actual GeoIpSetting object.	GeoIpSetting	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGeoIpSetting	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGlobalConfig (schema)

Wrapper object for GlobalConfig

Child wrapper object for GlobalConfig, used in hierarchical API

Name	Description	Type	Notes
GlobalConfig	GlobalConfig Contains the actual GlobalConfig object.	GlobalConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGlobalConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGlobalDfwConfiguration (schema) (Experimental)

Wrapper object for GlobalDfwConfiguration

Name	Description	Type	Notes
GlobalDfwConfiguration	Global distributed firewall configuration Contains the actual global distributed firewall configuration object.	GlobalDfwConfiguration	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGlobalDfwConfiguration	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGlobalIdsSettings (schema)

Wrapper object for GlobalIdsSettings

Child wrapper object for GlobalIdsSettings, used in hierarchical API

Name	Description	Type	Notes
GlobalIdsSettings	GlobalIdsSettings Contains the GlobalIdsSettings object	GlobalIdsSettings	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGlobalIdsSettings	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGlobalIdsSignature (schema)

Wrapper object for GlobalIdsSignature

Child wrapper object for GlobalIdsSignature, used in hierarchical API

Name	Description	Type	Notes
GlobalIdsSignature	GlobalIdsSignature Contains the GlobalIdsSignature object	GlobalIdsSignature	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGlobalIdsSignature	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGlobalManager (schema)

Wrapper object for Global Manager

Child wrapper object for Global Manager, used in hierarchical API.

Name	Description	Type	Notes
GlobalManager	GlobalManager Contains the actual Global Manager object.	GlobalManager	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGlobalManager	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGroup (schema)

Wrapper object for Group

Child wrapper object for group, used in hierarchical API.

Name	Description	Type	Notes
Group	Group Contains the actual group objects.	Group	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGroup	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGroupDiscoveryProfileBindingMap (schema)

Wrapper object for GroupDiscoveryProfileBindingMap

Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API

Name	Description	Type	Notes
GroupDiscoveryProfileBindingMap	GroupDiscoveryProfileBindingMap Contains the actual GroupDiscoveryProfileBindingMap object	GroupDiscoveryProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGroupDiscoveryProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildGroupMonitoringProfileBindingMap (schema)

Wrapper object for GroupMonitoringProfileBindingMap

Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
GroupMonitoringProfileBindingMap	GroupMonitoringProfileBindingMap Contains the actual GroupMonitoringProfileBindingMap object	GroupMonitoringProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildGroupMonitoringProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPDiscoveryProfile (schema)

Wrapper object for IPDiscoveryProfile

Child wrapper object for IPDiscoveryProfile, used in hierarchical API

Name	Description	Type	Notes
IPDiscoveryProfile	IPDiscoveryProfile Contains the actual IPDiscoveryProfile object	IPDiscoveryProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPDiscoveryProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPFIXDFWCollectorProfile (schema)

Wrapper object for IPFIXDFWCollectorProfile

Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API

Name	Description	Type	Notes
IPFIXDFWCollectorProfile	IPFIXDFWCollectorProfile Contains the actual IPFIXDFWCollectorProfile object	IPFIXDFWCollectorProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPFIXDFWCollectorProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPFIXDFWProfile (schema)

Wrapper object for IPFIXDFWProfile

Child wrapper object for IPFIXDFWProfile, used in hierarchical API

Name	Description	Type	Notes
IPFIXDFWProfile	IPFIXDFWProfile Contains the actual IPFIXDFWProfile object	IPFIXDFWProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPFIXDFWProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPFIXL2CollectorProfile (schema)

Wrapper object for IPFIXL2CollectorProfile

Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API

Name	Description	Type	Notes
IPFIXL2CollectorProfile	IPFIXL2CollectorProfile Contains the actual IPFIXL2CollectorProfile object	IPFIXL2CollectorProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPFIXL2CollectorProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPFIXL2Profile (schema)

Wrapper object for IPFIXL2Profile

Child wrapper object for IPFIXL2Profile, used in hierarchical API

Name	Description	Type	Notes
IPFIXL2Profile	IPFIXL2Profile Contains the actual IPFIXL2Profile object	IPFIXL2Profile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPFIXL2Profile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPReputationSiteMapping (schema)

Wrapper object for IP ReputationSiteMapping

Child wrapper object for IP ReputationSiteMapping, used in hierarchical API.

Name	Description	Type	Notes
IPReputationSiteMapping	IPReputationSiteMapping Contains the actual IP ReputationSiteMapping objects.	IPReputationSiteMapping	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPReputationSiteMapping	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPSecVpnDpdProfile (schema)

Wrapper object for IPSecVpnDpdProfile

Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API.

Name	Description	Type	Notes
IPSecVpnDpdProfile	IPSecVpnDpdProfile Contains the actual IPSecVpnDpdProfile object.	IPSecVpnDpdProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPSecVpnDpdProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPSecVpnIkeProfile (schema)

Wrapper object for IPSecVpnIkeProfile

Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API.

Name	Description	Type	Notes
IPSecVpnIkeProfile	IPSecVpnIkeProfile Contains the actual IPSecVpnIkeProfile object.	IPSecVpnIkeProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPSecVpnIkeProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPSecVpnLocalEndpoint (schema)

Wrapper object for IPSecVpnLocalEndpoint

Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API.

Name	Description	Type	Notes
IPSecVpnLocalEndpoint	IPSecVpnLocalEndpoint Contains the actual IPSecVpnLocalEndpoint object.	IPSecVpnLocalEndpoint	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPSecVpnLocalEndpoint	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPSecVpnService (schema)

Wrapper object for IPSecVpnService

Child wrapper object for IPSecVpnService, used in hierarchical API.

Name	Description	Type	Notes
IPSecVpnService	IPSecVpnService Contains the actual IPSecVpnService object.	IPSecVpnService	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPSecVpnService	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPSecVpnSession (schema)

Wrapper object for IPSecVpnSession

Child wrapper object for IPSecVpnSession, used in hierarchical API.

Name	Description	Type	Notes
IPSecVpnSession	IPSecVpnSession Contains the actual IPSecVpnSession object.	IPSecVpnSession (Abstract type: pass one of the following concrete types) PolicyBasedIPSecVpnSession RouteBasedIPSecVpnSession	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPSecVpnSession	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIPSecVpnTunnelProfile (schema)

Wrapper object for IPSecVpnTunnelProfile

Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API.

Name	Description	Type	Notes
IPSecVpnTunnelProfile	IPSecVpnTunnelProfile Contains the actual IPSecVpnTunnelProfile object	IPSecVpnTunnelProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIPSecVpnTunnelProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdentityFirewallStore (schema)

Wrapper object for IdentityFirewallStore

Child wrapper for IdentityFirewallStore, used in hierarchical API.

Name	Description	Type	Notes
IdentityFirewallStore	IdentityFirewallStore Contains the actual IdentityFirewallStore object.	IdentityFirewallStore (Abstract type: pass one of the following concrete types) IdentityFirewallAdStore	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdentityFirewallStore	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsClusterConfig (schema)

Wrapper object for IdsClusterConfig

Child wrapper object for IdsClusterConfig, used in hierarchical API

Name	Description	Type	Notes
IdsClusterConfig	IdsClusterConfig Contains the IdsClusterConfig object	IdsClusterConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsClusterConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsCustomSignatureSettings (schema)

Wrapper object for IdsCustomSignatureSettings

Child wrapper object for IdsCustomSignatureSettings, used in hierarchical API

Name	Description	Type	Notes
IdsCustomSignatureSettings	IdsCustomSignatureSettings Contains the IdsCustomSignatureSettings object	IdsCustomSignatureSettings	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsCustomSignatureSettings	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsGatewayPolicy (schema)

Wrapper object for IdsGatewayPolicy

Child wrapper object for IdsGatewayPolicy, used in hierarchical API

Name	Description	Type	Notes
IdsGatewayPolicy	IdsGatewayPolicy Contains the IdsGatewayPolicy object	IdsGatewayPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsGatewayPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsGlobalEventConfig (schema)

Wrapper object for IdsGlobalEventConfig

Child wrapper object for IdsGlobalEventConfig, used in hierarchical API

Name	Description	Type	Notes
IdsGlobalEventConfig	IdsGlobalEventConfig Contains the IdsGlobalEventConfig object	IdsGlobalEventConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsGlobalEventConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsPcapFileMetadata (schema)

Wrapper object for IdsPcapFileMetadata

Child wrapper object for IdsPcapFileMetadata, used in hierarchical API

Name	Description	Type	Notes
IdsPcapFileMetadata	IdsPcapFileMetadata Contains the IdsPcapFileMetadata object	IdsPcapFileMetadata	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsPcapFileMetadata	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsProfile (schema)

Wrapper object for IdsProfile

Child wrapper object for IdsProfile, used in hierarchical API

Name	Description	Type	Notes
IdsProfile	IdsProfile Contains the IdsProfile object	IdsProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsRule (schema)

Wrapper object for IdsRule

Child wrapper object for IdsRule, used in hierarchical API

Name	Description	Type	Notes
IdsRule	IdsRule Contains the IdsRule object	IdsRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsSecurityPolicy (schema)

Wrapper object for IdsSecurityPolicy

Child wrapper object for IdsSecurityPolicy, used in hierarchical API

Name	Description	Type	Notes
IdsSecurityPolicy	IdsSecurityPolicy Contains the IdsSecurityPolicy object	IdsSecurityPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsSecurityPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsSettings (schema)

Wrapper object for IdsSettings

Child wrapper object for IdsSettings, used in hierarchical API

Name	Description	Type	Notes
IdsSettings	IdsSettings Contains the IdsSettings object	IdsSettings	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsSettings	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsSignature (schema)

Wrapper object for IdsSignature

Child wrapper object for IdsSignature, used in hierarchical API

Name	Description	Type	Notes
IdsSignature	IdsSignature Contains the IdsSignature object	IdsSignature	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsSignature	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsSignatureStatus (schema)

Wrapper object for IdsSignatureStatus

Child wrapper object for IdsSignatureStatus, used in hierarchical API

Name	Description	Type	Notes
IdsSignatureStatus	IdsSignatureStatus Contains the IdsSignatureStatus object	IdsSignatureStatus	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsSignatureStatus	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsSignatureVersion (schema)

Wrapper object for IdsSignatureVersion

Child wrapper object for IdsSignatureVersion, used in hierarchical API

Name	Description	Type	Notes
IdsSignatureVersion	IdsSignatureVersion Contains the IdsSignatureVersion object	IdsSignatureVersion	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsSignatureVersion	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsSiteVersionMapping (schema)

Wrapper object for IdsSiteVersionMapping

Child wrapper object for IdsSiteVersionMapping, used in hierarchical API.

Name	Description	Type	Notes
IdsSiteVersionMapping	IdsSiteVersionMapping Contains the actual IdsSiteVersionMapping objects.	IdsSiteVersionMapping	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsSiteVersionMapping	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsStandaloneHostConfig (schema)

Wrapper object for IdsStandaloneHostConfig

Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API

Name	Description	Type	Notes
IdsStandaloneHostConfig	IdsStandaloneHostConfig Contains the IdsStandaloneHostConfig object	IdsStandaloneHostConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsStandaloneHostConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIdsThresholdConfig (schema)

Wrapper object for IdsThresholdConfig

Child wrapper object for IdsThresholdConfig, used in hierarchical API.

Name	Description	Type	Notes
IdsThresholdConfig	IdsThresholdConfig Contains the IdsThresholdConfig object.	IdsThresholdConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIdsThresholdConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildInfra (schema)

Wrapper object for Infra

Child wrapper object for Infra, used in multi-tenancy hierarchical API

Name	Description	Type	Notes
Infra	Infra Contains the actual Infra object	Infra	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildInfra	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIpAddressAllocation (schema)

Wrapper object for IpAddressAllocation

Child wrapper object for IpAddressAllocation, used in hierarchical API

Name	Description	Type	Notes
IpAddressAllocation	IpAddressAllocation Contains the actual IpAddressAllocation object	IpAddressAllocation	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIpAddressAllocation	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIpAddressBlock (schema)

Wrapper object for IpAddressBlock

Child wrapper object for IpAddressBlock, used in hierarchical API

Name	Description	Type	Notes
IpAddressBlock	IpAddressBlock Contains the actual IpAddressBlock object	IpAddressBlock	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIpAddressBlock	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIpAddressPool (schema)

Wrapper object for IpAddressPool

Child wrapper object for IpAddressPool, used in hierarchical API

Name	Description	Type	Notes
IpAddressPool	IpAddressPool Contains the actual IpAddressPool object	IpAddressPool	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIpAddressPool	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIpAddressPoolSubnet (schema)

Wrapper object for IpAddressPoolSubnet

Child wrapper object for IpAddressPoolSubnet, used in hierarchical API

Name	Description	Type	Notes
IpAddressPoolSubnet	IpAddressPoolSubnet Contains the actual IpAddressPoolSubnet object	IpAddressPoolSubnet (Abstract type: pass one of the following concrete types) IpAddressPoolBlockSubnet IpAddressPoolStaticSubnet	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIpAddressPoolSubnet	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIpv6DadProfile (schema)

Wrapper object for Ipv6DadProfile

Child wrapper object for Ipv6DadProfile, used in hierarchical API

Name	Description	Type	Notes
Ipv6DadProfile	Ipv6DadProfile Contains the actual Ipv6DadProfile objects	Ipv6DadProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIpv6DadProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildIpv6NdraProfile (schema)

Wrapper object for Ipv6NdraProfile

Child wrapper object for Ipv6NdraProfile, used in hierarchical API

Name	Description	Type	Notes
Ipv6NdraProfile	Ipv6NdraProfile Contains the actual Ipv6NdraProfile objects	Ipv6NdraProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildIpv6NdraProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL2BridgeEndpointProfile (schema)

Wrapper object for L2BridgeEndpointProfile

Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API

Name	Description	Type	Notes
L2BridgeEndpointProfile	L2BridgeEndpointProfile Contains the actual L2BridgeEndpointProfile object	L2BridgeEndpointProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL2BridgeEndpointProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL2VPNService (schema)

Wrapper object for L2VPNService

Child wrapper object for L2VPNService, used in hierarchical API.

Name	Description	Type	Notes
L2VPNService	L2VPNService Contains the actual L2VPNService object.	L2VPNService	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL2VPNService	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL2VPNSession (schema)

Wrapper object for L2VPNSession

Child wrapper object for L2VPNSession, used in hierarchical API.

Name	Description	Type	Notes
L2VPNSession	L2VPNSession Contains the actual L2VPNSession object.	L2VPNSession	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL2VPNSession	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL2Vpn (schema) (Deprecated)

Wrapper object for L2Vpn

Child wrapper object for L2Vpn, used in hierarchical API.

Name	Description	Type	Notes
L2Vpn	L2Vpn Contains the actual L2Vpn object.	L2Vpn	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL2Vpn	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL2VpnContext (schema) (Deprecated)

Wrapper object for L2VpnContext

Child wrapper object for L2VpnContext, used in hierarchical API.

Name	Description	Type	Notes
L2VpnContext	L2VpnContext Contains the actual L2VpnContext object.	L2VpnContext	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL2VpnContext	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL3Vpn (schema) (Deprecated)

Wrapper object for L3Vpn

Child wrapper object for L3Vpn, used in hierarchical API.

Name	Description	Type	Notes
L3Vpn	L3Vpn Contains the actual L3Vpn object.	L3Vpn	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL3Vpn	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL3VpnContext (schema) (Deprecated)

Wrapper object for L3VpnContext

Child wrapper object for L3VpnContext, used in hierarchical API.

Name	Description	Type	Notes
L3VpnContext	L3VpnContext Contains the actual L3VpnContext object.	L3VpnContext	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL3VpnContext	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL7AccessEntry (schema)

Wrapper object for L7 Access Entry

Child wrapper object for L7 Access Entry, used in hierarchical API

Name	Description	Type	Notes
L7AccessEntry	L7 Access Entry Contains the actual L7 access entry object	L7AccessEntry	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL7AccessEntry	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildL7AccessProfile (schema)

Wrapper object for L7 Access Profile

Child wrapper object for L7 Access Profile, used in hierarchical API

Name	Description	Type	Notes
L7AccessProfile	L7 access profile Contains the actual L7 access profile object	L7AccessProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildL7AccessProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBAppProfile (schema)

Wrapper object for LBAppProfile

Child wrapper for LBAppProfile, used in hierarchical API.

Name	Description	Type	Notes
LBAppProfile	LBAppProfile Contains the actual LBAppProfile object.	LBAppProfile (Abstract type: pass one of the following concrete types) LBFastTcpProfile LBFastUdpProfile LBHttpProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBAppProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBClientSslProfile (schema)

Wrapper object for LBClientSslProfile

Child wrapper for LBClientSslProfile, used in hierarchical API.

Name	Description	Type	Notes
LBClientSslProfile	LBClientSslProfile Contains the actual LBClientSslProfile object.	LBClientSslProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBClientSslProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBMonitorProfile (schema)

Wrapper object for LBMonitorProfile

Child wrapper for LBMonitorProfile, used in hierarchical API.

Name	Description	Type	Notes
LBMonitorProfile	LBMonitorProfile Contains the actual LBMonitorProfile object.	LBMonitorProfile (Abstract type: pass one of the following concrete types) LBActiveMonitor LBHttpMonitorProfile LBHttpsMonitorProfile LBIcmpMonitorProfile LBPassiveMonitorProfile LBTcpMonitorProfile LBUdpMonitorProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBMonitorProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBPersistenceProfile (schema)

Wrapper object for LBPersistenceProfile

Child wrapper for LBPersistenceProfile, used in hierarchical API.

Name	Description	Type	Notes
LBPersistenceProfile	LBPersistenceProfile Contains the actual LBPersistenceProfile object.	LBPersistenceProfile (Abstract type: pass one of the following concrete types) LBCookiePersistenceProfile LBGenericPersistenceProfile LBSourceIpPersistenceProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBPersistenceProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBPool (schema)

Wrapper object for LBPool

Child wrapper for LBPool, used in hierarchical API.

Name	Description	Type	Notes
LBPool	LBPool Contains the actual LBPool object.	LBPool	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBPool	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBServerSslProfile (schema)

Wrapper object for LBServerSslProfile

Child wrapper for LBServerSslProfile, used in hierarchical API.

Name	Description	Type	Notes
LBServerSslProfile	LBServerSslProfile Contains the actual LBServerSslProfile object.	LBServerSslProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBServerSslProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBService (schema)

Wrapper object for LBService

Child wrapper for LBService, used in hierarchical API.

Name	Description	Type	Notes
LBService	LBService Contains the actual LBService object.	LBService	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBService	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLBVirtualServer (schema)

Wrapper object for LBVirtualServer

Child wrapper for LBVirtualServer, used in hierarchical API.

Name	Description	Type	Notes
LBVirtualServer	LBVirtualServer Contains the actual LBVirtualServer object.	LBVirtualServer	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLBVirtualServer	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLimit (schema)

Child wrapper for Limit

Child wrapper object for Limit, used in hierarchical API.

Name	Description	Type	Notes
Limit	Policy Limit Definition Contains Limit definitions.	Limit	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLimit	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLiveTraceConfig (schema)

Wrapper object for LiveTraceConfig

Child wrapper for LiveTraceConfig for Hierarchical API

Name	Description	Type	Notes
LiveTraceConfig	LiveTraceConfig The actual LiveTraceConfig object.	LiveTraceConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLiveTraceConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildLocaleServices (schema)

Wrapper object for LocaleServices

Child wrapper object for LocaleServices, used in hierarchical API

Name	Description	Type	Notes
LocaleServices	LocaleServices Contains the actual LocaleServices object	LocaleServices	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildLocaleServices	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildMacDiscoveryProfile (schema)

Wrapper object for MacDiscoveryProfile

Child wrapper object for MacDiscoveryProfile, used in hierarchical API

Name	Description	Type	Notes
MacDiscoveryProfile	MacDiscoveryProfile Contains the actual MacDiscoveryProfile object	MacDiscoveryProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildMacDiscoveryProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildMalwarePreventionProfile (schema)

Wrapper object for MalwarePreventionProfile

Child wrapper object for MalwarePreventionProfile, used in hierarchical API

Name	Description	Type	Notes
MalwarePreventionProfile	MalwarePreventionProfile Contains the MalwarePreventionProfile object	MalwarePreventionProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildMalwarePreventionProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildMalwarePreventionSignature (schema)

Wrapper object for MalwarePreventionSignature

Child wrapper object for MalwarePreventionSignature, used in hierarchical API

Name	Description	Type	Notes
MalwarePreventionSignature	MalwarePreventionSignature Contains the MalwarePreventionSignature object	MalwarePreventionSignature	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildMalwarePreventionSignature	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildMetadataProxyConfig (schema)

Wrapper object for MetadataProxyConfig

Name	Description	Type	Notes
MetadataProxyConfig	MetadataProxyConfig Contains the actual MetadataProxyConfig object.	MetadataProxyConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildMetadataProxyConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOdsDynamicRunbookInstance (schema)

Wrapper object for OdsDynamicRunbookInstance

Child wrapper for OdsDynamicRunbookInstance for Hierarchical API

Name	Description	Type	Notes
OdsDynamicRunbookInstance	OdsDynamicRunbookInstance The actual OdsDynamicRunbookInstance object.	OdsDynamicRunbookInstance	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOdsDynamicRunbookInstance	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOdsRunbookInvocation (schema)

Wrapper object for OdsRunbookInvocation

Child wrapper for OdsRunbookInvocation for Hierarchical API

Name	Description	Type	Notes
OdsRunbookInvocation	OdsRunbookInvocation The actual OdsRunbookInvocation object.	OdsRunbookInvocation	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOdsRunbookInvocation	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOdsRunbookInvocationArtifactBatchRequest (schema)

Wrapper object for OdsRunbookInvocationArtifactBatchRequest

Child wrapper for OdsRunbookInvocationArtifactBatchRequest for Hierarchical API

Name	Description	Type	Notes
OdsRunbookInvocation	OdsRunbookInvocationArtifactBatchRequest The actual OdsRunbookInvocationArtifactBatchRequest object.	OdsRunbookInvocationArtifactBatchRequest	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOdsRunbookInvocationArtifactBatchRequest	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOpsGlobalConfig (schema)

Wrapper object for OpsGlobalConfig

Child wrapper object for OpsGlobalConfig, used in hierarchical API

Name	Description	Type	Notes
GlobalConfig	OpsGlobalConfig Contains the actual OpsGlobalConfig object.	OpsGlobalConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOpsGlobalConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOrg (schema)

Wrapper object for Org

Child wrapper object for Org, used in hierarchical API

Name	Description	Type	Notes
Org	Org Contains the actual Org object	Org	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOrg	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOrgRoot (schema)

Wrapper object for OrgRoot

Child wrapper object for OrgRoot, used in multi-tenancy hierarchical API

Name	Description	Type	Notes
OrgRoot	OrgRoot Contains the actual OrgRoot object	OrgRoot	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOrgRoot	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOspfAreaConfig (schema)

Wrapper object for OSPF routing config

Child wrapper object for OspfAreaConfig used in hierarchical API.

Name	Description	Type	Notes
OspfAreaConfig	OspfAreaConfig Contains actual OspfAreaConfig.	OspfAreaConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOspfAreaConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildOspfRoutingConfig (schema)

Wrapper object for OSPF routing config

Child wrapper object for OspfRoutingConfig used in hierarchical API.

Name	Description	Type	Notes
OspfRoutingConfig	OspfRoutingConfig Contains actual OspfRoutingConfig.	OspfRoutingConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildOspfRoutingConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyConfigResource (schema)

Represents the desired state object as child resource

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyConfigResource	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyContextProfile (schema)

Wrapper object for PolicyContextProfile

Child wrapper object for PolicyContextProfile, used in hierarchical API

Name	Description	Type	Notes
PolicyContextProfile	PolicyContextProfile Contains the actual PolicyContextProfile objects	PolicyContextProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyContextProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyCustomAttributes (schema)

Wrapper object for PolicyCustomAttributes

Child wrapper object for PolicyCustomAttributes, used in hierarchical API

Name	Description	Type	Notes
PolicyCustomAttributes	PolicyCustomAttributes Contains the actual PolicyCustomAttributes objects	PolicyCustomAttributes	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyCustomAttributes	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyDnsForwarder (schema)

Wrapper object for PolicyDnsForwarder

Child wrapper object for PolicyDnsForwarder, used in hierarchical API

Name	Description	Type	Notes
PolicyDnsForwarder	PolicyDnsForwarder Contains the actual PolicyDnsForwarder object	PolicyDnsForwarder	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyDnsForwarder	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyDnsForwarderZone (schema)

Wrapper object for PolicyDnsForwarderZone

Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API

Name	Description	Type	Notes
PolicyDnsForwarderZone	PolicyDnsForwarderZone Contains the actual PolicyDnsForwarderZone object	PolicyDnsForwarderZone	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyDnsForwarderZone	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyEdgeCluster (schema)

Wrapper object for PolicyEdgeCluster

Child wrapper object for PolicyEdgeCluster, used in hierarchical API.

Name	Description	Type	Notes
PolicyEdgeCluster	PolicyEdgeCluster Contains the actual PolicyEdgeCluster object.	PolicyEdgeCluster	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyEdgeCluster	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyEdgeNode (schema)

Wrapper object for PolicyEdgeNode

Child wrapper object for PolicyEdgeNode, used in hierarchical API.

Name	Description	Type	Notes
PolicyEdgeNode	PolicyEdgeNode Contains the actual PolicyEdgeNode object.	PolicyEdgeNode	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyEdgeNode	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyExcludeList (schema)

Wrapper object for PolicyExcludeList

Name	Description	Type	Notes
PolicyExcludeList	PolicyExcludeList Contains the actual policy exclude list object.	PolicyExcludeList	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyExcludeList	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallCPUMemThresholdsProfileBindingMap (schema)

Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap

Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap,
used in hierarchical API.

Name	Description	Type	Notes
PolicyFirewallCPUMemThresholdsProfileBindingMap	PolicyFirewallCPUMemThresholdsProfileBindingMap Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object.	PolicyFirewallCPUMemThresholdsProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallCPUMemThresholdsProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallCpuMemThresholdsProfile (schema)

Wrapper object for PolicyFirewallCpuMemThresholdsProfile

Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in
hierarchical API.

Name	Description	Type	Notes
PolicyFirewallCpuMemThresholdsProfile	PolicyFirewallCpuMemThresholdsProfile Contains the actual PolicyFirewallCpuMemThresholdsProfile object	PolicyFirewallCpuMemThresholdsProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallCpuMemThresholdsProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallFloodProtectionProfileBindingMap (schema)

Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap

Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap,
used in hierarchical API

Name	Description	Type	Notes
PolicyFirewallFloodProtectionProfileBindingMap	PolicyFirewallFloodProtectionProfileBindingMap Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object	PolicyFirewallFloodProtectionProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallFloodProtectionProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallIpReputationConfig (schema)

Wrapper object for PolicyFirewallIpReputationConfig

Child wrapper object for PolicyFirewallIpReputationConfig, used
in hierarchical API.

Name	Description	Type	Notes
PolicyFirewallIpReputationConfig	IP reputation config Contains the actual PolicyFirewallIpReputationConfig object.	PolicyFirewallIpReputationConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallIpReputationConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallScheduler (schema)

Wrapper object for PolicyFirewallScheduler

Child wrapper object for PolicyFirewallScheduler, used in hierarchical API

Name	Description	Type	Notes
PolicyFirewallScheduler	PolicyFirewallScheduler Contains the actual PolicyFirewallScheduler objects	PolicyFirewallScheduler	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallScheduler	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallSessionTimerProfile (schema)

Wrapper object for PolicyFirewallSessionTimerProfile

Child wrapper object for PolicyFirewallSessionTimerProfile,
used in hierarchical API

Name	Description	Type	Notes
PolicyFirewallSessionTimerProfile	PolicyFirewallSessionTimerProfile Contains the actual PolicyFirewallSessionTimerProfile object	PolicyFirewallSessionTimerProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallSessionTimerProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyFirewallSessionTimerProfileBindingMap (schema)

Wrapper object for PolicyFirewallSessionTimerProfileBindingMap

Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap,
used in hierarchical API

Name	Description	Type	Notes
PolicyFirewallSessionTimerProfileBindingMap	PolicyFirewallSessionTimerProfileBindingMap Contains the actual PolicyFirewallSessionTimerProfileBindingMap object	PolicyFirewallSessionTimerProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyFirewallSessionTimerProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyIgmpProfile (schema)

Wrapper object for PolicyIgmpProfile

Child wrapper object for PolicyIgmpProfile used in hierarchical API.

Name	Description	Type	Notes
PolicyIgmpProfile	PolicyIgmpProfile Contains actual PolicyIgmpProfile.	PolicyIgmpProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyIgmpProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyInterVrfRoutingConfig (schema)

Wrapper object for inter-vrf routing config

Child wrapper object for PolicyInterVrfRoutingConfig used in hierarchical API.

Name	Description	Type	Notes
PolicyInterVrfRoutingConfig	PolicyInterVrfRoutingConfig Contains actual PolicyInterVrfRoutingConfig.	PolicyInterVrfRoutingConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyInterVrfRoutingConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyLabel (schema)

Wrapper object for PolicyLabel

Child wrapper object for PolicyLabel, used in hierarchical API

Name	Description	Type	Notes
PolicyLabel	PolicyLabel Contains the actual PolicyLabel object	PolicyLabel	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyLabel	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyLatencyStatProfile (schema)

Wrapper object for PolicyLatencyStatProfile

Child wrapper object for PolicyLatencyStatProfile, used in hierarchical API

Name	Description	Type	Notes
PolicyLatencyStatProfile	PolicyLatencyStatProfile Contains the actual PolicyLatencyStatProfile object	PolicyLatencyStatProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyLatencyStatProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyMulticastConfig (schema)

Wrapper object for PolicyMulticastConfig

Child wrapper object for PolicyMulticastConfig used in hierarchical API.

Name	Description	Type	Notes
PolicyMulticastConfig	PolicyMulticastConfig Contains actual PolicyMulticastConfig.	PolicyMulticastConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyMulticastConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyNat (schema)

Wrapper object for PolicyNat

Child wrapper object for PolicyNat, used in hierarchical API

Name	Description	Type	Notes
PolicyNat	PolicyNat Contains the actual PolicyNAT object	PolicyNat	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyNat	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyNatRule (schema)

Wrapper object for PolicyNatRule

Child wrapper object for PolicyNatRule, used in hierarchical API

Name	Description	Type	Notes
PolicyNatRule	PolicyNatRule Contains the actual PolicyNatRule object	PolicyNatRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyNatRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyPimProfile (schema)

Wrapper object for PolicyPimProfile

Child wrapper object for PolicyPimProfile used in hierarchical API.

Name	Description	Type	Notes
PolicyPimProfile	PolicyPimProfile Contains actual PolicyPimProfile.	PolicyPimProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyPimProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicySIExcludeList (schema)

Wrapper object for PolicySIExcludeList

Name	Description	Type	Notes
PolicySIExcludeList	PolicySIExcludeList Contains the actual policy exclude list object.	PolicySIExcludeList	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicySIExcludeList	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyServiceChain (schema)

Wrapper object for PolicyServiceChain

Child wrapper object for PolicyServiceInstance used in hierarchical API.

Name	Description	Type	Notes
PolicyServiceChain	PolicyServiceChain Contains actual PolicyServiceChain.	PolicyServiceChain	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyServiceChain	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyServiceInstance (schema)

Wrapper object for PolicyServiceInstance

Child wrapper object for PolicyServiceInstance used in hierarchical API.

Name	Description	Type	Notes
PolicyServiceInstance	PolicyServiceInstance Contains actual PolicyServiceInstance.	PolicyServiceInstance	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyServiceInstance	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyServiceProfile (schema)

Wrapper object for PolicyServiceProfile

Child wrapper object for PolicyServiceProfile used in hierarchical API.

Name	Description	Type	Notes
PolicyServiceProfile	PolicyServiceProfile Contains actual PolicyServiceProfile.	PolicyServiceProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyServiceProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyTier1MulticastConfig (schema)

Wrapper object for PolicyTier1MulticastConfig

Child wrapper object for PolicyTier1MulticastConfig used in hierarchical API.

Name	Description	Type	Notes
PolicyTier1MulticastConfig	PolicyTier1MulticastConfig Contains actual PolicyTier1MulticastConfig.	PolicyTier1MulticastConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyTier1MulticastConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyTransportZone (schema)

Wrapper object for PolicyTransportZone

Child wrapper object for PolicyTransportZone, used in hierarchical API.

Name	Description	Type	Notes
PolicyTransportZone	PolicyTransportZone Contains the actual PolicyTransportZone object.	PolicyTransportZone	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyTransportZone	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyTransportZoneProfile (schema)

Wrapper object for PolicyTransportZoneProfile

Child wrapper object for PolicyTransportZoneProfile, used in hierarchical API.

Name	Description	Type	Notes
PolicyTransportZoneProfile	PolicyTransportZoneProfile Contains the actual PolicyTransportZoneProfile object.	PolicyTransportZoneProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyTransportZoneProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyUrlCategorizationConfig (schema)

Wrapper object for PolicyUrlCategorizationConfig

Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API

Name	Description	Type	Notes
PolicyUrlCategorizationConfig	URL Categorization Config Contains the actual PolicyUrlCategorizationConfig object	PolicyUrlCategorizationConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyUrlCategorizationConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPolicyVpcNatRule (schema)

Wrapper object for PolicyVpcNatRule

Child wrapper object for PolicyVpcNatRule, used in hierarchical API

Name	Description	Type	Notes
PolicyVpcNatRule	Policy VPC Nat Rule Contains the actual Policy VPC Nat Rule object	PolicyVpcNatRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPolicyVpcNatRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPortDiscoveryProfileBindingMap (schema)

Wrapper object for PortDiscoveryProfileBindingMap

Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
PortDiscoveryProfileBindingMap	PortDiscoveryProfileBindingMap Contains the actual PortDiscoveryProfileBindingMap object	PortDiscoveryProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPortDiscoveryProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPortMirroringProfile (schema)

Wrapper object for PortMirroringProfile

Child wrapper object for PortMirroringProfile, used in hierarchical API

Name	Description	Type	Notes
PortMirroringProfile	PortMirroringProfile Contains the actual PortMirroringProfile object	PortMirroringProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPortMirroringProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPortMonitoringProfileBindingMap (schema)

Wrapper object for PortMonitoringProfileBindingMap

Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
PortMonitoringProfileBindingMap	PortMonitoringProfileBindingMap Contains the actual PortMonitoringProfileBindingMap object	PortMonitoringProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPortMonitoringProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPortQoSProfileBindingMap (schema)

Wrapper object for PortQoSProfileBindingMap

Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
PortQoSProfileBindingMap	PortQoSProfileBindingMap Contains the actual PortQoSProfileBindingMap object	PortQoSProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPortQoSProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPortRealTimeEthProfileBindingMap (schema)

Wrapper object for PortRealTimeEthProfileBindingMap

Child wrapper object for PortRealTimeEthProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
PortRealTimeEthProfileBindingMap	PortRealTimeEthProfileBindingMap Contains the actual PortRealTimeEthProfileBindingMap object	PortRealTimeEthProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPortRealTimeEthProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPortSecurityProfileBindingMap (schema)

Wrapper object for PortSecurityProfileBindingMap

Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
PortSecurityProfileBindingMap	PortSecurityProfileBindingMap Contains the actual PortSecurityProfileBindingMap object	PortSecurityProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPortSecurityProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildPrefixList (schema)

Wrapper object for PrefixList

Child wrapper object for PrefixList, used in hierarchical API.

Name	Description	Type	Notes
PrefixList	PrefixList Contains the actual PrefixList object.	PrefixList	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildPrefixList	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildProject (schema)

Wrapper object for PROJECT

Child wrapper object for Project, used in hierarchical API

Name	Description	Type	Notes
Project	PROJECT Contains the actual Project object	Project	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildProject	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildProjectIpAddressAllocation (schema)

Wrapper object for ProjectIpAddressAllocation

Child wrapper object for ProjectIpAddressAllocation, used in hierarchical API

Name	Description	Type	Notes
ProjectIpAddressAllocation	ProjectIpAddressAllocation Contains the actual ProjectIpAddressAllocation object	ProjectIpAddressAllocation	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildProjectIpAddressAllocation	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildProjectRouteFilter (schema)

Wrapper object for project route filter

Child wrapper object for ProjectRouteFilter used in hierarchical API.

Name	Description	Type	Notes
ProjectRouteFilter	ProjectRouteFilter Contains actual ProjectRouteFilter.	ProjectRouteFilter	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildProjectRouteFilter	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildQoSProfile (schema)

Wrapper object for QoSProfile

Child wrapper object for QoSProfile, used in hierarchical API

Name	Description	Type	Notes
QoSProfile	QoSProfile Contains the actual QoSProfile object	QoSProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildQoSProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildReaction (schema)

Wrapper object for Reaction

Child wrapper object for Reaction used in hierarchical API.

Name	Description	Type	Notes
Reaction	Reaction Contains the actual Reaction object.	Reaction	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildReaction	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildRealTimeEthProfile (schema)

Wrapper object for RealTimeEthProfile

Child wrapper object for RealTimeEthProfile, used in hierarchical API

Name	Description	Type	Notes
RealTimeEthProfile	RealTimeEthProfile Contains the actual RealTimeEthProfile object	RealTimeEthProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildRealTimeEthProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildRedirectionPolicy (schema)

Wrapper object for RedirectionPolicy

Child wrapper object for RedirectionPolicy used in Hierarchical API.

Name	Description	Type	Notes
RedirectionPolicy	RedirectionPolicy Contains actual RedirectionPolicy.	RedirectionPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildRedirectionPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildRedirectionRule (schema)

Wrapper object for RedirectionRule

Child wrapper object for ChildRedirectionRule used in Hierarchical API.

Name	Description	Type	Notes
RedirectionRule	RedirectionRule Contains actual RedirectionRule.	RedirectionRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildRedirectionRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildResourceReference (schema)

Represents the reference to ChildPolicyConfigResource

Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildResourceReference	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_type	The target type of this reference	string	Required

ChildRule (schema)

Wrapper object for Rule

Child wrapper object for Rule, used in hierarchical API

Name	Description	Type	Notes
Rule	Rule Contains the actual Rule object	Rule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSIStatusConfiguration (schema) (Experimental)

Wrapper object for PolicySIStatusConfiguration

Name	Description	Type	Notes
PolicySIStatusConfiguration	Contains the actual service insertion status configuration list object.	PolicySIStatusConfiguration	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSIStatusConfiguration	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSecurityFeatures (schema)

Wrapper object for Security Feature

Child wrapper object for T1 Security Feature, used in hierarchical API

Name	Description	Type	Notes
SecurityFeatures	Security configs Contains the actual SecurityFeatures object	SecurityFeatures	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSecurityFeatures	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSecurityPolicy (schema)

Wrapper object for SecurityPolicy

Child wrapper object for SecurityPolicy, used in hierarchical API

Name	Description	Type	Notes
SecurityPolicy	SecurityPolicy Contains the actual SecurityPolicy object	SecurityPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSecurityPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegment (schema)

Wrapper object for Segment

Child wrapper object for Segment, used in hierarchical API.

Name	Description	Type	Notes
Segment	Segment Contains the actual Segment object.	Segment	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegment	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentConnectionBindingMap (schema)

Wrapper object for SegmentConnectionBindingMap

Child wrapper for SegmentConnectionBindingMap, used in hierarchical API.

Name	Description	Type	Notes
SegmentConnectionBindingMap	Segment Connection Binding Map Contains the actual SegmentConnectionBindingMap object.	SegmentConnectionBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentConnectionBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentDiscoveryProfileBindingMap (schema)

Wrapper object for SegmentDiscoveryProfileBindingMap

Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
SegmentDiscoveryProfileBindingMap	SegmentDiscoveryProfileBindingMap Contains the actual SegmentDiscoveryProfileBindingMap object	SegmentDiscoveryProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentDiscoveryProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentMonitoringProfileBindingMap (schema)

Wrapper object for SegmentMonitoringProfileBindingMap

Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
SegmentMonitoringProfileBindingMap	SegmentMonitoringProfileBindingMap Contains the actual SegmentMonitoringProfileBindingMap object	SegmentMonitoringProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentMonitoringProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentPort (schema)

Wrapper object for SegmentPort

Child wrapper object for SegmentPort, used in hierarchical API

Name	Description	Type	Notes
SegmentPort	SegmentPort Contains the actual SegmentPort object	SegmentPort	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentPort	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentQoSProfileBindingMap (schema)

Wrapper object for SegmentQoSProfileBindingMap

Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
SegmentQoSProfileBindingMap	SegmentQoSProfileBindingMap Contains the actual SegmentQoSProfileBindingMap object	SegmentQoSProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentQoSProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentRealTimeEthProfileBindingMap (schema)

Wrapper object for SegmentRealTimeEthProfileBindingMap

Child wrapper object for SegmentRealTimeEthProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
SegmentRealTimeEthProfileBindingMap	SegmentRealTimeEthProfileBindingMap Contains the actual SegmentRealTimeEthProfileBindingMap object	SegmentRealTimeEthProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentRealTimeEthProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentSecurityFeatures (schema)

Wrapper object for Segment Security Feature

Child wrapper object for Segment Security Feature, used in hierarchical API

Name	Description	Type	Notes
SegmentSecurityFeatures	Segment Security configs Contains the actual Segment SecurityFeatures object	SegmentSecurityFeatures	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentSecurityFeatures	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentSecurityProfile (schema)

Wrapper object for SegmentSecurityProfile

Child wrapper object for SegmentSecurityProfile, used in hierarchical API

Name	Description	Type	Notes
SegmentSecurityProfile	SegmentSecurityProfile Contains the actual SegmentSecurityProfile object	SegmentSecurityProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentSecurityProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSegmentSecurityProfileBindingMap (schema)

Wrapper object for SegmentSecurityProfileBindingMap

Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
SegmentSecurityProfileBindingMap	SegmentSecurityProfileBindingMap Contains the actual SegmentSecurityProfileBindingMap object	SegmentSecurityProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSegmentSecurityProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildService (schema)

Wrapper object for Service

Child wrapper object for Service, used in hierarchical API.

Name	Description	Type	Notes
Service	Service Contains the actual Service object.	Service	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildService	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildServiceEntry (schema)

Wrapper object for ServiceEntry

Child wrapper object for ServiceEntry, used in hierarchical API.

Name	Description	Type	Notes
ServiceEntry	ServiceEntry Contains the actual ServiceEntry object.	ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildServiceEntry	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
Service	ServiceEntry This is a deprecated property, Please use 'ServiceEntry' instead.	ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Deprecated

ChildServiceInstanceEndpoint (schema)

Wrapper object for ServiceInstanceEndpoint

Child wrapper object for ServiceInstanceEndpoint used in hierarchical API.

Name	Description	Type	Notes
ServiceInstanceEndpoint	ServiceInstanceEndpoint Contains actual ServiceInstanceEndpoint.	ServiceInstanceEndpoint	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildServiceInstanceEndpoint	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildServiceInterface (schema)

Wrapper object for ServiceInterface

Child wrapper object for ServiceInterface, used in hierarchical API.

Name	Description	Type	Notes
ServiceInterface	ServiceInterface Contains the actual ServiceInterface object.	ServiceInterface	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildServiceInterface	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildServiceReference (schema)

Wrapper object for ServiceReference

Child wrapper object for ServiceReference used in hierarchical API.

Name	Description	Type	Notes
ServiceReference	ServiceReference Contains actual ServiceReference.	ServiceReference	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildServiceReference	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildServiceSegment (schema)

Wrapper object for SerivceSegment

Child wrapper object for ServiceSegment, used in hierarchical API

Name	Description	Type	Notes
ServiceSegment	ServiceSegments Contains the actual ServiceSegment objects	ServiceSegment	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildServiceSegment	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSessionTimerProfileBindingMap (schema)

Wrapper object for SessionTimerProfileBindingMap

Child wrapper object for SessionTimerProfileBindingMap,
used in hierarchical API

Name	Description	Type	Notes
SessionTimerProfileBindingMap	SessionTimerProfileBindingMap Contains the actual SessionTimerProfileBindingMap object	SessionTimerProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSessionTimerProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildShaDynamicPlugin (schema)

Wrapper object for ShaDynamicPlugin

Child wrapper object for ShaDynamicPlugin, used in hierarchical API

Name	Description	Type	Notes
ShaPluginProfile	ShaDynamicPlugin Contains the actual ShaDynamicPlugin object	ShaDynamicPlugin	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildShaDynamicPlugin	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildShaPluginProfile (schema)

Wrapper object for ShaPluginProfile

Child wrapper object for ShaPluginProfile, used in hierarchical API

Name	Description	Type	Notes
ShaPluginProfile	ShaPluginProfile Contains the actual ShaPluginProfile object	ShaPluginProfile (Abstract type: pass one of the following concrete types) ShaDynamicPluginProfile ShaPredefinedPluginProfile ShaSystemPluginProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildShaPluginProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildShaPredefinedPlugin (schema)

Wrapper object for ShaDynamicPlugin

Child wrapper object for ShaPredefinedPlugin, used in hierarchical API

Name	Description	Type	Notes
ShaPluginProfile	ShaPredefinedPlugin Contains the actual ShaPredefinedPlugin object	ShaPredefinedPlugin	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildShaPredefinedPlugin	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildShare (schema)

Wrapper object for Share

Child wrapper object for Share, used in hierarchical API

Name	Description	Type	Notes
Share	Share Contains the actual Share object	Share	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildShare	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSharedResource (schema)

Wrapper object for SharedResource

Child wrapper object for SharedResource, used in hierarchical API

Name	Description	Type	Notes
SharedResource	SharedResource Contains the actual SharedResource object	SharedResource	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSharedResource	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSite (schema)

Wrapper object for Site

Child wrapper object for Site, used in hierarchical API.

Name	Description	Type	Notes
Site	Site Contains the actual Site object.	Site	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSite	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSiteSecuritySetting (schema)

Wrapper object for SiteSecuritySetting

Name	Description	Type	Notes
SiteSecuritySetting	Site Security configuration Site specific security configuration.	SiteSecuritySetting	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSiteSecuritySetting	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSpoofGuardProfile (schema)

Wrapper object for SpoofGuardProfile

Child wrapper object for SpoofGuardProfile, used in hierarchical API

Name	Description	Type	Notes
SpoofGuardProfile	SpoofGuardProfile Contains the actual SpoofGuardProfile object	SpoofGuardProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSpoofGuardProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildStandaloneHostIdfwConfiguration (schema)

Wrapper object for StandaloneHostIdfwConfiguration

Name	Description	Type	Notes
StandaloneHostIdfwConfiguration	StandaloneHostIdfwConfiguration Contains the actual standalone host idfw configuration object.	StandaloneHostIdfwConfiguration	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildStandaloneHostIdfwConfiguration	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildStaticARPConfig (schema)

Wrapper object for StaticARPConfig

Child wrapper object for StaticARPConfig, used in hierarchical API.

Name	Description	Type	Notes
StaticARPConfig	StaticARPConfig Contains the actual StaticARPConfig object.	StaticARPConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildStaticARPConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildStaticMimeContent (schema)

Wrapper object for Child Static MIME content

Child wrapper object for Static MIME content, used in hierarchical API

Name	Description	Type	Notes
TlsProfile	Static Mime Content Contains the actual Static MIME content object.	StaticMimeContent	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildStaticMimeContent	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildStaticRouteBfdPeer (schema)

Wrapper object for StaticRouteBfdPeer

Child wrapper for StaticRouteBfdPeer, used in hierarchical API.

Name	Description	Type	Notes
BfdPeer	Static Route BFD Peer Contains the actual StaticRouteBfdPeer object.	StaticRouteBfdPeer	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildStaticRouteBfdPeer	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildStaticRoutes (schema)

Wrapper object for StaticRoutes

Child wrapper object for StaticRoutes, used in hierarchical API.

Name	Description	Type	Notes
StaticRoutes	StaticRoutes Contains the actual StaticRoutes object.	StaticRoutes	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildStaticRoutes	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildSubnetConnectionBindingMap (schema)

Wrapper object for SubnetConnectionBindingMap

Child wrapper for SubnetConnectionBindingMap, used in hierarchical API.

Name	Description	Type	Notes
SubnetConnectionBindingMap	Subnet Connection Binding Map Contains the actual SubnetConnectionBindingMap object.	SubnetConnectionBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildSubnetConnectionBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTagBulkOperation (schema)

Child wrapper object for TagBulkOperation

Child wrapper object for TagBulkOperation, used in hierarchical API.

Name	Description	Type	Notes
TagBulkOperation	TagBulkOperation Contains actual TagBulkOperation object.	TagBulkOperation	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTagBulkOperation	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier0 (schema)

Wrapper object for Tier-0

Child wrapper object for Tier-0, used in hierarchical API.

Name	Description	Type	Notes
Tier0	Tier-0 Contains the actual Tier-0 object.	Tier0	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier0	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier0DeploymentMap (schema)

Wrapper object for Tier0DeploymentMap

Child wrapper object for Tier0DeploymentMap, used in hierarchical API.

Name	Description	Type	Notes
Tier0DeploymentMap	Tier0DeploymentMap Contains the actual Tier0DeploymentMap object.	Tier0DeploymentMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier0DeploymentMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier0Interface (schema)

Wrapper object for Tier0Interface

Child wrapper object for Tier0Interface, used in hierarchical API.

Name	Description	Type	Notes
Tier0Interface	Tier0Interface Contains the actual Tier0Interface object.	Tier0Interface	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier0Interface	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier0InterfaceGroup (schema)

Wrapper object for Tier0InterfaceGroup

Child wrapper object for Tier0InterfaceGroup, used in hierarchical API.

Name	Description	Type	Notes
Tier0InterfaceGroup	Tier0InterfaceGroup Contains the actual Tier0InterfaceGroup object.	Tier0InterfaceGroup	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier0InterfaceGroup	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier0RouteMap (schema)

Wrapper object for Tier0RouteMap

Child wrapper object for Tier0RouteMap, used in hierarchical API

Name	Description	Type	Notes
Tier0RouteMap	Tier0RouteMap Contains the actual Tier0RouteMap object	Tier0RouteMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier0RouteMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier0SecurityFeatures (schema)

Wrapper object for T0 Security Feature

Child wrapper object for T0 Security Feature, used in hierarchical API

Name	Description	Type	Notes
Tier0SecurityFeatures	T0 Security configs Contains the actual TO SecurityFeatures object	Tier0SecurityFeatures	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier0SecurityFeatures	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier1 (schema)

Wrapper object for Tier-1

Child wrapper object for Tier-1 , used in hierarchical API.

Name	Description	Type	Notes
Tier1	Tier-1 Contains the actual Tier-1 object.	Tier1	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier1	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier1DeploymentMap (schema)

Wrapper object for Tier1DeploymentMap

Child wrapper object for Tier1DeploymentMap, used in hierarchical API.

Name	Description	Type	Notes
Tier1DeploymentMap	Tier1DeploymentMap Contains the actual Tier1DeploymentMap object.	Tier1DeploymentMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier1DeploymentMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier1Interface (schema)

Wrapper object for Tier1Interface

Child wrapper object for Tier1Interface, used in hierarchical API.

Name	Description	Type	Notes
Tier1Interface	Tier1Interface Contains the actual Tier1Interface object.	Tier1Interface	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier1Interface	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTier1InterfaceGroup (schema)

Wrapper object for Tier1InterfaceGroup

Child wrapper object for Tier1InterfaceGroup, used in hierarchical API.

Name	Description	Type	Notes
Tier1InterfaceGroup	Tier1InterfaceGroup Contains the actual Tier1InterfaceGroup object.	Tier1InterfaceGroup	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTier1InterfaceGroup	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTlsCertificate (schema)

Wrapper object for TlsCertificate

Child wrapper for TlsCertificate, used in hierarchical API.

Name	Description	Type	Notes
TlsCertificate	TlsCertificate Contains the actual TlsCertificate object.	TlsCertificate	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTlsCertificate	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTlsCrl (schema)

Wrapper object for TlsCrl

Child wrapper for TlsCrl, used in hierarchical API.

Name	Description	Type	Notes
TlsCrl	TlsCrl Contains the actual TlsCrl object.	TlsCrl	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTlsCrl	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTlsPolicy (schema)

Wrapper object for TlsPolicy

Child wrapper object for TLSPolicy, used in hierarchical API

Name	Description	Type	Notes
TlsPolicy	TlsPolicy Contains the actual TLSPolicy object	TlsPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTlsPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTlsProfile (schema)

Wrapper object for Child TLS Profile

Child wrapper object for TLS Profile, used in hierarchical API

Name	Description	Type	Notes
TlsProfile	TLS Profile Contains the actual TLS profile object.	TlsProfile (Abstract type: pass one of the following concrete types) TlsInspectionExternalProfile TlsInspectionInternalProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTlsProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTlsRule (schema)

Wrapper object for Rule

Child wrapper object for Rule, used in hierarchical API

Name	Description	Type	Notes
TlsRule	TLS Rule Contains the actual TLS Rule object	TlsRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTlsRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTlsTrustData (schema)

Wrapper object for TlsTrustData

Child wrapper for TlsTrustData, used in hierarchical API.

Name	Description	Type	Notes
TlsTrustData	TlsTrustData Contains the actual TlsTrustData object.	TlsTrustData	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTlsTrustData	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTraceflowConfig (schema)

Wrapper object for TraceflowConfig

Child wrapper for TraceflowConfig, used in hierarchical API

Name	Description	Type	Notes
TraceflowConfig	TraceflowConfig Contains the actual TraceflowConfig object.	TraceflowConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTraceflowConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTransitGateway (schema)

Wrapper object for transit gateway

Child wrapper object for transit gateway, used in hierarchical API.

Name	Description	Type	Notes
TransitGateway	Policy VPC transit gateway Contains the actual transit gateway object.	TransitGateway	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTransitGateway	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTransitGatewayAttachment (schema)

Wrapper object for transit gateway attachment

Child wrapper object for transit gateway attachment, used in hierarchical API.

Name	Description	Type	Notes
TransitGatewayAttachment	Policy VPC Transit Gateway Attachment Contains the actual Transit Gateway Attachment object.	TransitGatewayAttachment	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTransitGatewayAttachment	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTransitGatewayNat (schema)

Wrapper object for TransitGatewayNat

Child wrapper object for TransitGatewayNat, used in hierarchical API

Name	Description	Type	Notes
TransitGatewayNat	TransitGatewayNat Contains the actual TransitGatewayNAT object	TransitGatewayNat	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTransitGatewayNat	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTransitGatewayNatRule (schema)

Wrapper object for TransitGatewayNatRule

Child wrapper object for TransitGatewayNatRule, used in hierarchical API

Name	Description	Type	Notes
TransitGatewayNatRule	TransitGatewayNatRule Contains the actual TransitGatewayNatRule object	TransitGatewayNatRule	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTransitGatewayNatRule	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTunnel (schema)

Wrapper object for Tunnel

Child wrapper object for Tunnel, used in hierarchical API.

Name	Description	Type	Notes
Tunnel	Tunnel Contains the actual Tunnel object.	Tunnel (Abstract type: pass one of the following concrete types) GreTunnel Tunnel	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildTunnel	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildTypesRequestParameter (schema)

Filter to populate child types of the policyConfigResource

Specified child resource types will be populated in the response body

Name	Description	Type
base_path	Base Path for retrieving hierarchical intent Base path of the resource for which user wants to retrieve the hierarchy. This should be the fully qualified path for the resource. - Sample examples - base_path=/infra/domains/default/groups/Group1 base_path=/infra/domains/default/security-policies/SecurityPolicy1/rules/Rule1	string
filter	Filter string as java regex Filter string, can contain multiple or single java regular expressions separated by ';'. By default populates immediate child resources of the resource indicated by the URL. These child resources will be filtered by the type provided in the filter. It is recommended to use type_filter parameter instead of filter parameter. - Sample query string to prevent loading services and deployment zones: filter=Type-^(?!.?(?:Service\|DeploymentZone)).$ - Sample query string to populate all the Group objects under Infra & Domain: filter=Type-Domain%7CGroup - Sample query string to load every policy object under Infra: filter=Type-.*	string
type_filter	Filter string to retrieve hierarchy. Advanced filter string in which user can directly specify the resourceTypes to be filtered. Can be used in conjunction with base_path. - Sample example of type_filter to load all groups - type_filter=Group - Sample example of multiple type_filter - type_filter=Group;SercurityPolicy;RedirectionPolicy - Sample example to load all groups in default domain using base_path in conjunction with type_filter - base_path=/infra/domains/default&type_filter=Group	string

ChildVMTagReplicationPolicy (schema)

Wrapper object for VMTagReplicationPolicy

Child wrapper object for VMTagReplicationPolicy, used in hierarchical API

Name	Description	Type	Notes
VMTagReplicationPolicy	VMTagReplicationPolicy Contains the actual VMTagReplicationPolicy object	VMTagReplicationPolicy	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVMTagReplicationPolicy	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVirtualEndpoint (schema)

Wrapper object for VirtualEndpoint

Child wrapper object for VirtualEndpoint used in hierarchical API.

Name	Description	Type	Notes
VirtualEndpoint	VirtualEndpoint Contains reference to actual VirtualEndpoint.	VirtualEndpoint	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVirtualEndpoint	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVniPoolConfig (schema)

Wrapper object for VniPoolConfig

Child wrapper object for VniPoolConfig, used in hierarchical API.

Name	Description	Type	Notes
VniPoolConfig	VniPoolConfig Contains the actual VniPoolConfig object.	VniPoolConfig	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVniPoolConfig	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpc (schema)

Wrapper object for VPC

Child wrapper object for VPC, used in hierarchical API

Name	Description	Type	Notes
Vpc	VPC Contains the actual VPC object	Vpc	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpc	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcAttachment (schema)

Wrapper object for VpcAttachment

Child wrapper object for VpcAttachment, used in hierarchical API

Name	Description	Type	Notes
VpcAttachment	VpcAttachment Contains the actual VpcAttachment object	VpcAttachment	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcAttachment	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcConnectivityProfile (schema)

Wrapper object for VPC Connectivity Profile

Child wrapper object for VPC Connectivity Profile, used in hierarchical API.

Name	Description	Type	Notes
VpcConnectivityProfile	VPC Connectivity Profile Contains the actual VPC connectivity profile object.	VpcConnectivityProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcConnectivityProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcIpAddressAllocation (schema)

Wrapper object for VpcIpAddressAllocation

Child wrapper object for IpAddressAllocation, used in hierarchical API

Name	Description	Type	Notes
VpcIpAddressAllocation	VpcIpAddressAllocation Contains the actual VpcIpAddressAllocation object	VpcIpAddressAllocation	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcIpAddressAllocation	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcSecurityProfile (schema)

Wrapper object for Security Profile

Child wrapper object for Security Profile, used in hierarchical API.

Name	Description	Type	Notes
VpcSecurityProfile	Security Profile Contains the actual Security Profile object.	VpcSecurityProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcSecurityProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcServiceProfile (schema)

Wrapper object for VPC Service Profile

Child wrapper object for VPC Service Profile, used in hierarchical API.

Name	Description	Type	Notes
VpcServiceProfile	VPC Service Profile Contains the actual VPC service profile object.	VpcServiceProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcServiceProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcSubnet (schema)

Wrapper object for VPC Subnet

Child wrapper object for VPC Subnet, used in hierarchical API

Name	Description	Type	Notes
VpcSubnet	VPC Subnet Contains the actual VPC Subnet object	VpcSubnet	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcSubnet	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcSubnetBridgeProfile (schema)

Wrapper object for VpcSubnetBridgeProfile

Child wrapper for VpcSubnetBridgeProfile, used in hierarchical API.

Name	Description	Type	Notes
VpcSubnetBridgeProfile	Vpc Subnet Bridge Profile Contains the actual VpcSubnetBridgeProfile object.	VpcSubnetBridgeProfile	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcSubnetBridgeProfile	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcSubnetPort (schema)

Wrapper object for VPC Subnet Port

Child wrapper object for VPC Subnet Port, used in hierarchical API

Name	Description	Type	Notes
VpcSubnetPort	VPC Subnet Port Contains the actual VPC Subnet Port object	VpcSubnetPort	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcSubnetPort	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ChildVpcSubnetPortProfileBindingMap (schema)

Wrapper object for VpcSubnetPortProfileBindingMap

Child wrapper object for VpcSubnetPortProfileBindingMap, used in hierarchical API

Name	Description	Type	Notes
VpcSubnetPortProfileBindingMap	Contains the actual VpcSubnetPortProfileBindingMap object	VpcSubnetPortProfileBindingMap	Required
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mark_for_override	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully.	boolean	Default: "False"
request_parameter	Generic type for passing the API request parameters.	PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter
resource_type	Must be set to the value ChildVpcSubnetPortProfileBindingMap	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

CidrArrayConstraintValue (schema)

Array of CIDR Values to perform operation

List of CIDR values

Name	Description	Type	Notes
resource_type	Must be set to the value CidrArrayConstraintValue	string	Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue
values	Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64".	array of IPElement	Required Minimum items: 1 Maximum items: 100

CipherSuite (schema)

HTTP cipher suite

Name	Description	Type	Notes
enabled	Enable status for this cipher suite	boolean	Required
name	Name of the TLS cipher suite	string	Required

ClaimMap (schema)

Claim map

Information about how to map a single OIDC ID token claim to one or more NSX roles.

Name	Description	Type	Notes
claim_name		string
value_to_role_map		array of ClaimValueToRoleMap

ClaimValueToRoleMap (schema)

Claim value map

Name	Description	Type	Notes
claim_value	Claim value The value of the claim to map.	string
roles	Mapped roles The NSX roles that this particular claim value should map to.	array of string

ClasslessStaticRoute (schema) (Deprecated)

DHCP classless static route option

DHCP classless static route option.

Name	Description	Type	Notes
network	Destination in CIDR Destination network in CIDR format.	IPElement	Required
next_hop	Router IP address of next hop of the route.	IPAddress	Required

ClientAuthType (schema)

client authentication mode

Client authentication could be REQUIRED or IGNORE.
REQUIRED means that client is required to present its
certificate to the server for authentication. To be accepted, client
certificate must be signed by one of the trusted Certificate
Authorities (CAs), also referred to as root CAs, whose self signed
certificates are specified in the same client SSL profile binding.
IGNORE means that client certificate would be ignored.

Name	Description	Type	Notes
ClientAuthType	client authentication mode Client authentication could be REQUIRED or IGNORE. REQUIRED means that client is required to present its certificate to the server for authentication. To be accepted, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified in the same client SSL profile binding. IGNORE means that client certificate would be ignored.	string	Enum: REQUIRED, IGNORE

ClusterBackupInfo (schema)

Cluster backup details

Name	Description	Type	Notes
ip_address	IP address or FQDN of the node from which the backup was taken IP address or FQDN of the node which would be used for the restoration. This should be same as the one on which backup was taken	string	Readonly Format: hostname-or-ip
ipv6_address	IPv6 address or FQDN v6 of the node from which the backup was taken IPv6 address or FQDN v6 of the node which would be used for the restoration. This should be same as the one on which backup was taken	string	Readonly Format: hostname-or-ip
node_id	ID of the node from which the backup was taken	string	Required Readonly
restore_type	Type of restore allowed	array of string	Readonly Enum: REGULAR_RESTORE, POLICY_ONLY_RESTORE Default: "[]"
timestamp	timestamp of the cluster backup file	EpochMsTimestamp	Required Readonly

ClusterBackupInfoListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of timestamps of backed-up cluster files	array of ClusterBackupInfo	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ClusterCertificateId (schema)

Cluster Certificate ID

Name	Description	Type	Notes
certificate_id	Certificate ID	string	Required

ClusterMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name	Description	Type	Notes
cluster_id	The Antrea cluster id of the pod	string	Required Readonly
cluster_name	The Antrea cluster name of the pod	string	Required Readonly
namespaces		array of NamespaceMemberDetails	Required

ClusterNodeRole (schema)

Cluster node role

Enumerates the roles that can be specified in VM auto-deployment.

Name	Description	Type	Notes
ClusterNodeRole	Cluster node role Enumerates the roles that can be specified in VM auto-deployment.	string	Enum: CONTROLLER, MANAGER

ClusterNodeVMDeletionParameters (schema)

Parameters for DeleteAutoDeployedClusterNodeVM

Parameters for deletion of a cluster node VM.

Name	Description	Type	Notes
force_delete	Delete by force If true, the VM will be undeployed even if it cannot be removed from its cluster.	boolean

ClusterNodeVMDeploymentConfig (schema)

Configuration for deploying cluster node VM

Contains info used to configure the VM on deployment

Name	Description	Type	Notes
placement_type	Type of deployment Specifies the config for the platform through which to deploy the VM	string	Required Enum: VsphereClusterNodeVMDeploymentConfig

ClusterNodeVMDeploymentRequest (schema)

Info for an auto-deployment request

Contains the deployment information for a cluster node VM soon to be
deployed or already deployed by the Manager

Name	Description	Type	Notes
deployment_config	Deployment config for cluster node VM Info needed to configure a cluster node VM at deployment for a specific platform. May require different parameters depending on the method used to deploy the VM.	ClusterNodeVMDeploymentConfig (Abstract type: pass one of the following concrete types) ClusterNodeVMDeploymentConfig VsphereClusterNodeVMDeploymentConfig	Required
form_factor	Form factor for cluster node VMs Specifies the desired "size" of the VM	ClusterNodeVMFormFactor	Default: "MEDIUM"
roles	Cluster node roles of the VM List of cluster node role (or roles) which the VM should take on. They specify what type (or types) of cluster node which the new VM should act as. Currently both CONTROLLER and MANAGER must be provided, since this permutation is the only one supported now.	array of ClusterNodeRole	Required
user_settings	User settings for the VM Username and password settings for the cluster node VM. Passwords must be at least 12 characters in length and contain at least one lowercase, one uppercase, one numerical, and one special character. Note: These settings will be honored only during VM deployment. Post-deployment, CLI must be used for changing the user settings and changes to these parameters will not have any effect.	NodeUserSettings	Required
vm_id	ID of VM used to recognize it ID of the VM maintained internally and used to recognize it. Note: This is automatically generated and cannot be modified.	string	Readonly

ClusterNodeVMDeploymentRequestList (schema)

ClusterNodeVMDeploymentRequest list

List of ClusterNodeVMDeploymentRequests

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Results Array of existing ClusterNodeVMDeploymentRequests	array of ClusterNodeVMDeploymentRequest	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ClusterNodeVMDeploymentStatusReport (schema)

Report of a VM's deployment status

Contains up-to-date information relating to an auto-deployed VM, including
its status and (potentially) an error message.

Name	Description	Type	Notes
deployment_progress_state	Deployment progress state of node VM Detailed progress state of node VM deployment realization	VMDeploymentProgressState	Readonly
failure_code	Error code for failure In case of auto-deployment-related failure, the code for the error will be stored here.	integer
failure_message	Error message for failure In case of auto-deployment-related failure, an error message will be stored here.	string
status	Auto-deployed VM's deployment status Status of the addition or deletion of an auto-deployed cluster node VM.	string	Required Enum: UNKNOWN_STATE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, WAITING_TO_REGISTER_VM, VM_REGISTRATION_FAILED, VM_WAITING_TO_CLUSTER, VM_WAITING_TO_COME_ONLINE, VM_ONLINE_FAILED, VM_CLUSTERING_IN_PROGRESS, VM_CLUSTERING_FAILED, VM_CLUSTERING_SUCCESSFUL, WAITING_TO_UNDEPLOY_VM, VM_DECLUSTER_IN_PROGRESS, VM_DECLUSTER_FAILED, VM_DECLUSTER_SUCCESSFUL, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL

ClusterNodeVMFormFactor (schema)

Supported VM form factor for cluster nodes

Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.

Name	Description	Type	Notes
ClusterNodeVMFormFactor	Supported VM form factor for cluster nodes Specifies the desired "size" of the VM. Affects number of virtual CPUs and/or memory size given to the new cluster node VM.	string	Enum: SMALL, MEDIUM, LARGE, XLARGE

ClusterRestoreStatus (schema)

Cluster restore status

Name	Description	Type	Notes
allowed_actions	List of actions that are allowed.	array of string	Readonly Default: "[]"
backup_timestamp	Timestamp when backup was initiated in epoch millisecond	EpochMsTimestamp	Readonly
endpoints	The list of allowed endpoints, based on the current state of the restore process	array of ResourceLink	Required Readonly
id	Unique id for backup request	string	Readonly
instructions	Instructions for users to reconcile Restore operations	array of InstructionInfo	Readonly
not_allowed_actions	List of actions that are not allowed	array of string	Readonly Enum: VC_UPDATES Default: "[]"
restore_end_time	Timestamp when restore was completed in epoch millisecond	EpochMsTimestamp	Readonly
restore_start_time	Timestamp when restore was started in epoch millisecond	EpochMsTimestamp	Readonly
status		GlobalRestoreStatus
step		RestoreStep
total_steps	Total number of steps in the entire restore process	integer	Readonly

ClusterRestoreStatusRequestParameters (schema)

Name	Description	Type	Notes
restore_component		string	Readonly Enum: LOCAL_MANAGER, GLOBAL_MANAGER Default: "LOCAL_MANAGER"

ClusterVirtualIpProperties (schema)

Cluster virtual IP properties

Name	Description	Type	Notes
force	On enable it ignores duplicate address detection and DNS lookup validation check	string	Enum: true, false Default: "false"
ip6_address	Virtual IPv6 address, :: if not configured	string
ip_address	Virtual IP address, 0.0.0.0 if not configured	string

ClusteringConfig (schema)

Configuration for VM's clustering

Configuration for automatically joining a cluster node to the
cluster after it is deployed. ClusteringConfig is required
if any of the deployment nodes has CONTROLLER role.

Name	Description	Type	Notes
clustering_type	Type for the clustering config Specifies the type of clustering config to be used.	string	Required Enum: ControlClusteringConfig

CmThumbprintHashingConfig (schema)

Name	Description	Type	Notes
hashing_algorithm_type	Algorithm type for thumbprint hashing This specifies the hashing algorithm to be used for stamping NSX manager thumbprint in compute manager extension. e.g. When a vCenter is registered as compute manager, thumbprint of NSX manager certificate is stamped in NSXT extension on vCenter. If algorithm type is SHA1, then SHA1 thumbprint of NSX manager API certificate is stamped. If algorithm type is SHA256, then SHA256 thumbprint of NSX manager certificate is stamped. Changing this setting to SHA256 will result in communication issues between WCP component in VC and NSX manager. Hence it is recommended not to use SHA256 if VC WCP feature is being used with NSX.	string	Required Enum: SHA1, SHA256

ColumnItem (schema)

Grid Column

Represents a column of the Grid

Name	Description	Type	Notes
column_identifier	Identifier for this column Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns.	string
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget.	string	Maximum length: 255
field	Column Field Field from which values of the column will be derived.	string	Required Maximum length: 1024
hidden	Hide the column If set to true, hides the column	boolean	Default: "False"
label	Column Label Label of the column.	Label	Required
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used.	string	Maximum length: 1024
render_configuration	Render Configuration Render configuration to be applied, if any.	array of RenderConfiguration
sort_ascending	Represents order of sorting the values If true, the value of the column are sorted in ascending order. Otherwise, in descending order.	boolean	Default: "True"
sort_key	Key for sorting on this column Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested.	string	Maximum length: 255
tooltip	Multi-line tooltip Multi-line text to be shown on tooltip while hovering over a cell in the grid.	array of Tooltip
type	Field data type Data type of the field.	string	Required Enum: String, Number, Date Maximum length: 255 Default: "String"

CommunicationEntry (schema) (Deprecated)

A communication entry specifies the security policy between the workload groups

A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Action The action to be applied to all the services.	string	Enum: ALLOW, DROP, REJECT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_groups	Destination group paths We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
direction	Direction Define direction of traffic.	string	Enum: IN, OUT, IN_OUT Default: "IN_OUT"
disabled	Flag to deactivate the rule Flag to deactivate the rule. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
notes	Text for additional notes on changes Text for additional notes on changes.	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CommunicationEntry	string
scope	The list of policy paths where the communication entry is applied Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs.	array of string	Maximum items: 128
sequence_number	Sequence number of the this CommunicationEntry This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number	int
services	Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
source_groups	Source group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
tag	Tag applied on the communication entry User level field which will be printed in CLI and packet logs.	string	Maximum length: 32
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

CommunicationMap (schema) (Deprecated)

Contains ordered list of CommunicationEntries

Ordered list of CommunicationEntries. This object is created by default
along with the Domain.
This type is deprecated. Use the type SecurityPolicy instead.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a communication map, if needed. - Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are "Emergency", "Infrastructure", "Environment" and "Application". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
communication_entries	CommunicationEntries that are a part of this CommunicationMap	array of CommunicationEntry
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
precedence	Precedence to resolve conflicts across Domains This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence	int
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CommunicationMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

CommunityList (schema)

Community list for BGP routing configuration

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
communities	List of BGP community entries List of BGP community entries. Both standard and large communities are supported. Standard community format: aa:nn where aa and nn must be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn where aa (Global Administrator), bb (Local Data Part 1) and nn (Local Data Part 2) must be within the range [1 - 4294967295]. In additon to numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported.	array of string	Required Minimum items: 1
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value CommunityList	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

CommunityListListResult (schema)

Paged collection of CommunityLists

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	CommunityList results	array of CommunityList	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CommunityMatchCriteria (schema)

Match criteria based on a community list

Name	Description	Type	Notes
criteria	Match criteria based on community list path or a regular expression Match criteria specified as a community list path or a regular expression.	string	Required
match_operator	Match operator for community list entries Match operator for community list entries. Not valid when a regular expression is specified for criteria.	string	Enum: MATCH_ANY, MATCH_ALL, MATCH_EXACT, MATCH_COMMUNITY_REGEX, MATCH_LARGE_COMMUNITY_REGEX

CompatibilityCheckResult (schema)

Precheck result for onboaring standby Global Manager or remote Site to
federation

Result of prechecks run for onboarding standby Global Manager or remote
site. The checks include NSX version compatibility with active Global
Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are
soft limits.

Name	Description	Type	Notes
local_nsx_version	Local Site NSX version where active Global Mananger is running Local Site NSX version where active Global Mananger is running.	string	Readonly
nsx_version	Remote Site NSX version Remote Site NSX version.	string	Readonly
rtt	Round trip time to the remote Site or Global Manager from active Global Manager Round trip time to the remote Site or Global Manager from active Global Manager.	integer	Readonly
rtt_exceeded	Flag to indicate if RTT to remote Site exceeds the recommended limit Flag to indicate if RTT to remote Site exceeds the recommended limit.	boolean	Readonly
version_compatible	Flag to indicate if remote Site NSX version is compatible Flag to indicate if remote Site NSX version is compatible with active Global Manager.	boolean	Readonly

CompatibilityDetail (schema)

Feature Compatibility Details

Feature compatibility status details indicating specific site configuration
incompatibility with global manager configuration.

Name	Description	Type	Notes
attributes	Additional Attributes	array of OnboardingAttribute	Readonly Maximum items: 20
status_code	Status Code Unique integer number indicating configuration incompatibility.	integer	Required Readonly
status_message	Status Message A brief explaination of status code.	string	Readonly

ComponentTargetVersion (schema)

Name	Description	Type	Notes
component_type		string	Required Readonly
target_version		string	Required Readonly

ComponentTypeListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type on which the action is performed or on which the results are filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ComponentUpgradeChecksInfo (schema)

Meta-data of pre/post-upgrade checks for a component

Name	Description	Type	Notes
component_type	Component type Component type of the pre/post-upgrade checks	string	Required
post_upgrade_checks_info	Collection of post-upgrade checks	array of UpgradeCheckInfo
pre_upgrade_checks_info	Collection of pre-upgrade checks	array of UpgradeCheckInfo

ComponentUpgradeChecksInfoListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Collection of info of pre/post-upgrade checks for components	array of ComponentUpgradeChecksInfo	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ComponentUpgradeStatus (schema)

Name	Description	Type	Notes
can_rollback	Can perform rollback This field indicates whether we can perform upgrade rollback.	boolean	Readonly
can_skip	Can the upgrade of the remaining units in this component be skipped	boolean	Readonly
component_type	Component type for the upgrade status	string	Readonly
current_version_node_summary	Mapping of current versions of nodes and counts of nodes at the respective versions.	NodeSummaryList	Readonly
details	Details about the upgrade status	string	Readonly
node_count_at_target_version	Count of nodes at target component version Number of nodes of the type and at the component version	int	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
pre_upgrade_status	Pre-upgrade status of the component-type	UpgradeChecksExecutionStatus	Readonly
status	Upgrade status of component	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version	Target component version	string	Readonly

ComputeClusterIdfwConfiguration (schema)

Compute cluster idfw configuration

Idfw configuration for activate/deactivate idfw on cluster level.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cluster_idfw_enabled	Idfw enabled flag If set to true, idfw is enabled for this cluster	boolean	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_stale	Cluster stale flag If set to true, this cluster has been deleted from NSX.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member	PolicyResourceReference Contains actual policy resource reference object	PolicyResourceReference	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ComputeClusterIdfwConfiguration	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ComputeManager (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate	Data of CA certificate for compute manager. Specifies CA certificate data for compute manager fetched from VC.	CACertificateData
create_service_account	Specifies whether service account is created or not on compute manager Enable this flag to create service account user on compute manager. This is required by features such as vSphere Lifecycle Manager for authentication with vAPIs from nsx. From VCF 9.0 service account is mandatory.	boolean	Default: "True"
credential	Login credentials for the compute manager Supported credential types are 'SamlTokenLoginCredential'. Please note 'UsernamePasswordLoginCredential' and 'SessionLoginCredential' are deprecated. VerifiableAsymmetricLoginCredential is used for internal purpose only.	LoginCredential (Abstract type: pass one of the following concrete types) LoginCredential SamlTokenLoginCredential SessionLoginCredential UsernamePasswordLoginCredential VerifiableAsymmetricLoginCredential
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extension_certificate	Specifies certificate for compute manager extension Specifies certificate for compute manager extension registered on vCenter.	CertificateData
id	Unique identifier of this resource	string	Sortable
multi_nsx	Specifies whether multi nsx feature is enabled for compute manager Enable this flag to manage same compute manager by multiple nsx.	boolean	Default: "False"
origin_properties	Key-Value map of additional specific properties of compute manager	array of KeyValuePair	Readonly
origin_type	Compute manager type like vCenter	string	Required
resource_type	Must be set to the value ComputeManager	string
reverse_proxy_https_port	Proxy https port of compute manager Specifies https port of the reverse proxy to connect to compute manager. For e.g. In case of VC, this port can be retrieved from this config file /etc/vmware-rhttpproxy/config.xml.	integer	Minimum: 1 Maximum: 65535 Default: "443"
server	IP address or hostname of compute manager	string	Required Format: hostname-or-ip
set_as_oidc_provider	Specifies whether compute manager has been set as OIDC provider If the compute manager is VC and need to set set as OIDC provider for NSX then this flag should be set as true. This is specific to wcp feature, should be enabled when this feature is being used.	boolean	Default: "True"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
vpc_access_level	VPC access level Defines representation and consumption of VPCs from default Project in vCenter: - Full Access: VPC and Subnet available for configuration from vCenter - READONLY: VPC and Subnet available in vCenter for read only access from vCenter - DISABLED: No VPC objects in vCenter, networks are represented as PortGroup under relevant VDS	string	Enum: FULL, READONLY, DISABLED Default: "FULL"
access_level_for_oidc	Specifies access level to NSX from the compute manager This is a deprecated property which is always set as FULL. Specifies the maximum access level allowed for calls from compute manager to NSX using the OIDC provider.	string	Deprecated Enum: FULL, LIMITED Default: "FULL"

ComputeManagerListRequestParameters (schema)

Compute manager list parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
origin_type	Compute manager type like vCenter	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
server	IP address or hostname of compute manager	string	Format: hostname-or-ip
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ComputeManagerListResult (schema)

List of compute managers

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of compute managers	array of ComputeManager	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ComputeManagerStatus (schema)

Runtime status information of the compute manager

Name	Description	Type	Notes
connection_errors	Errors when connecting with compute manager	array of ErrorInfo	Readonly
connection_status	Status of connection with the compute manager	string	Readonly Enum: UP, DOWN, CONNECTING
connection_status_details	Details about connection status	string	Readonly
last_sync_time	Timestamp of the last successful update of Inventory, in epoch milliseconds.	EpochMsTimestamp	Readonly
oidc_end_point_id	Specifies Id of corresponding OidcEndPoint If Compute manager is trusted as authorization server, then this Id will be Id of corresponding oidc end point.	string	Readonly
registration_errors	Errors when registering with compute manager	array of ErrorInfo	Readonly
registration_status	Registration status of compute manager	string	Readonly Enum: REGISTERED, UNREGISTERED, REGISTERING, REGISTERED_WITH_ERRORS
version	Version of the compute manager	string	Readonly

Condition (schema)

Represents the leaf level condition

Represents the leaf level condition. Evaluation of the condition expression
will be case insensitive.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
exclude	Members to be excluded from the condition List of members to be excluded from the condition. This field is applicable only for condition representing the list of malicious IPs. Only IPAddressExpression and PathExpression are supported. The PathExpression should have paths of Groups that of the group_type IPAddress. Multiple PathExpressions are not supported here.	ExcludedMembersList
id	Unique identifier of this resource	string	Sortable
key	Key	string	Required Enum: Tag, Name, OSName, ComputerName, NodeType, GroupType, ALL, IPAddress, PodCidr, ManagementInterface, OSVersion
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_type	Group member type For global groups (groups created from Global Manager), the supported Member Types are - VirtualMachine, Segment, SegmentPort, Group, DVPG and DVPort. For local groups (groups created on the local policy manager), the supported member types are IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode, BareMetalServer and BareMetalServerInterface. Support for LogicalPort and LogicalSwitch has been removed. Please use Segment and SegmentPort instead. Support for IPSet member type will be removed in the future. We recommend to create AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService and KubernetesNode, BareMetalServer and BareMetalServerInterface. Support for IPSet member type will be removed in the future. We recommend to create criterion with Group as the member type instead of IPSet.	string	Required Enum: IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, IPAddress, VpcSubnet, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode, VpcSubnetPort, BareMetalServer, BareMetalServerInterface
operator	operator Operator is made non-mandatory to support Segment and SegmentPort tag based expression. To evaluate expression for other types, operator value should be provided.	string	Enum: EQUALS, CONTAINS, STARTSWITH, ENDSWITH, NOTEQUALS, NOTIN, MATCHES, IN
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Condition	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
scope_operator	operator Default operator when not specified explicitly would be considered as EQUALS. If value for Condition is empty, then condition will not be evaluated. For example, Condition with key as Tag and value as "\|tag" would be evaluated for tag value not for empty scope value.	string	Enum: EQUALS, NOTEQUALS
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
value	Value	string	Required Minimum length: 1

ConditionalValueConstraintExpression (schema)

Represents the leaf level conditional value constraint.

Represents the leaf level expression to restrict the target attribute value
based on the set of existing values. Generally, used in combination with
RelatedAttributeConditionalExpression to constraint the values related to
another attribute on the same resource. This object is always used in
conjunction with some exression.
Example -
{
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"EXCLUDES",
"values":["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"]
}
}

Name	Description	Type	Notes
operator	Set operation to constraint values. INCLUDES_ANY operator supported only for StringArrayConstraintValue	string	Required Enum: INCLUDES, INCLUDES_ANY, EXCLUDES, EQUALS
rhs_value	Array of values to perform operation. List of values.	array of string
rhs_value_with_type	Array of values to perform operation. List of values.	ConstraintValue (Abstract type: pass one of the following concrete types) CidrArrayConstraintValue IntegerArrayConstraintValue StringArrayConstraintValue
value_constraint	Value Constraint Values to apply the conditional constraint on target.	ValueConstraintExpression	Required

ConfigOnboardingConflictRequest (schema)

Config onboarding conflict Request

Config onboarding request to verify conflicts in onboarding configuration
on global manager for a site.

Name	Description	Type	Notes
prefix	Prefix string User provided prefix string to resolve conflicting site entities.	string	Readonly
site_id	Site Id Site Id.	string	Readonly
suffix	Suffix string User provided suffix string to resolve conflicting site entities.	string

ConfigOnboardingConflictStatus (schema)

Config onboarding conflict status

Represents config onboarding conflict status on Global Manager.

Name	Description	Type	Notes
details		OnboardingFeatureInfo	Readonly
gm_details		GmConfigOnboardingConflictEntityInfo	Readonly
site_id	Site Id Site identifier of the site being onboarded.	string	Required Readonly
status		OnboardingConflictStatus	Required Readonly

ConfigOnboardingError (schema)

Config Onboarding Error

Represents error details in case of system fail to onboard site
configuration on global manager.

Name	Description	Type	Notes
error_code	Error Code Error code for errors found during onboarding process.	integer	Readonly
error_message	Error message Failure reason during onboarding process.	string	Readonly

ConfigOnboardingInProgressStatus (schema)

Config Onboarding in-progress status

Represents config onboarding status including processing phase compared to
of total number of phases to complete config onboarding.

Name	Description	Type	Notes
current_step	Current Onboarding Step Represent intermidiate phase when onboarding or rollback is in-progress on global manager.	integer	Readonly
feature		OnboardingFeatureInfo	Readonly
stage		OnboardingStage	Readonly
total_steps	Total number of Onboarding Steps Total number of phases involved in onboarding workflow.	integer	Readonly

ConfigOnboardingRequest (schema)

Config onboarding Request

Config onboarding request to initiate onboarding workflow on global manager
for a site.

Name	Description	Type	Notes
prefix	Prefix string User provided prefix string to resolve conflicting site entities.	string	Readonly
site_backup_reference	Site Backup Reference Site backup image details to hint user to restore site before starting onboarding process.	string	Required Readonly
site_id	Site Id Site Id.	string	Readonly
suffix	Suffix string User provided suffix string to resolve conflicting site entities.	string

ConfigOnboardingStatus (schema)

Config on-boarding status

Represents config onboarding status on Global Manager.

Name	Description	Type	Notes
details		ConfigOnboardingStatusDetails	Readonly
site_id	Site Id Site identifier of the site being onboarded.	string	Required Readonly
status		OnboardingStatus	Required Readonly
supported_features	List of supported features List of supported features on global manager.	array of OnboardingFeatureInfo	Readonly
timestamp	Status Timestamp Onboarding status as of current timestamp.	EpochMsTimestamp	Required
unsupported_features	List of unsupported features List of unsupported features on global manager.	array of OnboardingFeatureInfo	Readonly

ConfigOnboardingStatusDetails (schema)

Config on-boarding status details

Represents config on-boarding progress phase details per feature
information with progress metric like completed entity count against total
number of entities.

Name	Description	Type	Notes
error_messages		array of ConfigOnboardingError	Readonly
import_progress		ConfigOnboardingInProgressStatus	Readonly
revert_progress		ConfigOnboardingInProgressStatus	Readonly
site_backup_reference	Site Backup Reference Site backup image details to hint user to restore site before starting onboarding process.	string	Readonly

ConfigState (schema)

Config State

Configuration State. | SANDBOXED_REALIZATION_PENDING - This is applicable to only Global intent in the NSX+ platform. The intent in this state indicates that the Global intent is having a conflict with local intent in the corresponding site and it is sandboxed in an intent logical store. Also the realization is pending until the conflict is resolved. Policy Alarm will be genereated and notified to the NSX+ admin to alert the user to take action to resolve the conflicts.

Name	Description	Type	Notes
ConfigState	Config State Configuration State. \| SANDBOXED_REALIZATION_PENDING - This is applicable to only Global intent in the NSX+ platform. The intent in this state indicates that the Global intent is having a conflict with local intent in the corresponding site and it is sandboxed in an intent logical store. Also the realization is pending until the conflict is resolved. Policy Alarm will be genereated and notified to the NSX+ admin to alert the user to take action to resolve the conflicts.	string	Enum: SUCCESS, IN_PROGRESS, ERROR, UNKNOWN, UNINITIALIZED, SANDBOXED_REALIZATION_PENDING

ConfigurationState (schema)

Describes status of configuration of an entity

Name	Description	Type	Notes
details	Array of configuration state of various sub systems	array of ConfigurationStateElement	Readonly
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
state	Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated.	string	Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, VC_VCP_ACTION_PENDING, VC_VCP_ACTION_FAILED, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING

ConfigurationStateElement (schema)

Describes status of configuration of an entity

Name	Description	Type	Notes
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
state	State of configuration on this sub system	string	Required Readonly Enum: in_progress, success, failed, partial_success, in_sync, VM_DEPLOYMENT_FAILED, VM_POWER_ON_FAILED, VM_POWER_OFF_FAILED, VM_UNDEPLOY_FAILED, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, EDGE_CONFIG_ERROR, REGISTRATION_FAILED, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_NETWORK_EDIT_PENDING, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, NOT_AVAILABLE, REGISTRATION_TIMEDOUT, ADVANCED_CONFIG_EDIT_FAILED, VM_RESOURCE_RESERVATION_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, pending, orphaned, unknown, error, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_POWER_ON_IN_PROGRESS, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_SUCCESSFUL, VM_DEPLOYMENT_RESTARTED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_READY, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, ADVANCED_CONFIG_EDIT_PENDING, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_FOR_NON_LCM_EDGE, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_IN_PROGRESS, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING
sub_system_address	URI of backing resource on sub system	string	Readonly
sub_system_id	Identifier of backing resource on sub system	string	Readonly
sub_system_name	Name of backing resource on sub system	string	Readonly
sub_system_type	Type of backing resource on sub system	string	Readonly

ConflictingEntityListResponse (schema)

List of Features with conflict information

Name	Description	Type	Notes
example	Conflict example Conflict example	OnboardingFeatureInfo	Readonly
feature_compability_data		array of FeatureCompatibilityInfo	Readonly Maximum items: 100
feature_descendants		array of FeatureConflictInfo	Readonly
feature_summary		FeatureSummary	Readonly
infra_descendants		array of FeatureConflictInfo	Readonly

ConjunctionOperator (schema)

Represents the operators AND or OR

Represents the operators AND or OR.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
conjunction_operator	Conjunction Operator Node	string	Required Enum: OR, AND
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ConjunctionOperator	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ConnectivityAdvancedConfig (schema)

Advanced configuration for Policy connectivity

Name	Description	Type	Notes
connectivity	Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity.	string	Enum: ON, OFF Default: "ON"

ConsistencyCheckComponentReport (schema)

Consistency check report for component

Consistency check report for component [EDGE/HOST/MP]

Name	Description	Type	Notes
component_type	Component type based on which consistency report is to be generated Component type based on which consistency report is to be generated	string	Required Readonly
drop_stats	Consistency checks for traffic drop statistics Consistency checks for traffic drop statistics	array of ConsistencyCheckDropStats	Readonly
forward_stats	Consistency checks for forward traffic statistics Consistency checks for forward traffic statistics	array of ConsistencyCheckForwardStats	Readonly
realization_failure	Consistency checks for realization failures Consistency checks for realization failures	ConsistencyCheckRealizationFailure	Readonly
state	State of the consistency checker Current state of the consistency checker function. NOT_STARTED - consistency check has not started for this component type. PRE_UPGRADE_COLLECTED - consistency check for this component type has been instantiated. IN_PROGRESS - consistency check is currently being run for this component type. It will remain in this state until the component upgrade is complete and the periodic check (which runs every 5 minutes) confirms that all objects have reached a terminal state. PAUSED - consistency check for this component type is paused. It will resume once corresponding component resumes upgrade. POST_UPGRADE_COLLECTED_IMPENDING - consistency check for this component type is being examined if the component type IN_PROGRESS would resolve any failed objects. POST_UPGRADE_COMPLETED - consistency check for this component type is in its terminal status.	string	Required Readonly Enum: NOT_STARTED, PRE_UPGRADE_COLLECTED, IN_PROGRESS, POST_UPGRADE_COMPLETED

ConsistencyCheckComponentReportCsvRecord (schema)

Consistency check report for component

Consistency check report for component [EDGE/HOST/MP]

Name	Description	Type	Notes
component_report_state	State of the consistency checker Current state of the consistency checker function. NOT_STARTED - consistency check has not started for this component type. PRE_UPGRADE_COLLECTED - consistency check for this component type has been instantiated. IN_PROGRESS - consistency check is currently being run for this component type. It will remain in this state until the component upgrade is complete and the periodic check (which runs every 5 minutes) confirms that all objects have reached a terminal state. PAUSED - consistency check for this component type is paused. It will resume once corresponding component resumes upgrade. POST_UPGRADE_COLLECTED_IMPENDING - consistency check for this component type is being examined if the component type IN_PROGRESS would resolve any failed objects. POST_UPGRADE_COMPLETED - consistency check for this component type is in its terminal status.	string	Required Readonly Enum: NOT_STARTED, PRE_UPGRADE_COLLECTED, IN_PROGRESS, POST_UPGRADE_COMPLETED
component_type	Component type based on which consistency report is to be generated Component type based on which consistency report is to be generated	string	Required Readonly
drop_stats_cluster_id	Unique identifier for cluster where drop outliers were detected Unique identifier for cluster where drop outliers were detected	string	Required Readonly
drop_stats_cluster_name	Cluster name where drop traffic outliers were detected Cluster name where drop traffic outliers were detected	string	Required Readonly
drop_stats_deviation	Number of standard deviations away from the mean Number of standard deviations away from the mean	number	Required Readonly
drop_stats_drop_pps	Average packets being dropped per second across the cluster Average packets being dropped per second across the cluster	number	Required Readonly
drop_stats_observed_until	Timestamp till the packet drop rate, i.e. drop outlier was detected Timestamp till the packet drop rate, i.e. drop outlier was detected	string	Required Readonly
drop_stats_pnic_rx_pps	Average packets being received per second for physical nic across the cluster Average packets being received per second for physical nic across the cluster	number	Required Readonly
drop_stats_pnic_tx_pps	Average packets being transmitted per second for physical nic across the cluster Average packets being transmitted per second for physical nic across the cluster	number	Required Readonly
drop_stats_start_time	Timestamp when the packet drop rate, i.e. drop outlier was detected Timestamp when the packet drop rate, i.e. drop outlier was detected	string	Required Readonly
drop_stats_total_outliers	Total number of outliers for traffic drop statistics Total number of outliers for traffic drop statistics	integer	Required Readonly
drop_stats_vnic_rx_pps	Average packets being received per second for virtual nic across the cluster Average packets being received per second for virtual nic across the cluster	number	Required Readonly
drop_stats_vnic_tx_pps	Average packets being transmitted per second for virtual nic across the cluster Average packets being transmitted per second for virtual nic across the cluster	number	Required Readonly
drop_stats_warning_msg	Warning message indicating the number of outliers with respect to traffic drop statistics Warning message indicating the number of outliers with respect to traffic drop statistics	string	Readonly
forward_stats_cluster_id	Unique identifier for cluster where forward outliers were detected Unique identifier for cluster where forward outliers were detected	string	Required Readonly
forward_stats_cluster_name	Cluster name where forward traffic outliers were detected Cluster name where forward traffic outliers were detected	string	Required Readonly
forward_stats_deviation	Number of standard deviations away from the mean Number of standard deviations away from the mean	number	Required Readonly
forward_stats_observed_until	Timestamp till the packet forward rate drop, i.e. forward outlier was detected Timestamp when the packet forward rate drop, i.e. forward outlier was detected	string	Required Readonly
forward_stats_pnic_rx_pps	Forward packets received per second for physical nic Forward Packets received per second for physical nic	number	Required Readonly
forward_stats_pnic_tx_pps	Forward packets transmitted per second for physical nic Forward packets transmitted per second for physical nic	number	Required Readonly
forward_stats_start_time	Timestamp when the packet forward rate drop, i.e. forward outlier was detected Timestamp when the packet forward rate drop, i.e. forward outlier was detected	string	Required Readonly
forward_stats_total_outliers	Total number of outliers for forward traffic statistics Total number of outliers for forward traffic statistics	integer	Required Readonly
forward_stats_vnic_rx_pps	Forward packets received per second for virtual nic Forward packets received per second for virtual nic	number	Required Readonly
forward_stats_vnic_tx_pps	Forward packets transmitted per second for virtual nic Forward Packets transmitted per second for virtual nic	number	Required Readonly
forward_stats_warning_msg	Warning message indicating the number of outliers with respect to forward traffic statistics Warning message indicating the number of outliers with respect to forward traffic statistics	string	Readonly
realization_failure_object_path	Path of the policy object Path of the policy object	string	Required Readonly
realization_failure_object_status	Last seen failure status of the policy object Last seen failure status of the policy object	string	Required Readonly
realization_failure_timestamp	Timestamp when the failure was last seen of the policy object Timestamp when the failure was last seen of the policy object	string	Required Readonly
realization_failure_total	Total number of policy objects that have failed to realize Total number of policy objects that have failed to realize	integer	Required Readonly
realization_failure_warning_msg	Warning message indicating the number of policy objects that have failed realization Warning message indicating the number of policy objects that have failed realization	string	Readonly

ConsistencyCheckDropStats (schema)

Consistency checks for traffic drop statistics

Name	Description	Type	Notes
cluster_id	Cluster id for drop traffic outliers Cluster id for drop traffic outliers	string	Required Readonly
outliers	List of outliers for traffic drop statistics List of outliers for traffic drop statistics	array of DropStatsOutlier	Readonly
total_outliers	Total number of outliers for traffic drop statistics Total number of outliers for traffic drop statistics	integer	Required Readonly
warning_msg	Warning message indicating the number of outliers with respect to traffic drop statistics Warning message indicating the number of outliers with respect to traffic drop statistics	string	Readonly

ConsistencyCheckForwardStats (schema)

Consistency checks for forward traffic statistics

Name	Description	Type	Notes
cluster_id	Cluster id for forward traffic outliers Cluster id for forward traffic outliers	string	Required Readonly
outliers	List of outliers for forward traffic statistics List of outliers for forward traffic statistics	array of ForwardStatsOutlier	Readonly
total_outliers	Total number of outliers for forward traffic statistics Total number of outliers for forward traffic statistics	integer	Required Readonly
warning_msg	Warning message indicating the number of outliers with respect to forward traffic statistics Warning message indicating the number of outliers with respect to forward traffic statistics	string	Readonly

ConsistencyCheckListRequestParameters (schema)

Name	Description	Type	Notes
action	action to force refresh consistency report to current failures	string
component_type	Component type based on which consistency report is to be generated	string	Default: "ALL"
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
format	Component type based on which consistency report is to be generated	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ConsistencyCheckRealizationFailure (schema)

Consistency checks for realization failures

Name	Description	Type	Notes
realization_failures	List of policy objects that have failed to realize List of policy objects that have failed to realize	array of RealizationFailure	Readonly
total	Total number of policy objects that have failed to realize Total number of policy objects that have failed to realize	integer	Required Readonly
warning_msg	Warning message indicating the number of policy objects that have failed realization Warning message indicating the number of policy objects that have failed realization	string	Readonly

ConsistencyCheckReport (schema)

Consistency check report

Consistency check report for all components

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Consistency Check Report for respective components Consistency Check Report for respective components	array of ConsistencyCheckComponentReport	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ConsistencyCheckReportInCsvFormat (schema)

Consistency check report

Consistency check report for all components

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
results	Consistency Check Report for respective components Consistency Check Report for respective components	array of ConsistencyCheckComponentReportCsvRecord	Required Readonly

ConsolidatedRealizedStatus (schema)

Consolidated Realized Status for an Intent Object

Consolidated Realized Status of an intent object across enforcement points.

Name	Description	Type	Notes
consolidated_status	Consolidated Realized Status Consolidated Realized Status across enforcement points.	ConsolidatedStatus	Readonly
consolidated_status_per_enforcement_point	List of Consolidated Realized Status per Enforcement Point List of Consolidated Realized Status per enforcement point.	array of ConsolidatedStatusPerEnforcementPoint	Readonly
intent_path	String Path of the intent object Intent path of object, forward slashes must be escaped using %2F.	string	Required Readonly
intent_version	Intent version for the status Represent highest intent version across all realized objects	string	Readonly
publish_status	Aggregated Realization state of this object	string	Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
publish_time	Publish time of the intent This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time	EpochMsTimestamp	Readonly Sortable
site_uuid	id of Site Site UUID supplied for realized site.	string
time_taken_for_realization	Appoximate time taken in milliseconds for end to end realization. This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization.	integer

ConsolidatedStatus (schema)

Consolidated Status

Consolidated Status of an intent object. Status Consolidation of an intent happens at
multiple levels:
- Per Enforcement Point: calculation of the consolidated status is performed using all
realized entities that the intent objet maps to on a specific enforcement point.
- Across Enforcement Points: calculation of the consolidated status is performend
aggregating the consolidated status from each enforcement point.

Name	Description	Type	Notes
consolidated_status	Consolidated Realized Status Consolidated Realized Status of an intent object.	ConfigState	Readonly

ConsolidatedStatusNsxT (schema)

NSX-T Consolidated Status

Detailed Realized Status of an intent object on an NSX-T type of enforcement point.

Name	Description	Type	Notes
alarm	Alarm Information Details Alarm information details.	PolicyRuntimeAlarm	Readonly
consolidated_status	Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point.	ConsolidatedStatus	Readonly
enforced_status	Enforced Realized Status Detailed Realized Status inherent to an NSX-T Enforcement Point.	EnforcedStatusDetailsNsxT	Readonly
enforcement_point_id	Enforcement Point Id Enforcement Point Id.	string	Readonly
enforcement_point_path	Enforcement point Path Policy Path referencing the enforcement point where the info is fetched.	string	Readonly
resource_type	Must be set to the value ConsolidatedStatusNsxT	string	Required
site_path	Site Path The site where this enforcement point resides.	string	Readonly

ConsolidatedStatusPerEnforcementPoint (schema)

Consolidated Realized Status Per Enforcement Point

Consolidated Realized Status Per Enforcement Point.

Name	Description	Type	Notes
alarm	Alarm Information Details Alarm information details.	PolicyRuntimeAlarm	Readonly
consolidated_status	Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point.	ConsolidatedStatus	Readonly
enforcement_point_id	Enforcement Point Id Enforcement Point Id.	string	Readonly
enforcement_point_path	Enforcement point Path Policy Path referencing the enforcement point where the info is fetched.	string	Readonly
resource_type	Must be set to the value ConsolidatedStatusPerEnforcementPoint	string	Required
site_path	Site Path The site where this enforcement point resides.	string	Readonly

ConstantFieldValue (schema)

Constant Field Value

Constant Field Value.

Name	Description	Type	Notes
constant	Constant Value Constant Value that the field must be set to.	object
resource_type	Must be set to the value ConstantFieldValue	string	Required Enum: ConstantFieldValue

Constraint (schema)

Constraint definition.

Constraint object to constraint any attribute on a resource based on
specified expression.
Example- Restrict the allowed services in Edge Communication Entry to list of
services, if the destinationGroups contain vCenter.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}
"constraint_expression":{
"related_attribute":{
"attribute":"destinationGroups"
}
"condition":{
"operator":"INCLUDES",
"rhs_value":{"vCenter"}
"value_constraint":{
"operator":"ALLOW",
"values":{"/ref/services/HTTPS", "/ref/services/HTTOP", ...}
}
}
}
}

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
constraint_expressions	Expressions to constrain the target attribute value.	array of ConstraintExpression (Abstract type: pass one of the following concrete types) EntityInstanceCountConstraintExpression FieldSanityConstraintExpression RelatedAttributeConditionalExpression ValueConstraintExpression
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
message	User friendly message to be shown to users upon violation.	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Constraint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_owner_type	Constraint target's owner type	string	Enum: GM, LM, ALL
targets	Collection of target resources attribute details.	array of ConstraintTarget
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
constraint_expression	Expression to constrain the target attribute value. This property is deprecated. Please use the "constraint_expressions" property instead to specify one or more constraint expressions. If this property is populated, then the "constraint_expressions" value is ignored.	ConstraintExpression (Abstract type: pass one of the following concrete types) EntityInstanceCountConstraintExpression FieldSanityConstraintExpression RelatedAttributeConditionalExpression ValueConstraintExpression	Deprecated
target	Target resource attribute details. This property is deprecated. Please use the "targets" property instead to specify one or more targets. If this property is populated, then the "targets" value is ignored.	ConstraintTarget	Deprecated

ConstraintExpression (schema)

Base class for constraint expression

All the types of the expression extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
EntityInstanceCountConstraintExpression
FieldSanityConstraintExpression
RelatedAttributeConditionalExpression
ValueConstraintExpression

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value ConstraintExpression	string	Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ConstraintGlobalConfig (schema)

Global Constraint configuration

Global Constraint configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
include_system_resources	Include policy resources that are created by system in EntityInstanceCountConstraintExpression constraint If true, resources that are created by the system (i.e create_user set to SYSTEM_USER) will be included as part of counting the created entity instances while evaulating the EntityInstanceCountConstraintExpression type constraint. By default, these resources are not included as part of evaluating the count expression	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ConstraintGlobalConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ConstraintListResult (schema)

Paged Collection of Constraints

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Constraint list results	array of Constraint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ConstraintTarget (schema)

Resource attribute on which constraint should be applied.

Resource attribute on which constraint should be applied.
Example - sourceGroups attribute of Edge CommunicationEntry to be
restricted, is given as:
{
"target_resource_type":"CommunicationEntry",
"attribute":"sourceGroups",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}

Name	Description	Type
attribute	Attribute name of the target entity.	string
path_prefix	Path prefix of the entity to apply constraint. Path prefix of the entity to apply constraint. It should be a valid string prefix for policy path. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. For multi-tenancy path-prefixes (i.e. path starting with /orgs) following values are supported: 1. When constraint is created under '/infra/constraints/' OR under '/orgs//projects//infra/constraints/' then '/orgs//projects//' value is supported. 2. When constraint is created under custom project i.e. '/orgs//projects//infra/constraints/' then '/orgs//projects//vpcs//' value is supported.	string
target_resource_type	Resource type of the target entity. This is required in case the constraint expressions do not specify target resource type. Target resource type accepts input as DTO Type and or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type as SecurityPolicy.Rule.	string

ConstraintValue (schema)

Base class for each value configuration

All the types of value extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
CidrArrayConstraintValue
IntegerArrayConstraintValue
StringArrayConstraintValue

Name	Description	Type	Notes
resource_type		string	Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue

ContainerApplicationInstanceGroupAssociationRequestParams (schema)

List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
pod_id	ContainerApplicationInstance	string	Required
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ContainerConfiguration (schema)

Container that holds widgets

Represents a container to group widgets that belong to a common category or have a common purpose.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
header		Header
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
labels	Labels Labels for the container.	array of Label	Minimum items: 0
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value ContainerConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
widgets	Widgets held by the container If not specified, creates an empty container.	array of WidgetItem	Minimum items: 0
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
layout	Layout of widgets inside container Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. This property is deprecated. Now the layout inside the container can be taken care with the help of 'rowspan' and 'colspan' property.	Layout	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

ContainerListRequestParameters (schema)

Realization list request params

List request params for the pass through type api that get data from the Antrea Cluster.

Name	Description	Type	Notes
cluster_id	Cluster ID ID of the cluster to query	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ContentFilterValue (schema)

Support bundle content filter allowed values

Name	Description	Type	Notes
ContentFilterValue	Support bundle content filter allowed values	string	Enum: ALL, DEFAULT, REMOVE_CORE_FILES, EAL4_AUDIT

ContextProfileAttributesMetadata (schema)

Key value structure for holding metadata of context profile attributes

Name	Description	Type	Notes
key	Key for metadata	string	Required
value	Value for metadata key	string	Required

ContinueRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component to upgrade. Hints NSX to upgrade a specific component.	string
skip	Skip to upgrade of next component.	boolean	Default: "False"

CookiePersistenceModeType (schema)

cookie persistence mode

If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request.
Three different modes of cookie persistence are supported: insert, prefix
and rewrite.
In cookie insert mode, a cookie is inserted by load balancer in the HTTP
response going from server to client.
In cookie prefix and rewrite modes, server controls the cookie and load
balancer only manipulates the value of the cookie. In prefix mode, server's
cookie value is prepended with the server IP and port and then sent to the
client. In rewrite mode, entire server's cookie value is replaced with the
server IP and port in the response before sending it to the client.

Name	Description	Type	Notes
CookiePersistenceModeType	cookie persistence mode If the persistence cookie is found in the incoming request, value of the cookie is used to identify the server that this request should be sent to. If the cookie is not found, then the server selection algorithm is used to select a new server to handle that request. Three different modes of cookie persistence are supported: insert, prefix and rewrite. In cookie insert mode, a cookie is inserted by load balancer in the HTTP response going from server to client. In cookie prefix and rewrite modes, server controls the cookie and load balancer only manipulates the value of the cookie. In prefix mode, server's cookie value is prepended with the server IP and port and then sent to the client. In rewrite mode, entire server's cookie value is replaced with the server IP and port in the response before sending it to the client.	string	Enum: INSERT, PREFIX, REWRITE

CopyFromRemoteFileProperties (schema)

Name	Description	Type	Notes
port	Server port	integer	Minimum: 1 Maximum: 65535
preserve_file_properties	Preserve file properties flag	boolean	Default: "True"
protocol	Protocol to use to copy file	Protocol (Abstract type: pass one of the following concrete types) HttpProtocol HttpsProtocol ScpProtocol SftpProtocol	Required
server	Remote server hostname or IP address	string	Required Pattern: "^.+$"
uri	URI of file to copy	string	Required

CopyRemoteFileProperties (schema)

Name	Description	Type	Notes
port	Server port	integer	Minimum: 1 Maximum: 65535
preserve_file_properties	Preserve file properties flag	boolean	Default: "True"
server	Remote server hostname or IP address	string	Required Pattern: "^.+$"
uri	URI of file to copy	string	Required

CopyToRemoteFileProperties (schema)

Name	Description	Type	Notes
port	Server port	integer	Minimum: 1 Maximum: 65535
preserve_file_properties	Preserve file properties flag	boolean	Default: "True"
protocol	Protocol to use to copy file Only scp and sftp may be used.	Protocol (Abstract type: pass one of the following concrete types) HttpProtocol HttpsProtocol ScpProtocol SftpProtocol	Required
server	Remote server hostname or IP address	string	Required Pattern: "^.+$"
uri	URI of file to copy	string	Required

CoreDumpConfig (schema)

Node core dump config

Name	Description	Type	Notes
global_file_limit	Core dump file persistence config global limit	integer	Minimum: 0 Default: "2"
global_frequency_threshold	Core dump files frequency threshold config in seconds, set 0 to disable	integer	Minimum: 0 Default: "600"
process_config	Core dump config per process limit	array of CoreDumpProcessConfig

CoreDumpProcessConfig (schema)

Core dump process config

Name	Description	Type	Notes
limit	Core dump process limit	integer	Required
process_name	Core dump process name	string	Required

CorfuCertificateExpiryCheckProperties (schema)

Corfu Certificate Expiry Check Properties

Name	Description	Type	Notes
status	Current Status of Corfu Certificate Expiry Check (enabled/disabled)	string	Required

CpuUsage (schema)

CPU usage of DPDK and non-DPDK cores

Name	Description	Type	Notes
avg_cpu_core_usage_dpdk	Average utilization of all DPDK cores Indicates the average usage of all DPDK cores in percentage.	number	Readonly
avg_cpu_core_usage_non_dpdk	Average usage of all non-DPDK cores Indicates the average usage of all non-DPDK cores in percentage.	number	Readonly
highest_cpu_core_usage_dpdk	Highest CPU utilization value among DPDK cores Indicates the highest CPU utilization value among DPDK cores in percentage.	number	Readonly
highest_cpu_core_usage_non_dpdk	Highest CPU utilization value among non-DPDK cores Indicates the highest cpu utilization value among non_dpdk cores in percentage.	number	Readonly

CreateRemoteDirectoryProperties (schema)

Name	Description	Type	Notes
port	Server port	integer	Minimum: 1 Maximum: 65535
preserve_file_properties	Preserve file properties flag	boolean	Default: "True"
protocol	Protocol to use to copy file	SftpProtocol	Required
server	Remote server hostname or IP address	string	Required Pattern: "^.+$"
uri	URI of file to copy	string	Required

Criterion (schema)

Event Criterion

Event Criterion is the logical evaluations by which the event may
be deemed fulfilled. All the evaluations must be met in order for
the criterion to be met (implicit AND).

Name	Description	Type	Notes
evaluations	Criterion Evaluations Criterion Evaluations.	array of Evaluation (Abstract type: pass one of the following concrete types) SourceFieldEvaluation	Required Minimum items: 1

Crl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
one_crl	JSON-encoded OneCRL-like object	string
pem_encoded	PEM encoded CRL data.	string
resource_type	Must be set to the value Crl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

CrlDistributionPoint (schema) (Deprecated)

Reference to a CRL Distribution Point where to fetch a CRL

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
cdp_uri	CDP URI CRL Distribution Point URI where to fetch the CRL.	string	Required Readonly Maximum length: 255
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
issuer	Issuer Issuer of the CRL, referring to the CA.	string	Required Readonly Maximum length: 255
resource_type	Must be set to the value CrlDistributionPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

CrlDistributionPointList (schema) (Deprecated)

CrlDistributionPoint query result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	CrlDistributionPoint list.	array of CrlDistributionPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CrlDistributionPointStatus (schema) (Deprecated)

Reference to a CRL Distribution Point where to fetch a CRL

Name	Description	Type	Notes
error_message	Error Message Error message when fetching the CRL failed.	string	Readonly
status	Status Status of the fetched CRL for this CrlDistributionPoint	CdpStatusType	Required Readonly

CrlList (schema)

Crl queries result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	CRL list.	array of Crl	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CrlObjectData (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
one_crl	JSON-encoded OneCRL-like object	string
pem_encoded	PEM encoded CRL data.	string
resource_type	Must be set to the value CrlObjectData	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

CrlPemRequestType (schema) (Deprecated)

Request Type to get a CRL's PEM file.

Name	Description	Type	Notes
cdp_uri	CDP URI CRL Distribution Point URI where to fetch the CRL.	string	Required Readonly Maximum length: 255

CrossSiteFlowInfo (schema)

Information about config flow in federation

Represents details of the config flow between sites.
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)

Name	Description	Type	Notes
from_site_id	Site id of the source	string
from_site_path	Source site policy path	string
full_sync_info	Full sync information for the flow	FullSyncInfo
latency_measured_ts	Timestamp of latency measurement	integer
latency_millis	Latency from source to destination site in milli seconds	integer
leader_node_id	Local leader node id sharded for this remote site.	string
status	Overall status of the flow	string	Enum: GOOD, DISCONNECTED, RECOVERY, ERROR, UNKNOWN, NOT_READY
to_site_id	Site id of the destination	string
to_site_path	Destination site policy path	string

CryptoAlgorithm (schema)

Name	Description	Type	Notes
key_size	Supported key sizes for the algorithm.	array of KeySize	Required Readonly
name	Crypto algorithm name.	string	Required Readonly

CryptoEnforcement (schema)

Action for crypto enforcement

If enforced and if TLS protocol Client/Server Hello has none of the
permitted TLS versions or ciphers then the connection is immediately terminated.

Name	Description	Type	Notes
CryptoEnforcement	Action for crypto enforcement If enforced and if TLS protocol Client/Server Hello has none of the permitted TLS versions or ciphers then the connection is immediately terminated.	string	Readonly Enum: ENFORCE, TRANSPARENT

CryptoEntity (schema)

The CryptoEntity object

The crypto entity object that represents the RSA crypto
algorithm or EC crypto curve.

Name	Description	Type	Notes
name	Crypto entity name.	string	Required Readonly
oid	The official OID for the crypto entity.	string	Required Readonly

CspConfig (schema)

CSP authentication configuration

Extra OIDC configuration relevant only for CSP endpoints.

Name	Description	Type	Notes
additional_org_ids	Additional orginzation IDs A list of organization IDs. CSP tokens must be associated with one of these organizations, or the customer_org_id, in order to be considered valid.	array of string
customer_org_id	Customer organization ID	string

Csr (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
pem_encoded	PEM encoded certificate data.	string	Readonly
resource_type	Must be set to the value Csr	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

CsrExtensions (schema)

Collection of various x509 v3 extensions to be added to a CSR

Name	Description	Type	Notes
subject_alt_names	Subject alternative names Subject alternative names of the CSR	SubjectAltNames	Readonly

CsrList (schema)

Csr queries result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	CSR list.	array of Csr	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

CsrWithDaysValid (schema)

CSR data with days valid

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
days_valid	Number of days the certificate will be valid, default 825 days	integer	Default: "825"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
pem_encoded	PEM encoded certificate data.	string	Readonly
resource_type	Must be set to the value CsrWithDaysValid	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

CsvListResult (schema)

Base type for CSV result.

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string

CsvRecord (schema)

Base type for CSV records.

Name	Description	Type	Notes
CsvRecord	Base type for CSV records.	object

CurrentBackupOperationStatus (schema)

Current backup operation status

Name	Description	Type	Notes
backup_id	Unique identifier of current backup	string
current_step	Current step of operation	string	Enum: BACKUP_CREATING_CLUSTER_BACKUP, BACKUP_CREATING_NODE_BACKUP
current_step_message	Additional human-readable status information about current step	string
end_time	Time when operation is expected to end	EpochMsTimestamp
operation_type	Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set.	string	Enum: NONE, BACKUP
start_time	Time when operation was started	EpochMsTimestamp

CustomAttributeAction (schema)

Request Parameters for Custom Context Profile Attributes

Request Parameter which specify action to either add or remove the custom values.

Name	Description	Type	Notes
action	Add or Remove Custom Context Profile Attribute values. Action parameter determines whether to add or remove Custom Context Profile Attribute values.	string	Required Enum: add, remove

CustomFilterWidgetConfiguration (schema)

Custom Filter widget Configuration

Represents configuration for custom filter widget. For this widget the data source is not applicable. It defines ui identifer for filter UI component and render it on dashboard view. This configuration can only be used for system owned widgets.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alias	Alias to be used when emitting filter value Alias to be used when emitting filter value.	string
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value CustomFilterWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
ui_component_identifier	UI identifier for filter component to be rendered inside view/container User defined filter component selector to be rendered inside view/container.	string	Required
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

CustomWidgetConfiguration (schema)

Custom widget Configuration

Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value CustomWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
ui_component_identifier	UI identifier for component to be rendered inside view/container User defined component selector to be rendered inside view/container.	string
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

CvxConnectionInfo (schema)

CVX Connection Info

Credential info to connect to a CVX type of enforcement point.

Name	Description	Type	Notes
enforcement_point_address	Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"	string	Required
password	Password Password.	secure_string	Required
resource_type	Must be set to the value CvxConnectionInfo	string	Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
thumbprint	Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. Only used during onboarding and not updated during follow-up certificate changes.	string
username	Username Username.	secure_string	Required

DADMode (schema)

DAD Mode

Duplicate address detection modes.

Name	Description	Type	Notes
DADMode	DAD Mode Duplicate address detection modes.	string	Enum: LOOSE, STRICT

DADStatus (schema)

DAD Status

Duplicate address detection status for IP address on port.

Name	Description	Type	Notes
DADStatus	DAD Status Duplicate address detection status for IP address on port.	string	Enum: DUPLICATED, TENTATIVE, ASSIGNED, NOT_APPLICABLE, UNKNOWN

DNSForwarderStatisticsPerEnforcementPoint (schema)

DNS forwarder statistics per enforcement point

DNS forwarder statistics per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatistics

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path referencing the enforcement point from where the statistics are fetched.	string	Readonly
resource_type		string	Required Enum: NsxTDNSForwarderStatistics

DNSForwarderStatusPerEnforcementPoint (schema)

DNS forwarder status per enforcement point

DNS forwarder status per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatus

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path referencing the enforcement point from where the status is fetched.	string	Readonly
resource_type		string	Required Enum: NsxTDNSForwarderStatus

DashboardSummaryListRequestQueryParameters (schema)

Query parameters passed to the dashboard APIs

Represents the query parameters, such as the tenancy context and the pagination
properties, that the dashboard APIs (ids-summary, affected-vms) accept.

Name	Description	Type	Notes
context		TenancyContextQueryParameter
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path		EnforcementPointPathQueryParameter
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

DataCounter (schema)

Name	Description	Type	Notes
dropped	The dropped packets or bytes	integer
multicast_broadcast	The multicast and broadcast packets or bytes	integer
total	The total packets or bytes	integer	Required

DataSourceParameters (schema)

Name	Description	Type	Notes
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

DataSourceType (schema)

Data source type.

Name	Description	Type	Notes
DataSourceType	Data source type.	string	Enum: realtime, cached

Datasource (schema)

Datasource Instance

An instance of a datasource configuration.

Name	Description	Type	Notes
display_name	Datasource instance's display name Name of a datasource instance.	string	Required Maximum length: 255
keystore_info	Key Store Info Key Store information for all the url aliases defined in datasource. Use this property if key store information is same for each url aliases in the datasource.	KeyStoreInfo
urls	Array of relative urls and their aliases Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance.	array of UrlAlias	Required

DatetimeUTC (schema)

Datetime string in UTC

Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'

Name	Description	Type	Notes
DatetimeUTC	Datetime string in UTC Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'	string

DecryptionFailAction (schema)

TLS handshake fail action

Action to take when TLS handshake fails.

Name	Description	Type	Notes
DecryptionFailAction	TLS handshake fail action Action to take when TLS handshake fails.	string	Readonly Enum: BLOCK, BYPASS

DedicatedResources (schema)

Dedicated Resources to Project for Logging

To assign dedicated resources from default project to custom project for logging.
Resources dedicated to this project for logging cannot be dedicated to other projects.

Name	Description	Type	Notes
tier_0s	Array of Tier0s paths dedicated to this Project for logging. Logs for Tier0s mentioned will have this project's context. Tier0s mentioned under dedicated_resources should also be part of tier0s under project payload.	array of string

DefaultFilterValue (schema)

Default filter values

An instance of a datasource configuration.

Name	Description	Type	Notes
alias	Filter alias Filter alias.	string	Required
value	Filter default value Filter default value.	string	Required

DeleteRemoteDirectoryProperties (schema)

Name	Description	Type	Notes
directory_path	Directory Path Directory Path which needs to be retained	string
port	Server port	integer	Minimum: 1 Maximum: 65535
preserve_file_properties	Preserve file properties flag	boolean	Default: "True"
protocol	Protocol to use to delete directory Protocol to use to delete directory	SftpProtocol	Required
server	Remote server hostname or IP address	string	Required Pattern: "^.+$"
uri	URI of file to copy	string	Required

DeleteRequestParameters (schema)

Parameters that affect how delete operations are processed

Name	Description	Type	Notes
force	Force delete the resource even if it is being used somewhere If true, deleting the resource succeeds even if it is being referred as a resource reference.	boolean	Default: "False"

DependentServices (schema)

Name	Description	Type	Notes
dependent_services	List of firewall dependent services List of firewall dependent services.	array of string

DeploymentZone (schema) (Deprecated)

Deployment zone

Logical grouping of enforcement points.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use Site.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enforcement_points	Logical grouping of enforcement points	array of EnforcementPoint
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DeploymentZone	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DfwDropCounters (schema)

Name	Description	Type	Notes
rx_dropped	Number of received packets dropped by firewall The number of received packets dropped by distributed firewall rules due to rule actions.	integer
tx_dropped	Number of sent packets dropped by firewall The number of sent packets dropped by distributed firewall rules due to rule actions.	integer

DfwFirewallConfiguration (schema)

DFW Firewall related configurations

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildGlobalIdsSettings ChildPolicyExcludeList
description	Description of this resource	string	Maximum length: 1024 Sortable
disable_auto_drafts	Auto draft deactivate flag To deactivate auto drafts, set it to true. By default, auto drafts are enabled.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_firewall	Firewall enable flag If set to true, Firewall is enabled.	boolean	Default: "True"
global_addrset_mode_enabled	A flag to indicate if global address set is enabled in DFW When this flag is set to true, global address set is enabled in Distributed Firewall.	boolean	Default: "True"
global_macset_optimization_mode_enabled	Global MACSet Optimization Flag MACSet optimization is turned on when this flag is set to true. By default it is set to false.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
idfw_enabled	Identity firewall enable flag If set to true, identity firewall is enabled.	boolean	Default: "False"
idfw_event_log_scraper_enabled	Enable event log scraping Enables event log scraping for Identity firewall.	boolean	Default: "False"
idfw_loginsight_enabled	Enable Loginsight server for Identity Firewall If set to true, collection of login/logout events from Loginsight server is enabled.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DfwFirewallConfiguration	string	Required Enum: DfwFirewallConfiguration
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DfwHeapMemoryUsage (schema)

DFW heap memory usage

Distributed Firewall heap memory utilization.

Name	Description	Type	Notes
description	Description of the DFW module Description of the DFW module.	string	Readonly
ever_time	Ever time for specific heap Time duration when last peak ever was observed for specific heap.	string	Readonly
name	Name of the DFW module Name of the DFW heap on specified host.	string	Readonly
peak_ever	Peak ever for specific heap Number of times peak threshold reached for specific heap.	number	Readonly
total_mb	Total size of heap for the specified heap in mb units Total size of heap for the specified heap in mb units.	integer	Readonly
usage_pct	Percentage of heap utilized for specific heap Percentage of heap utilized for specific heap.	number	Readonly
used_mb	Utilized size of heap for the specified heap in mb units Utilized size of heap for the specified heap in mb units.	integer	Readonly

DhGroup (schema)

Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1048-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit Random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit Random ECP group.
GROUP21 uses 521-bit Random ECP group.

Name	Description	Type	Notes
DhGroup	Diffie-Hellman groups Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group.	string	Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21

DhcpConfig (schema)

DHCP configuration

DHCP config.
This dhcp configuration can be overriden per subnet.

Name	Description	Type
dhcp_relay_config_path	DHCP relay config path Policy path of DHCP-relay-config. If configured then all the subnets will be configured with the DHCP relay server. If not specified, then the local DHCP server will be configured for all connected subnets.	string
dns_client_config	Dns client configuration Dns configuration	DnsClientConfig
enable_dhcp	Activate or Deactivate DHCP If activated, the DHCP server will be configured based on IP address type. If deactivated then neither DHCP server nor relay shall be configured.	boolean

DhcpDeleteLeaseRequestParameters (schema) (Deprecated)

Name	Description	Type	Notes
ip		IPAddress	Required
mac		MACAddress	Required

DhcpDeleteLeases (schema)

List of DHCP leases to be deleted

Name	Description	Type	Notes
leases	List of DHCP leases	array of DhcpDeleteLeaseRequestParameters	Required Minimum items: 1 Maximum items: 100

DhcpHeader (schema)

Name	Description	Type	Notes
op_code	Message op code / message type This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY.	string	Enum: BOOTREQUEST, BOOTREPLY Default: "BOOTREQUEST"

DhcpIpPoolUsage (schema) (Deprecated)

Name	Description	Type
allocated_number	allocated number. COULD BE INACCURATE, REFERENCE ONLY.	integer
allocated_percentage	allocated percentage. COULD BE INACCURATE, REFERENCE ONLY.	integer
consumed_number	Consumed Number The consumed number is intended to display the total number of IP addresses consumed by DHCP clients. However, it may not always reflect an accurate count due to the asynchronous running DHCP data path.	integer
dhcp_ip_pool_id	uuid of dhcp ip pool	string
pool_size	pool size	integer

DhcpLeasePerIP (schema)

Name	Description	Type	Notes
expire_time	expire time of the lease	string
ip_address	ip address of client	string	Required
lease_time	lease time of the ip address, in seconds	string
mac_address	mac address of client	string	Required
start_time	start time of lease	string	Required
subnet	subnet of client network	string

DhcpLeases (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
dhcp_server_id	dhcp server uuid	string
ipv6_leases	The ipv6 lease info list of the server	array of DhcpV6Lease	Minimum items: 0 Maximum items: 65535
leases	The lease info list of the server	array of DhcpLeasePerIP	Minimum items: 0 Maximum items: 65535
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
timestamp	timestamp of the lease info	EpochMsTimestamp

DhcpLeasesResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
connectivity_path	Policy path to Segment, Tier0 or Tier1 gateway Policy path to Segment, Tier0 or Tier1 gateway where DHCP server is attached.	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
dhcp_server_id	dhcp server uuid	string
ipv6_leases	The ipv6 lease info list of the server	array of DhcpV6Lease	Minimum items: 0 Maximum items: 65535
leases	The lease info list of the server	array of DhcpLeasePerIP	Minimum items: 0 Maximum items: 65535
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
timestamp	timestamp of the lease info	EpochMsTimestamp

DhcpOption121 (schema) (Deprecated)

DHCP option 121

DHCP option 121 to define classless static route.

Name	Description	Type	Notes
static_routes	DHCP classless static routes Classless static route of DHCP option 121.	array of ClasslessStaticRoute	Required Minimum items: 1 Maximum items: 27

DhcpRelayConfig (schema)

DHCP relay configuration

DHCP relay configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-relay-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DhcpRelayConfig	string
server_addresses	DHCP relay addresses DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported.	array of IPAddress	Required Maximum items: 8
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DhcpRelayConfigListResult (schema)

Paged collection of DhcpRelayConfigs

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	DhcpRelayConfig results	array of DhcpRelayConfig	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DhcpServerAdditionalConfig (schema)

Additional DHCP server config.

Additional DHCP server config for VPC subnet.
The additional configuration must be cleared when the subnet has DHCP relay enabled or DHCP is deactivated.

Name	Description	Type	Notes
options	DHCP options IPv4 DHCP options for VPC subnet.	DhcpV4Options
reserved_ip_ranges	Reserved ip ranges Specifies IP ranges that are reserved and excluded from being assigned by the DHCP server to clients. These reserved IPs must not overlap with system-reserved addresses, including the gateway IP, network IP, DHCP server IP, and broadcast IP, and they must belong to the defined subnet CIDR. The reserved IPs can be provided as either a single IP address or an IP address range. Only IPv4 addresses are supported. Supported formats include: ["192.168.1.1", "192.168.1.3-192.168.1.100"]	array of string	Maximum items: 10

DhcpServerConfig (schema)

DHCP server configuration

DHCP server configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-server-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_cluster_path	Edge cluster path The reference to the edge cluster using the policy path of the edge cluster. Auto assigned if only one edge cluster is configured on enforcement-point. Modifying edge cluster will reallocate DHCP server to the new edge cluster. Please note that re-allocating edge-cluster will result in losing of all exisitng DHCP lease information. Change edge cluster only when losing DHCP leases is not a real problem, e.g. cross-site migration or failover and all client hosts will be reboot and get new IP addresses.	string
enable_standby_relocation	Stand-By Relocation If no "preferred-edge-paths" were defined, and the "enable-standby-relocation"=true, once a new edge-node was added to the edge-cluster, the stand-by node of the DHCP could possibly be moved to another edge-node. But there is no guarantee that the stand-by will be moved. Please note, if the dhcp-server-config was applied to a gateway, and this gateway has defined its own edge-cluster and preferred edge-nodes, then the edge-cluster and nodes defined in dhcp-server-config will be ignored.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
preferred_edge_paths	Edge node path Policy paths to edge nodes on which the DHCP servers run. The first edge node is assigned as active edge, and second one as stanby edge. If only one edge node is specified, the DHCP servers will run without HA support. When this property is not specified, edge nodes are auto-assigned during realization of the DHCP server.	array of string	Maximum items: 2
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DhcpServerConfig	string
server_addresses	DHCP server address in CIDR format DHCP server address in CIDR format. Both IPv4 and IPv6 address families are supported. Prefix length should be less than or equal to 30 for IPv4 address family and less than or equal to 126 for IPv6. When not specified, IPv4 value is auto-assigned to 100.96.0.1/30. Ignored when this object is configured at a Segment.	array of string	Maximum items: 2
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
lease_time	IP address lease time in seconds IP address lease time in seconds.	integer	Deprecated Minimum: 60 Maximum: 4294967295 Default: "86400"
server_address	DHCP server address in CIDR format DHCP server address in CIDR format. Prefix length should be less than or equal to 30. DHCP server is deployed as DHCP relay service. This property is deprecated, use server_addresses instead. Both properties cannot be specified together with different new values.	string	Deprecated Format: ip-cidr-block

DhcpServerConfigListResult (schema)

Paged collection of DhcpServerConfigs

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	DhcpServerConfig results	array of DhcpServerConfig	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DhcpServerLeaseRequestParameters (schema)

DHCP server lease request parameters

Name	Description	Type	Notes
address	IP or MAC address IP address, IP range or MAC address to retrieve specific lease information. Either a "address" or a "segment_path" can be provided, but not both in the same call.	string
connectivity_path	String Path of Tier0, Tier1 or Segment String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration.	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point Enforcement point path. Required when multiple enforcement points are configured.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
segment_path	Segment path to retrieve lease information Segment path to retrieve lease information. Either a "address" or a "segment_path" can be provided, but not both in the same call.	string
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	The data source The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

DhcpServerRequestParameters (schema)

DHCP server list request parameters

Name	Description	Type	Notes
connectivity_path	String Path of Tier0, Tier1 or Segment String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration.	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point Enforcement point path. Required when multiple enforcement points are configured.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

DhcpServerState (schema)

Name	Description	Type	Notes
details	Array of configuration state of various sub systems	array of ConfigurationStateElement	Readonly
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
state	Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated.	string	Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, VC_VCP_ACTION_PENDING, VC_VCP_ACTION_FAILED, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING

DhcpServerStatistics (schema)

Name	Description	Type
acks	The total number of DHCP ACK packets	integer
declines	The total number of DHCP DECLINE packets	integer
dhcp_server_id	dhcp server uuid	string
discovers	The total number of DHCP DISCOVER packets	integer
errors	The total number of DHCP errors	integer
informs	The total number of DHCP INFORM packets	integer
ip_pool_stats	The DHCP ip pool usage statistics	array of DhcpIpPoolUsage
nacks	The total number of DHCP NACK packets	integer
offers	The total number of DHCP OFFER packets	integer
releases	The total number of DHCP RELEASE packets	integer
requests	The total number of DHCP REQUEST packets	integer
timestamp	timestamp of the statistics	EpochMsTimestamp

DhcpServerStatus (schema) (Deprecated)

Name	Description	Type	Notes
active_node	uuid of active transport node	string
error_message	Error message, if available	string
service_status	UP means the dhcp service is working fine on both active transport-node and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down.	string	Enum: UP, DOWN, ERROR, NO_STANDBY
stand_by_node	uuid of stand_by transport node. null if non-HA mode	string

DhcpStaticBindingConfig (schema)

Base class for DHCP options

DHCP IPv4 and IPv6 static bindings are extended from this abstract class.
This is an abstract type. Concrete child types:
DhcpV4StaticBindingConfig
DhcpV6StaticBindingConfig

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DhcpStaticBindingConfig	string	Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DhcpStaticBindingConfigListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paginated list of DhcpStaticBindingConfig	array of DhcpStaticBindingConfig (Abstract type: pass one of the following concrete types) DhcpV4StaticBindingConfig DhcpV6StaticBindingConfig	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DhcpStaticBindingState (schema)

Name	Description	Type	Notes
details	Array of configuration state of various sub systems	array of ConfigurationStateElement	Readonly
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
state	Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated.	string	Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, VC_VCP_ACTION_PENDING, VC_VCP_ACTION_FAILED, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING

DhcpStatistics (schema) (Deprecated)

Name	Description	Type
acks	The total number of DHCP ACK packets	integer
declines	The total number of DHCP DECLINE packets	integer
dhcp_server_id	dhcp server uuid	string
discovers	The total number of DHCP DISCOVER packets	integer
errors	The total number of DHCP errors	integer
informs	The total number of DHCP INFORM packets	integer
ip_pool_stats	The DHCP ip pool usage statistics	array of DhcpIpPoolUsage
nacks	The total number of DHCP NACK packets	integer
offers	The total number of DHCP OFFER packets	integer
releases	The total number of DHCP RELEASE packets	integer
requests	The total number of DHCP REQUEST packets	integer
timestamp	timestamp of the statistics	EpochMsTimestamp

DhcpV4Options (schema)

DHCP options for IPv4 address family

DHCP options for IPv4 server.

Name	Description	Type	Notes
option121	DHCP option 121 DHCP option 121 to define classless static routes.	DhcpOption121
others	Other DHCP options To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. Option code 3, 6, 12, 51 should be configured as properties. -------------------------- Code Name -------------------------- 2 Time Offset 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time	array of GenericDhcpOption	Minimum items: 0 Maximum items: 255

DhcpV4StaticBindingConfig (schema)

DHCP static binding

DHCP IPv4 static bindings are configured for each segment.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
gateway_address	Gateway IP address When not specified, gateway address is auto-assigned from segment configuration.	IPv4Address
host_name	Host name Hostname to assign to the host.	string	Maximum length: 63
id	Unique identifier of this resource	string	Sortable
ip_address	IP assigned to host IP assigned to host. The IP address must belong to the subnet, if any, configured on Segment.	IPv4Address	Required
lease_time	Lease time DHCP lease time in seconds.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
mac_address	MAC address of host MAC address of the host.	MACAddress	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
options	DHCP options IPv4 DHCP options.	DhcpV4Options
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DhcpV4StaticBindingConfig	string	Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DhcpV6Lease (schema)

Name	Description	Type	Notes
duid	DHCP unique identifier	string	Required
expire_time	expire time of the lease	string
ia_type	identity association type	string	Required Enum: IA_INVALID, IA_NA, IA_TA, IA_PD
iaid	An identifier for an IA	integer	Required
ip_addresses	ip addresses of client	array of string	Minimum items: 0 Maximum items: 65535
lease_time	lease time of the ip address, in seconds	string
start_time	start time of lease	string	Required

DhcpV6StaticBindingConfig (schema)

DHCP static binding

DHCP IPv6 static bindings are configured for each segment.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dns_nameservers	DNS nameservers to be set to client host When not specified, no DNS nameserver will be set to client host.	array of string	Minimum items: 0 Maximum items: 2
domain_names	Domain names to be assigned to client host When not specified, no domain name will be assigned to client host.	array of string
id	Unique identifier of this resource	string	Sortable
ip_addresses	IP addresses to be assigned to client host When not specified, no ip address will be assigned to client host.	array of IPv6Address	Minimum items: 0 Maximum items: 1
lease_time	Lease time Lease time, in seconds.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
mac_address	MAC address The MAC address of the client host. Either client-duid or mac-address, but not both.	MACAddress	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
preferred_time	Preferred time Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used.	integer	Minimum: 48 Maximum: 4294967295
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DhcpV6StaticBindingConfig	string	Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig
sntp_servers	SNTP server ips SNTP server IP addresses.	array of IPv6Address	Minimum items: 0 Maximum items: 2
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Dhcpv6Header (schema)

Name	Description	Type	Notes
msg_type	DHCP message type This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters.	string	Enum: SOLICIT, ADVERTISE, REQUEST, REPLY Default: "SOLICIT"

DirectoryDomainSyncSettings (schema)

Domain synchronization settings

Name	Description	Type	Notes
delta_sync_interval	Delta synchronization inverval in minutes Directory domain delta synchronization interval time between two delta sync in minutes.	integer	Minimum: 5 Maximum: 720 Default: "180"
full_sync_cron_expr	Full synchronization cron expression Directory domain full synchronization schedule using cron expression. For example, cron expression "0 0 12 ? * SUN *" means full sync is scheduled every Sunday midnight. If this object is null, it means there is no background cron job running for full sync.	string
sync_delay_in_sec	Sync delay (in second). Sync delay after Directory domain has been successfully created. if delay is -1, initial full sync will not be triggered.	int	Minimum: -1 Maximum: 600 Default: "30"

DirectoryDomainSyncStats (schema)

Directory domain synchronization statistics

Name	Description	Type	Notes
avg_delta_sync_time	Average time spent for all historical delta sync All the historical delta sync are counted in calculating the average delta sync time in milliseconds.	integer	Readonly
avg_full_sync_time	Average time spent for all historical full sync All the historical full sync are counted in calculating the average full sync time in milliseconds.	integer	Readonly
current_state	Current state of directory domain sync context Current running state of the directory domain in synchronization life cycle. It could be one of the following five states. SELECTIVE_FULL_SYNC and SELECTIVE_DELTA_SYNC are sync states for selective sync.	string	Required Readonly Enum: IDLE, FULL_SYNC, DELTA_SYNC, SELECTIVE_FULL_SYNC, SELECTIVE_DELTA_SYNC
current_state_begin_time	Current state elapsed time Since what time the current state has begun. The time is expressed in millisecond epoch time.	EpochMsTimestamp	Required Readonly
num_delta_sync	Total number of successful delta sync number of successful historical delta sync initiated either by system or by API request.	integer	Readonly
num_full_sync	Total number of successful full sync number of successful historical full sync initiated either by system or by API request.	integer	Readonly
prev_sync_end_time	Previous sync ended time Directory domain previous sync ending time expressed in millisecond epoch time.	EpochMsTimestamp	Required Readonly
prev_sync_error	Previous sync error Directory domain previous sync status error if last status was failure.	string	Readonly
prev_sync_status	Previous sync status Directory domain previous sync status. It could be one of the following two states.	string	Required Readonly Enum: SUCCESS, FAILURE, UNKNOWN
prev_sync_type	Previous sync type Directory domain previous sync type. It could be one of the following five states. Right after the directory domain is configured, this field is set to IDLE.	string	Required Readonly Enum: IDLE, FULL_SYNC, DELTA_SYNC, SELECTIVE_FULL_SYNC, SELECTIVE_DELTA_SYNC

DirectoryEventLogServer (schema)

Event log server of directory domain

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	Directory domain name Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.	string
host	Event log server host name Directory Event Log server DNS host name or ip address which is reachable by NSX manager to be connected and do event fetching.	string	Required Format: hostname-or-ip
id	Unique identifier of this resource	string	Sortable
password	Event log server password Directory event log server connection password.	secure_string
resource_type	Must be set to the value DirectoryEventLogServer	string
status	Event log server connection status Event log server connection status object	DirectoryEventLogServerStatus
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
username	Event log server username Directory event log server connection user name.	string

DirectoryEventLogServerStatus (schema)

Event log server connection status

Name	Description	Type	Notes
error_message	Additional optional detail error message	string	Readonly
last_event_record_id	Last event record ID Last event record ID is an opaque integer value that shows the last successfully received event from event log server.	integer	Readonly
last_event_time_created	Time when last event record ID was received Time of last successfully received and record event from event log server.	EpochMsTimestamp	Readonly
last_polling_time	Last polling time	EpochMsTimestamp	Readonly
status	Current connection status of event log server Connection status: OK: All OK ERROR: Generic error	string	Required Readonly Enum: OK, ERROR

DirectoryLdapServer (schema)

LDAP server of directory domain

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate_path	LDAP server certificate IdentityFirewallStore LDAP server certificate used in secure LDAPS connection.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	Directory domain name Directory domain name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.	string
host	LDAP server host name Directory LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization.	string	Required Format: hostname-or-ip
id	Unique identifier of this resource	string	Sortable
password	LDAP server password Directory LDAP server connection password.	secure_string
port	LDAP server TCP/UDP port Directory LDAP server connection TCP/UDP port.	integer	Default: "389"
protocol	LDAP server protocol Directory LDAP server connection protocol which is either LDAP or LDAPS.	string	Enum: LDAP, LDAPS Default: "LDAP"
resource_type	Must be set to the value DirectoryLdapServer	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
thumbprint	LDAP server certificate thumbprint using SHA-256 algorithm Directory LDAP server certificate thumbprint used in secure LDAPS connection.	string
use_certificate	Flag for certificate usage This flag helps in deciding whether to use thumbprint or certificate.	boolean
username	LDAP server username Directory LDAP server connection user name.	string

DirectoryLdapServerStatus (schema)

Status LDAP server of directory domain

Name	Description	Type	Notes
error_id	Error ID of the directory LDAP server status Error ID of the directory LDAP server status maintained by the NSX directory service.	integer
error_message	Error message of the directory LDAP server status Error message of the directory LDAP server status maintained by the NSX directory service.	string

DirectoryOrgUnit (schema)

Organization Unit

Name	Description	Type	Notes
children	List of children Organization Units List of children Organization Units if any.	array of DirectoryOrgUnit	Required Maximum items: 500
distinguished_name	Distinguished name Distinguished name of the organization unit.	string	Required
name	Organization Unit name Organization Unit name.	string	Required

DirectoryOrgUnitListResults (schema)

List of organization units

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of Organization Units	array of DirectoryOrgUnit	Required Maximum items: 100000
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DiscoveredResource (schema)

Base class for resources that are discovered and automatically updated

Name	Description	Type	Notes
_last_sync_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
resource_type	The type of this resource.	string	Required
scope	List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC.	array of DiscoveredResourceScope
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

DiscoveredResourceScope (schema)

Scope of discovered resource

Name	Description	Type	Notes
scope_id	Scope Id of scope for discovered resource Specifies the scope id of discovered resource.	string
scope_type	Type of scope Type of the scope for the discovered resource.	string	Enum: CONTAINER_CLUSTER, VPC

DiscoveryProfileBindingMap (schema)

Base Discovery Profile Binding Map

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DiscoveryProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DiskProvisioning (schema)

Disk provisioning type

Disk provisioning type for deploying VM.

Name	Description	Type	Notes
DiskProvisioning	Disk provisioning type Disk provisioning type for deploying VM.	string	Required Enum: THIN, LAZY_ZEROED_THICK, EAGER_ZEROED_THICK

DistributedDhcpServerPackets (schema)

Name	Description	Type	Notes
acks	Total DHCP Acks The total number of DHCP ACK packets.	integer	Required
declines	Total DHCP Declines The total number of DHCP DECLINE packets.	integer	Required
discovers	Total DHCP Discovers The total number of DHCP DISCOVER packets.	integer	Required
errors	Total DHCP Errors The total number of DHCP errors.	integer	Required
informs	Total DHCP Informs The total number of DHCP INFORM packets.	integer	Required
nacks	Total DHCP Nacks The total number of DHCP NACK packets.	integer	Required
offers	Total DHCP Offers The total number of DHCP OFFER packets.	integer	Required
releases	Total DHCP Releases The total number of DHCP RELEASE packets.	integer	Required
requests	Total DHCP Requests The total number of DHCP REQUEST packets.	integer	Required

DistributedFloodProtectionProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_rst_spoofing	Flag to indicate rst spoofing is enabled If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles.	boolean	Default: "False"
enable_syncache	Flag to indicate syncache is enabled If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles.	boolean	Default: "False"
icmp_active_flow_limit	Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections.	integer	Minimum: 1 Maximum: 1000000
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
other_active_conn_limit	Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.	integer	Minimum: 1 Maximum: 1000000
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DistributedFloodProtectionProfile	FloodProtectionProfileResourceType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_half_open_conn_limit	Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections.	integer	Minimum: 1 Maximum: 1000000
udp_active_flow_limit	Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections.	integer	Minimum: 1 Maximum: 1000000
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DistributedVlanConnection (schema)

Policy distributed vlan connection

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
gateway_addresses	Gateway address Gateway IP address in network address and prefix length format	array of IPv4CIDRBlock	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DistributedVlanConnection	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlan_id	Vlan id Vlan id for external gateway traffic	VlanID	Required

DnsClientConfig (schema)

Dns configuration

Dns config

Name	Description	Type	Notes
dns_server_ips	IPs of the DNS servers which need to be configured on the workload VMs	array of string	Maximum items: 2

DnsFailedQuery (schema)

The failed DNS query

The summary of the failed DNS query. The query result represents a full
query chain from client VM to dns forwarder, and upstream server if no
forwarder cache was hit.

Name	Description	Type	Notes
address	The adddress be queried The address be queried, can be a FQDN or an ip address.	string
client_ip	The client host ip address from which the query was issued The client host ip address from which the query was issued.	string
error_message	The error message of the failed query The detailed error message of the failed query, if any.	string
error_type	The type of the failure The type of the query failure, e.g. NXDOMAIN, etc.	string
forwarder_ip	The DNS forwarder ip address to which the query was first received The DNS forwarder ip address to which the query was first received.	string
record_type	The record type be queried The record type be queried, e.g. A, CNAME, SOA, etc.	string
source_ip	The source ip address for forwarding query The source ip address that is used to forward a query to an upstream server.	string
time_spent	Time spent in the query, if applicable The time the query took before it got a failed answer, in ms.	integer
timestamp	Timestamp of the request Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.	string	Required
upstream_server_ip	The ip address to which the query was forwarded The upstream server ip address to which the query was forwarded. If the query could not be serviced from the DNS forwarder cache, this property will contain the IP address of the DNS server that serviced the request. If the request was serviced from the cache, this property will be absent.	string

DnsHeader (schema)

Name	Description	Type	Notes
address	Domain name/IP to query/response This is used to define what is being asked or responded.	string	Format: hostname-or-ip
address_type	This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA	string	Enum: V4, V6 Default: "V4"
message_type	Specifies the message type whether it is a query or a response.	string	Enum: QUERY, RESPONSE Default: "QUERY"

DnsSecurityProfile (schema)

DNS security profile

Used to configure DNS security profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DnsSecurityProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
ttl	Time to live for DNS cache entry Time to live for DNS cache entry in seconds. Valid TTL values are between 3600 to 864000. However, this field accepts values between 0 through 864000. We define TTL type based on the value of TTL as follows: TTL 0 - cached entry never expires. TTL 1 to 3599 - invalid input and error is thrown TTL 3600 to 864000 - ttl is set to user input TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet. User defined TTL value is used only when it is betweeen 3600 to 864000.	integer	Minimum: 0 Maximum: 864000 Default: "86400"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DnsSecurityProfileBindingMap (schema)

Binding Map for DNS Security Profile

This entity will be used to establish association between DNS security profile and
Group. With this entity, user can specify intent for applying DNS security profile
profile to particular Group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DnsSecurityProfileBindingMap	string
sequence_number	Sequence number DNS Security Profile Binding Map Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000.	integer	Minimum: 1 Maximum: 100000
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DnsSecurityProfileBindingMapListRequestParameters (schema)

DNS Security Profile Binding Map List Request Parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

DnsSecurityProfileBindingMapListResult (schema)

Paged collection of DNS Security Profile Binding Map

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	DNS Security Profile Binding Map List Results	array of DnsSecurityProfileBindingMap
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DnsSecurityProfileListResult (schema)

Paged Collection of DnsSecurityProfile

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	DnsSecurityProfile list results	array of DnsSecurityProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Domain (schema)

Domain

Domain.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDomainDeploymentMap ChildGatewayPolicy ChildGroup ChildIdsGatewayPolicy ChildIdsSecurityPolicy ChildSecurityPolicy
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Domain	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DomainDeploymentMap (schema)

Domain Deployment Map

Binding of domain to the enforcement point.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enforcement_point_path	Absolute path of enforcement point Path of enforcement point on which domain shall be enforced.	string	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value DomainDeploymentMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

DomainDeploymentMapListRequestParameters (schema)

Domain Deployment Map List Request Parameters

Domain Deployment Map list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

DomainDeploymentMapListResult (schema)

Paged Collection of Domain Deployment Map

Paged collection of Domain Deployment Map.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Domain Deployment Map List Result Domain Deployment Map list result.	array of DomainDeploymentMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DomainListRequestParameters (schema)

Domain list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

DomainListResult (schema)

Paged Collection of Domains

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Domain list results	array of Domain	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

DonutConfiguration (schema)

Donut Configuration

Represents configuration of a Donut

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
count	Expression to retrieve count to be shown on Donut Expression to retrieve count to be shown on Donut.	string
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_count	Show or hide the count of entities If true, displays the count of entities in the donut	boolean	Default: "True"
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
label	Label of the Donut Configuration Displayed at the middle of the donut, by default. It labels the entities of donut.	Label
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value DonutConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
sections	Sections	array of DonutSection	Required Minimum items: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

DonutPart (schema)

Portion of a donut or stats chart

Represents an entity or portion to be plotted on a donut or stats chart.

Name	Description	Type	Notes
condition	Expression for evaluating condition If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.	string
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string
field	Value of the portion or entity of donut or stats chart A numerical value that represents the portion or entity of the donut or stats chart.	string	Required Maximum length: 1024
hide_empty_legend	Hide the legend if the data for the part is not available If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration.	boolean	Default: "False"
label	Label of the portion or entity of donut or stats chart If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template.	Label
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used.	string
render_configuration	Render Configuration Additional rendering or conditional evaluation of the field values to be performed, if any.	array of RenderConfiguration	Minimum items: 0
tooltip	Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the portion.	array of Tooltip	Minimum items: 0

DonutSection (schema)

Section of a donut or stats chart

Represents high level logical grouping of portions or segments of a donut / stats chart.

Name	Description	Type	Notes
parts	Parts of a donut / stats chart Array of portions or parts of the donut or stats chart.	array of DonutPart	Required Minimum items: 1
row_list_field	Field from which parts of the donut or stats chart are formed Field of the root of the api result set for forming parts.	string	Maximum length: 1024
template	Template, if any, for automatically forming the donut or stats parts If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'.	boolean	Default: "False"

DpuStatusProperties (schema)

Data processing unit status properties

Name	Description	Type	Notes
cpu_cores	CPU core count The number of CPU cores on the system.	integer	Readonly
dpu_alias	Data processing unit alias DPU alias	string	Readonly
dpu_id	Data processing unit ID	string	Readonly
load_average	System load average One, five, and fifteen minute load averages for the system.	array of number	Readonly
mem_cache	Cached RAM size in kilobytes Amount of RAM on the system that can be flushed out to disk, in kilobytes.	integer	Readonly
mem_total	Total RAM size in kilobytes System Amount of RAM allocated to the system, in kilobytes.	integer	Readonly
mem_used	Used RAM size in kilobytes Amount of RAM in use on the system, in kilobytes.	integer	Readonly

DropStatsOutlier (schema)

Outlier for packet drop statistics

Name	Description	Type	Notes
deviation	Number of standard deviations away from the mean Number of standard deviations away from the mean	number	Required Readonly
drop_pps	Average number of packets dropped per second across the cluster Average number of packets dropped per second across the cluster	number	Required Readonly
observed_until	Timestamp till the packet drop rate, i.e. drop outlier was detected Timestamp till the packet drop rate, i.e. drop outlier was detected	EpochMsTimestamp	Required Readonly
pnic_rx_pps	Average packets being received per second for physical nic across the cluster Average packets being received per second for physical nic across the cluster	number	Required Readonly
pnic_tx_pps	Average packets being transmitted per second for physical nic across the cluster Average packets being transmitted per second for physical nic across the cluster	number	Required Readonly
start_time	Timestamp when the packet drop rate, i.e. drop outlier was detected Timestamp when the packet drop rate, i.e. drop outlier was detected	EpochMsTimestamp	Required Readonly
vnic_rx_pps	Average packets being received per second for virtual nic across the cluster Average packets being received per second for virtual nic across the cluster	number	Required Readonly
vnic_tx_pps	Average packets being transmitted per second for virtual nic across the cluster Average packets being transmitted per second for virtual nic across the cluster	number	Required Readonly

DropdownFilterPlotConfiguration (schema)

Dropdown Filtert plotting configuration

Dropdown Filter plotting configuration.

Name	Description	Type	Notes
allow_maximize	Allow maximize capability for this widget Allow maximize capability for this widget	boolean
allow_search	Allow search on drop down filter Allow search on drop down filter.	boolean	Default: "False"
condition	Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration.	string	Maximum length: 1024

DropdownFilterWidgetConfiguration (schema)

Dropdown Filter widget Configuration

Represents configuration for dropdown filter widget.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alias	Alias to be used when emitting filter value Alias to be used when emitting filter value.	string
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
default_value	Expression to specify default value Expression to specify default value of filter.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
dropdown_filter_plot_config	Dropdown filter plotting configuration Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only.	DropdownFilterPlotConfiguration
dropdown_item	Definition for item of a dropdown Defines the item of a dropdown.	DropdownItem
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
placeholder_msg	Placeholder message to be shown in filter Placeholder message to be displayed in dropdown filter.	string
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value DropdownFilterWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
static_filter_condition	Expression for evaluating condition If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally.	string
static_filters	Additional static items to be added in dropdown filter Additional static items to be added in dropdown filter. Example can be 'ALL'.	array of StaticFilter
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

DropdownItem (schema)

Dropdown item definition

Name	Description	Type	Notes
additional_value	An additional value for item to be display in dropdown. An additional key-value pair for item to be display in dropdown.	object
display_name	Display name for item to be displayed in dropdown expression to extract display name to be shown in the drop down.	string	Maximum length: 1024
field	Expression for dropdown items of filter An expression that represents the items of the dropdown filter.	string	Required
short_display_name	A property value to be shown once value is selected for a filter. Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used.	string	Maximum length: 1024
value	Value for item to be displayed in dropdown Value of filter inside dropdown filter.	string	Required

DscpBit (schema)

Dscp bit config

To define the Dscp bit in Global In-band network telemetry configuration.

Name	Description	Type	Notes
dscp_bit	DSCP bit for indicating the existence of INT header. A DSCP bit is allocated to indicate the existence of INT header. It takes effect only when the INT indicator mode is DSCP_BIT. The user should guarantee that the given DSCP bit is specifically allocated for INT.	int	Required Minimum: 0 Maximum: 5
indicator_type	Must be set to the value DscpBit	string	Required Enum: DSCP_BIT, DSCP_VALUE

DscpIndicator (schema)

Abstract base type for Global In-band network telemetry configuration

The DscpIndicator is the base class for global In-band network telemetry
configurations for different types in a NSX domain.
This is an abstract type. Concrete child types:
DscpBit
DscpValue

Name	Description	Type	Notes
indicator_type	The method for indicating the existence of INT header.	string	Required Enum: DSCP_BIT, DSCP_VALUE

DscpTrustMode (schema)

Trust settings

When you select the Trusted mode the inner header DSCP value is applied
to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic,
the outer IP header takes the default value.Untrusted mode is supported
on overlay-based and VLAN-based logical port.

Name	Description	Type	Notes
DscpTrustMode	Trust settings When you select the Trusted mode the inner header DSCP value is applied to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic, the outer IP header takes the default value.Untrusted mode is supported on overlay-based and VLAN-based logical port.	string	Enum: TRUSTED, UNTRUSTED Default: "TRUSTED"

DscpValue (schema)

Dscp bit config

To define the Dscp value in Global In-band network telemetry configuration.

Name	Description	Type	Notes
dscp_value	DSCP value for indicating the existence of INT header. A DSCP value is allocated to indicate the existence of INT header. It takes effects only when the INT indicator mode is DSCP_VALUE. The user should guarantee that the given DSCP value is specifically allocated for INT.	int	Required Minimum: 1 Maximum: 63
indicator_type	Must be set to the value DscpValue	string	Required Enum: DSCP_BIT, DSCP_VALUE

DuplicateAddressBindingEntry (schema) (Deprecated)

Duplicate address binding information

Name	Description	Type	Notes
binding	Combination of IP-MAC-VLAN binding	PacketAddressClassifier
binding_timestamp	Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user	EpochMsTimestamp
conflicting_port	ID of logical port with the same address binding Provides the ID of the port on which the same address bidning exists	string
source	Address binding source Source from which the address binding entry was obtained	AddressBindingSource	Default: "UNKNOWN"

DuplicateIPDetectionOptions (schema)

Controls duplicate IP detection options

Contains dupliacte IP detection related discovery options.

Name	Description	Type	Notes
duplicate_ip_detection_enabled	Duplicate IP detection Indicates whether duplicate IP detection should be enabled	boolean	Default: "False"

DynamicContentFilterQueryParameter (schema)

Name	Description	Type	Notes
scope	Restrict scope of dynamic content filters to report	string	Enum: NAPP

DynamicContentFilterValue (schema)

Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES

Name	Description	Type	Notes
DynamicContentFilterValue	Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES	string

DynamicContentFilters (schema)

Name	Description	Type	Notes
dynamic_content_filters	Support bundle content filter allowed values These filter values will be set by the remote node like the NSX Intelligence Platform for instance. We would not need to know or act on these dynamic content filters, except for passing them on as request parameters along with the support bundle collection API.	array of DynamicContentFilterValue

EPActionForDnsForwarderRequestParameters (schema)

Name	Description	Type	Notes
action	An action to be performed for DNS forwarder on EP The valid DNS forwarder actions to be performed on EP are, - clear_cache: Clear the current cache of the dns forwarder from specified enforcement point.	string	Required Enum: clear_cache
enforcement_point_path	An enforcement point path, on which the action is to be performed An enforcement point path, on which the action is to be performed. If not specified, default enforcement point path, /infra/sites/default/enforcement-points/default will be considered.	string	Default: "/infra/sites/default/enforcement-points/default"

EULAAcceptance (schema)

EULA acceptance status

Indicate the status of End User License Agreement acceptance

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
acceptance	End User License Agreement acceptance status Acceptance status of End User License Agreement	boolean	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EULAAcceptance	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EULAContent (schema)

EULA content

End User License Agreement content

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
content	End User License Agreement content Content of End User License Agreement	secure_string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value EULAContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

EULAOutputFormatRequestParameters (schema)

Indicate output format of End User License Agreement content

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
value_format	End User License Agreement content output format	string

EdgeClusterNodeType (schema)

Supported edge cluster node type.

Name	Description	Type	Notes
EdgeClusterNodeType	Supported edge cluster node type.	string	Enum: EDGE_NODE, PUBLIC_CLOUD_GATEWAY_NODE, UNKNOWN

EdgeConfigurationState (schema)

Configuration State for Edge and VPN entities.

This contains fields that captures state of Trackable entities.
Edge and VPN state entities extend this object.

Name	Description	Type	Notes
details	Array of configuration state of various sub systems	array of ConfigurationStateElement	Readonly
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
pending_change_list	List of pending changes Request identifier of the API which modified the entity.	array of string	Readonly
state	Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated.	string	Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, VC_VCP_ACTION_PENDING, VC_VCP_ACTION_FAILED, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING

EdgeDeploymentType (schema)

Supported edge deployment type.

Name	Description	Type	Notes
EdgeDeploymentType	Supported edge deployment type.	string	Enum: VIRTUAL_MACHINE, PHYSICAL_MACHINE, UNKNOWN

EdgeFailoverChecksConfig (schema)

Name	Description	Type	Notes
disable_checks_for_edge_clusters	Mentions list of edge cluster policy paths To disable the pre-checks on selective edge clusters.	array of string
disable_checks_for_unpinned_edges	Toggle pre-checks between pinned or all edges true: Default behavior for upgrades from 9.0 onwards. Disables the pre-checks for edges that are not pinned. This will perform the checks only for the edges which have "edge_host_affinity_config" set in the intent. We will assume an edge to be pinned only when "edge_host_affinity_config" set in the intent. Otherwise, the pre-checks will be skipped. false: During host/edge upgrade, perform the checks for all edges, pinned or unpinned alike.	boolean	Required
enabled	Enable or disable edge failover pre-checks true: Execute all pre-checks. Default behavior for upgrades from 9.0 onwards. false: To disable all pre-checks.	boolean	Required

EdgeTransportNodeDatapathMemoryPoolUsage (schema)

Usage of datapath memory pool

Datapath memory pool usage value.

Name	Description	Type	Notes
description	Description of the memory pool Description of the memory pool.	string	Readonly
name	Name of the datapath memory pool Name of the datapath memory pool as available on edge node CLI.	string	Readonly
usage	Percentage of memory pool in use Percentage of memory pool in use.	number	Readonly

EdgeTransportNodeDatapathMemoryUsage (schema)

Detailed view of the datapath memory usage. Details out the heap and per memory pool usage

Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.

Name	Description	Type	Notes
datapath_heap_usage	Percentage of heap memory in use Percentage of heap memory in use.	number	Readonly
datapath_mem_pools_usage		array of EdgeTransportNodeDatapathMemoryPoolUsage
highest_datapath_mem_pool_usage	Highest percentage usage value among datapath memory pools Highest percentage usage value among datapath memory pools.	number	Readonly
highest_datapath_mem_pool_usage_names		array of string

EdgeTransportNodeMemoryUsage (schema)

Memory usage details of edge node

Point in time usage of system, datapath, swap and cache memory in edge node.

Name	Description	Type	Notes
cache_usage	Percentage of RAM on the system that can be flushed out to disk Percentage of RAM on the system that can be flushed out to disk.	number	Readonly
datapath_mem_usage_details	Detailed view of the datapath memory usage. Details out the heap and per memory pool usage Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.	EdgeTransportNodeDatapathMemoryUsage	Readonly
datapath_total_usage	Percentage of memory in use by datapath processes Percentage of memory in use by datapath processes which includes RES and hugepage memory.	number	Readonly
swap_usage	Percentage of swap disk in use Percentage of swap disk in use.	number	Readonly
system_mem_usage	Percentage of RAM in use on edge node Percentage of RAM in use on edge node.	number	Readonly

EdgeUpgradeStatus (schema)

Status of edge upgrade

Name	Description	Type	Notes
can_rollback	Can perform rollback This field indicates whether we can perform upgrade rollback.	boolean	Readonly
can_skip	Can the upgrade of the remaining units in this component be skipped	boolean	Readonly
component_type	Component type for the upgrade status	string	Readonly
current_version_node_summary	Mapping of current versions of nodes and counts of nodes at the respective versions.	NodeSummaryList	Readonly
details	Details about the upgrade status	string	Readonly
node_count_at_target_version	Count of nodes at target component version Number of nodes of the type and at the component version	int	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
pre_upgrade_status	Pre-upgrade status of the component-type	UpgradeChecksExecutionStatus	Readonly
status	Upgrade status of component	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version	Target component version	string	Readonly

EffectiveProfilesResponse (schema)

Enforcement point request entity

Name	Description	Type	Notes
profiles_list		array of SwitchingProfileTypeIdEntry

EgressRateLimiter (schema)

A shaper that specifies egress rate properties in Mb/s

Name	Description	Type	Notes
average_bandwidth	Average bandwidth in Mb/s	int	Minimum: 0 Default: "0"
burst_size	Burst size in bytes	int	Minimum: 0 Default: "0"
enabled		boolean	Required
peak_bandwidth	Peak bandwidth in Mb/s	int	Minimum: 0 Default: "0"
resource_type	Must be set to the value EgressRateLimiter	string	Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter"

EndpointPolicy (schema)

Contains ordered list of Endpoint Rules

Ordered list of Endpoint Rules ordered by sequence number of the entries.
The maximum number of policies is 25.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
endpoint_rules	Endpoint Rules that are a part of this EndpointPolicy	array of EndpointRule
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EndpointPolicy	string
sequence_number	Precedence to resolve conflicts across Domains This field is used to resolve conflicts between maps across domains.	int	Minimum: 0 Maximum: 499 Default: "0"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EndpointRule (schema)

Endpoint Rule for guest introspection.

Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
groups	group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Required Maximum items: 50
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EndpointRule	string
sequence_number	Sequence number of this Entry This field is used to resolve conflicts between multiple entries under EndpointPolicy. It will be system default value when not specified by user.	int	Minimum: 0 Maximum: 499 Default: "0"
service_profiles	Names of service profiles The policy paths of service profiles are listed here. It pecifies what services are applied on the group. Currently only one is allowed.	array of string	Required Maximum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EnforcedStatusDetailsNsxT (schema)

NSX-T Enforced Realized Status Details

Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is
a detailed view of the Realized Status of an intent object from an NSX-T enforcement point
perspective.

Name	Description	Type	Notes
enforced_status_info	Enforced Realized Status Info Information about the realized status of the intent on this enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info.	EnforcedStatusInfoNsxT	Readonly
pending_changes_info	Pending Changes Info Information about pending changes, if any, that aren't reflected in the Enforced Realized Status.	PendingChangesInfoNsxT	Readonly

EnforcedStatusInfoNsxT (schema)

NSX-T Enforced Realized Status Information

Information about the realized status of the intent object on an NSX-T type of enforcement point.
Some very recent changes may be excluded when preparing this information, which is indicated by
Pending Changes Info. In addition to the realized status across all scopes, this information holds
details about enforced realized status per scope.

Name	Description	Type	Notes
enforced_status	Enforced Realized Status Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of enforcement point.	EnforcedStatusNsxT	Readonly
enforced_status_per_scope	List of Enforced Realized Status per Scope List of Enforced Realized Status per Scope.	array of EnforcedStatusPerScopeNsxT (Abstract type: pass one of the following concrete types) TransportNodeSpanEnforcedStatus	Readonly

EnforcedStatusNsxT (schema)

NSX-T Enforced Status

NSX-T Enforced Status.

Name	Description	Type	Notes
status	Enforced Realized Status Enforced Realized Status.	RuntimeState	Readonly
status_message	Status Message Status Message conveying hints depending on the status value.	string	Readonly

EnforcedStatusPerScopeNsxT (schema)

NSX-T Enforced Realized Status Per Scope

NSX-T Detailed Realized Status Per Scope.
This is an abstract type. Concrete child types:
TransportNodeSpanEnforcedStatus

Name	Description	Type	Notes
resource_type	Resource Type Enforced Realized Status Per Scope Resource Type.	string	Required Readonly Enum: TransportNodeSpanEnforcedStatus

EnforcedStatusPerTransportNode (schema)

Enforced Realized Status Per Transport Node

Detailed Realized Status Per Transport Node.

Name	Description	Type	Notes
display_name	Transport Node Display Name Display name of the transport node.	string	Readonly
enforced_status	Enforced Realized Status Realized Status of an Intent object on this Transport Node.	EnforcedStatusNsxT	Readonly
nsx_id	Transport Node Identifier UUID identifying uniquely the Transport Node.	string	Readonly
path	Transport Node Path Policy Path referencing the transport node.	string	Readonly

EnforcementPoint (schema)

Enforcement Point

Enforcement point is the endpoint where policy configurations are applied.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_enforce	Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyEdgeCluster ChildPolicyTransportZone
connection_info	Enforcement Point Connection Info Connection Info of the Enforcement Point.	EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EnforcementPoint	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version	Enforcement point Version Version of the Enforcement point.	string	Readonly

EnforcementPointConnectionInfo (schema)

Enforcement Point Connection Info

Contains information required to connect to enforcement point. This is an abstract type. Concrete child types:
AviConnectionInfo
CvxConnectionInfo
NSXTConnectionInfo
NSXVConnectionInfo

Name	Description	Type	Notes
enforcement_point_address	Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"	string	Required
resource_type	Connection Info Resource Type Resource Type of Enforcement Point Connection Info.	string	Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo

EnforcementPointListRequestParameters (schema)

Enforcement Point List Request Parameters

Enforcement point list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

EnforcementPointListResult (schema)

Paged Collection of EnforcementPoints

Paged collection of enforcement points.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Enforcement Point List Results Enforcement Point list Results.	array of EnforcementPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

EnforcementPointPathQueryParameter (schema)

String Path of the enforcement point

The path of the enforcement point from which the data needs
to be fetched.

Name	Description	Type	Notes
EnforcementPointPathQueryParameter	String Path of the enforcement point The path of the enforcement point from which the data needs to be fetched.	string

EnforcementPointRequest (schema)

Enforcement point request entity

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path of enforcement point on request is to be made.	string

EntityInstanceCountConstraintExpression (schema)

Represents the leaf level constraint to restrict the number instances of type.

Represents the leaf level constraint to restrict the number of instances of an entity
type that can be created.
Lowering the limit on the number of instances of a given type is allowed even in cases
where there are instances more than the specified limit already in the system.
In this case, creation of new instances of that type will be disallowed unless the number
of instances goes below the limit.
One of the main usage of this expression is to implement Quotas in the multi-tenancy context.
It allows to limit the number of resources which can be created inside a Project or Vpc.
It also forbids consumption of specific resource by putting its entity count to 0.
Note that, update/delete operations will continue to be allowed on already created instances.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
count	Instance count. Instance count.	integer	Required Minimum: 0 Maximum: 1000000
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
operator	Operations supported '<' and '<='.	string	Required
resource_type	Must be set to the value EntityInstanceCountConstraintExpression	string	Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_resource_type	Resource type of the target entity. This needs to be set for all cases where the target does not specify the type. Target resource type accepts input as DTO Type or FQDN. It also supports dot format like SecurityPolicy.Rule in a scenario where same DTO type shared across across policy sub tree. For example DTO type Rule shared by both security policy and gateway policy rules. So to specify any constraint for Security policy rule, user can define the target resource type SecurityPolicy.Rule.	string

EpochMsTimestamp (schema)

Timestamp in milliseconds since epoch

Name	Description	Type	Notes
EpochMsTimestamp	Timestamp in milliseconds since epoch	integer

ErrorClass (schema)

Name	Description	Type	Notes
error_code	Error code Error code for the error/warning	integer	Required Readonly
error_message	Error/warning message Error/warning message	string	Required Readonly

ErrorInfo (schema)

Error information

Name	Description	Type	Notes
error_code	Error code Error code of the error.	int
error_message	Error message	string	Required Readonly
timestamp	Timestamp when the error occurred	EpochMsTimestamp	Required Readonly

ErrorResolverInfo (schema)

Metadata related to a given error_id

Name	Description	Type	Notes
error_id	The error id for which metadata information is needed	integer	Required
resolver_present	Indicates whether there is a resolver associated with the error or not	boolean	Required
user_metadata	User supplied metadata that might be required by the resolver	ErrorResolverUserMetadata

ErrorResolverInfoList (schema)

Collection of all registered ErrorResolverInfo

Name	Description	Type	Notes
results	ErrorResolverInfo list	array of ErrorResolverInfo	Required

ErrorResolverMetadata (schema)

Error along with its metadata

Name	Description	Type	Notes
entity_id	The entity/node UUID where the error has occurred.	string	Required
error_id	The error id as reported by the entity where the error occurred.	integer	Required
system_metadata	This can come from some external system like syslog collector	ErrorResolverSystemMetadata
user_metadata	User supplied metadata that might be required by the resolver	ErrorResolverUserMetadata

ErrorResolverMetadataList (schema)

List of errors with their metadata

Name	Description	Type	Notes
errors	List of errors with their corresponding metadata.	array of ErrorResolverMetadata	Required

ErrorResolverSystemMetadata (schema)

Metadata fetched from an external system like Syslog or LogInsight.

Name	Description	Type	Notes
value	The value fetched from another system	string

ErrorResolverUserInputData (schema)

Corresponds to one property entered by the user

Name	Description	Type	Notes
data_type	The datatype of the given property. Useful for data validation	string	Required Enum: TEXT, NUMBER, PASSWORD
property_name	Name of the property supplied by the user	string	Required
property_value	The value associated with the above property	string

ErrorResolverUserMetadata (schema)

User supplied metadata needed for resolving errors

Name	Description	Type	Notes
user_input_list	List of user supplied input data.	array of ErrorResolverUserInputData

EtherTypeServiceEntry (schema)

A ServiceEntry that represents an ethertype protocol

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ether_type	Type of the encapsulated protocol	integer	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EtherTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EthernetHeader (schema)

Name	Description	Type	Notes
dst_mac	Destination MAC address of the Ethernet header The destination MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.	string
eth_type	The value of the type field to be put into the Ethernet header This field defaults to IPv4.	integer	Minimum: 1 Maximum: 65535 Default: "2048"
src_mac	Source MAC address of the Ethernet header The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.	string

Evaluation (schema)

Criterion Evaluation

Criterion Evaluation is the basic logical condition to evaluate
whether the event could be potentially met.
This is an abstract type. Concrete child types:
SourceFieldEvaluation

Name	Description	Type	Notes
resource_type	Resource Type Criterion Evaluation resource type.	string	Required Enum: SourceFieldEvaluation

Event (schema)

Reaction Event

The Event is the criterion or criteria applied to the source and,
when met, prompt Policy to run the action.
All Reaction Events are constructed with reference to
the object, the "source", that is logically deemed to be the
object upon which the Event in question initially occurred upon.
Some example events include:
- New object was created.
- Change in realization state.
- Specific API is called.

Name	Description	Type	Notes
criteria	Event Criteria Criteria applied to the source and, if satisfied, would trigger the action. Criteria is composed of criterions. In order for the Criteria to be met, only one of the criterion must be fulfilled (implicit OR).	array of Criterion
source	Event Source Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon.	Source (Abstract type: pass one of the following concrete types) ApiRequestBody ResourceOperation	Required

EvpnConfig (schema)

Evpn Configuration

Evpn Configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
advanced_config	Advanced configuration for evpn config Advanced configuration for evpn config.	EvpnConfigAdvancedConfig
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
encapsulation_method	Encapsulation method for EVPN. Encapsulation method for EVPN service that is used by the transport layer.	EvpnEncapConfig
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mode	EVPN service mode In INLINE mode, edge nodes participate both in the BGP EVPN control plane route exchange and in data path tunneling between edge nodes and data center gateways. In ROUTE_SERVER mode, edge nodes participate in the BGP EVPN control plane route exchanges only and do not participate in the data forwarding, i.e., the data path tunnels are directly established between the hypervisors and the data center gateways. DISABLE mode disables EVPN service capability.	string	Enum: INLINE, ROUTE_SERVER, DISABLE Default: "DISABLE"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EvpnConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

EvpnConfigAdvancedConfig (schema)

Advanced configuration for evpn config

NSX specific configuration for evpn config

Name	Description	Type	Notes
EvpnConfigAdvancedConfig	Advanced configuration for evpn config NSX specific configuration for evpn config	object

EvpnEncapConfig (schema)

Encapsulation method for EVPN

Encapsulation method for EVPN.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
evpn_tenant_config_path	EVPN tenant config path	string
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EvpnEncapConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vni_pool_path	vni pool path	string

EvpnTenantConfig (schema)

Evpn Tenant Configuration for Evpn in ROUTE-SERVER mode.

This resource is relevant only when Evpn Service is configured in ROUTE-SERVER mode.
The resource defines Vlans to VNIs mappings used by Evpn tenant VMs for overlay VXLAN transmission when attached
to vRouter. The resource contains overlay transport_zone_path and vni_pool_path to orchestrate creation of child Logical-Switches.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mappings	VLANs to VNIs mapping spec This property specifies a mapping spec of incoming Evpn tenant vlan-ids to VXLAN VNIs used for overlay transmission to Physical-Gateways used by vRouters.	array of VlanVniRangePair	Required Minimum items: 1 Maximum items: 2000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EvpnTenantConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path to the transport zone Policy path to transport zone. Only overlay transport zone is supported.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vni_pool_path	Policy path to the vni pool Policy path to the vni pool used for Evpn in ROUTE-SERVER mode.	string	Required

EvpnTunnelEndpointConfig (schema)

Evpn Tunnel Endpoint Configuration

Evpn Tunnel Endpoint Configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_path	edge path	string	Required
id	Unique identifier of this resource	string	Sortable
local_addresses	local addresses	array of IPv4Address	Required Minimum items: 1 Maximum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mtu	MTU	int	Minimum: 64 Maximum: 9100
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value EvpnTunnelEndpointConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ExcludedMembersList (schema)

Represents the list of members that need to be excluded

Name	Description	Type	Notes
ip_address_expression	IP addresses which need to be excluded	IPAddressExpression
path_expression	Paths which need to be excluded. Paths can be only IP address based groups. Upto 50 paths are allowed.	PathExpression

ExportRequestParameter (schema)

Export task request parameters

This holds the request parameters required to invoke export task.

Name	Description	Type	Notes
draft_path	Policy path of draft Policy path of a draft which is to be exported. If not provided, current firewall configuration will then be exported.	string
passphrase	Passphrase to sign exported files Passphrase to sign exported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character.	secure_string	Required

ExportTask (schema)

Export task information

This object holds the information of the export task.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
async_response_available	True if response for asynchronous request is available	boolean	Readonly
cancelable	True if this task can be canceled	boolean	Readonly
description	Description of the task	string	Readonly
draft_path	Policy path of a draft Policy path of a draft if this is an export task to export draft configuration.	string	Readonly
end_time	The end time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
exported_file	Name of the exported file Name of the exported file generated after completion of export task.	string	Readonly
failure_msg	Reason of the task failure This property holds the reason of the task failure, if any.	string	Readonly
id	Identifier for this task	string	Readonly
message	A message describing the disposition of the task	string	Readonly
progress	Task progress if known, from 0 to 100	integer	Readonly Minimum: 0 Maximum: 100
request_method	HTTP request method	string	Readonly
request_uri	URI of the method invocation that spawned this task	string	Readonly
start_time	The start time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
status	Current status of the task	TaskStatus	Readonly
user	Name of the user who created this task	string	Readonly

Expression (schema)

Base class for each node of the expression

All the nodes of the expression extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
Condition
ConjunctionOperator
ExternalIDExpression
GeoLocationExpression
GroupScopeExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Expression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ExternalAddressBinding (schema)

External Address Binding

Name	Description	Type	Notes
allocated_external_ip_path	Allocated external IP path Path of the allocated IP address for using specific external_ip_address.	string
external_ip_address	External IP address External IP from external IP block. if not specified system will reserved IP external IP block.	IPAddress	Readonly

ExternalGatewayBfdConfig (schema)

External Bidirectional Flow Detection configuration

Configuration for BFD session between host nodes and external gateways.
If this configuration is not provided, system defaults are applied.

Name	Description	Type	Notes
bfd_profile_path	Policy path to Bfd Profile	string
enable	Enable BFD session Flag to enable BFD session.	boolean	Default: "True"

ExternalIDExpression (schema)

External ID expression node

Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance BareMetalServer, BareMetalServerInterface to a group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_ids	Array of external IDs for the specified member type This array can consist of one or more external IDs for the specified member type.	array of string	Required Minimum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_type	External ID member type	string	Required Enum: VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, BareMetalServer, BareMetalServerInterface
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ExternalIDExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

FIPSGlobalConfig (schema)

Global configuration

Name	Description	Type	Notes
tls_fips_enabled	A flag to turn on or turn off the FIPS compliance of TLS inspection feature. When this flag is set to true FIPS mode will be set on ssl encryptions of TLS inspection feature.	boolean	Readonly Default: "False"
lb_fips_enabled	A flag to turn on or turn off the FIPS compliance of load balancer feature. This is a deprecated property which is always set as true. When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature.	boolean	Deprecated Readonly Default: "True"

FailedNodeSupportBundleResult (schema)

Name	Description	Type	Notes
error_code	Error code	string	Required Readonly
error_message	Error message	string	Required Readonly
node_display_name	Display name of node	string	Required Readonly
node_id	UUID of node	string	Required Readonly
node_ip	IPv4 address of node	string	Required Readonly
node_ipv6	IPv6 address of node	string	Required Readonly

FeatureCompatibilityInfo (schema)

Feature Compatibility Info

Feature status information indicating site configuration compatibility with
global manager configuration.

Name	Description	Type	Notes
details		array of CompatibilityDetail	Readonly Maximum items: 10
feature		OnboardingFeatureInfo	Required Readonly
status	Compatibility Status	OnboardingCompatibilityStatus	Required Readonly

FeatureConflictInfo (schema)

Feature Conflict Info

Feature status information with number of conflicting entities and its total
count associated with the feature.

Name	Description	Type	Notes
conflict_count	Conflict Count Number of conflicting entities with global entities in the feature during an onboarding stage.	integer	Readonly
feature		OnboardingFeatureInfo	Readonly
total_count	Total Count Total number of entities in the feature during an onboarding stage.	integer	Readonly

FeaturePermission (schema)

Feature Permission

Name	Description	Type	Notes
feature	Feature Id	string	Required
feature_description	Feature Description	string
feature_name	Feature Name	string
is_execute_recommended	Is execute recommended	boolean	Readonly
is_internal	Is internal	boolean	Readonly
permission	Permission	string	Required Enum: crud, read, execute, none

FeaturePermissionArray (schema)

Name	Description	Type	Notes
feature_permissions	Array of FeaturePermission	array of FeaturePermission	Required

FeaturePermissionListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of FeaturePermission	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

FeatureSet (schema)

List of features required to view the widget

Represents list of features required to view the widget.

Name	Description	Type	Notes
feature_list	List of features required for to view wdiget List of features required for to view widget.	array of string
require_all_permissions	Flag for specifying if permission to all features is required Flag for specifying if permission to all features is required If set to false, then if there is permission for any of the feature from feature list, widget will be available.	boolean

FeatureSummary (schema)

Feature Summary

Feature summary defining overall conflicting count against total number of
entities.

Name	Description	Type	Notes
total_conflict_count	Total Conflict Count Total number of conflicting entities with global entities accross all features during an onboarding stage.	integer	Readonly
total_count	Total Count Total number of entities across all features during an onboarding stage.	integer	Readonly

FeatureSummaryRequestParameters (schema)

Onboarding Feature Summary Request Parameters

Feature summary request parameters for a site.

Name	Description	Type	Notes
feature		UnsupportedFeature	Required Readonly

FederationComponentUpgradeStatus (schema)

Name	Description	Type	Notes
component_type	Component type for the upgrade status	string	Readonly
current_version_node_summary	Mapping of current versions of nodes and counts of nodes at the respective versions.	array of FederationNodeSummary	Readonly
details	Details about the upgrade status	string	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
status	Upgrade status of component	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSED
target_version	Target component version	string	Readonly

FederationConfig (schema)

Global Manager federation configuration

Global Manager federation configuration. This configuration is distributed
to all Sites participating in federation.

Name	Description	Type	Notes
site_config	Federation configurations of all Sites	array of SiteFederationConfig	Readonly

FederationConfiguration (schema)

Federation configuration

Federation configuration.

Name	Description	Type	Notes
epoch	Epoch	integer	Required
id	Federation id	string	Required
sites	Sites	array of FederationSite	Required

FederationConnectivityConfig (schema)

Federation connectivity configuration

Additional configuration required for federation.

Name	Description	Type	Notes
global_overlay_id	Auto generated federation global 24-bit id Global id for by Layer3 services for federation usecases.	integer	Readonly

FederationGatewayConfig (schema)

Federation gateway configuration

Additional gateway configuration required for federation

Name	Description	Type	Notes
global_overlay_id	Auto generated federation global 24-bit id Global id for by Layer3 services for federation usecases.	integer	Readonly
inter_site_transit_vlan_id	inter site transit vlan id	int	Readonly
site_allocation_indices	Indicies for cross site allocation Indicies for cross site allocation for edge cluster and its members referred by gateway.	array of SiteAllocationIndexForEdge	Readonly
transit_segment_id	Auto generated federation global id for transit segment Global UUID for transit segment id to be used by Layer2 services for federation usecases.	string	Readonly

FederationInvalidConfigurationDetailsResponse (schema)

Federation Invalid Configuration Details Response

Name	Description	Type	Notes
feature	Feature information Federation feature with invalid configuration for onboarding a site.	OnboardingFeatureInfo	Readonly
invalid_config_summary		array of InvalidConfigSummary	Readonly Maximum items: 8
total_count	Total Resource Count Total resource count in invalid configuration.	integer	Required Readonly

FederationNodeSummary (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
node_count	Count of nodes Number of nodes of the type and at the component version.	int	Required Readonly
version	Component version	string	Required Readonly

FederationQueueInfo (schema)

Details about a specific queue in the flow

Provides insights into details of a specific queue in the flows. For example
Global Manager to Local Manager flow, there is a queue on the Global Manager
for sending and a queue on Local Manager for receiving.

Name	Description	Type	Notes
current_size	Number of messages in the queue	integer
max_size	Maixmum capacity of the queue	integer
name	Queue name	string
namespace	Queue namespace Every persistent queue has name and namespace. For more debugging like dumping queue, namespace is needed.	string
type	Queue type - sender or receiver side	string	Enum: TRANSMITTER, RECEIVER

FederationSite (schema)

Site information

Site information.

Name	Description	Type	Notes
active_gm	Does site have active GM	string	Required Enum: ACTIVE, STANDBY, NONE, INVALID
aph_list	Aph services in the site	array of AphInfo	Required
cert_hash	Hash of the trustManagerCert	string
cluster_id	Cluster id	string
config_version	Site config version	integer
id	Id of the site	string	Required
is_federated	Is site federated	boolean	Required
is_local	Is site local	boolean	Required
name	Name of the site	string	Required
node_type	Type of node	string	Required Enum: GM, LM, GM_AND_LM
site_version	Version of the site	string	Required
split_brain	Split brain	boolean
system_id	System id	integer	Required
trust_manager_cert	Cert string from trust manager	string
vip_ip	Vip ip	string

FederationStatus (schema)

Name	Description	Type	Notes
active_standby_sync_statuses	Status of synchronization between active and standby sites.	array of ActiveStandbySyncStatus	Required
remote_connections	Site connection status	array of SiteStatus

FederationUpgradeSummary (schema)

Upgrade Summary

Provides upgrade summary for a specific site.

Name	Description	Type	Notes
component_status	List of component statuses	array of FederationComponentUpgradeStatus	Required Readonly
current_version	Current version of the site This is NSX version for the site.	string	Required Readonly
gpm_name	Name of the global manager Name of the global manager if present.	string	Readonly
id	UUID of this resource Unique identifier of this resource.	string	Required Readonly
last_upgrade_timestamp	Last upgrade timestamp Indicates the time when the site was upgraded.	string	Readonly
name	Name of the site Name of the site.	string	Readonly
overall_upgrade_status	Status of upgrade	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSED
site_id	UUID of the site This is the Site Manager generated UUID for every NSX deployment.	string	Required Readonly
site_ip	Site IP IP address of the site.	string	Required Readonly
site_type	Site type Type of this site.	string	Required Readonly Enum: ACTIVE_GM_SITE, STANDBY_GM_SITE, NON_GM_SITE
target_version	Target version for the site This is NSX target version for the site, if it is undergoing upgrade.	string	Readonly

FederationUpgradeSummaryListRequestParameters (schema)

Name	Description	Type	Notes
current_version	Filter on site current_version Get upgrade information from sites are at a given version.	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

FederationUpgradeSummaryListResult (schema)

Paged Collection of site upgrade information

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of site upgrade information	array of FederationUpgradeSummary	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

FieldSanityConstraintExpression (schema)

Represents the field value sanity constraint

Represents the field value constraint to constrain specified field
value based on defined sanity checks.
Example - For DNS.upstream_servers, all the IP addresses must either be
public or private.
{
"target": {
"target_resource_type": "DnsForwarderZone",
"attribute": "upstreamServers",
"path_prefix": "/infra/dns-forwarder-zones/"
},
"constraint_expression": {
"resource_type": "FieldSanityConstraintExpression",
"operator": "OR",
"checks": ["ALL_PUBLIC_IPS", "ALL_PRIVATE_IPS"]
}
}

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
checks	Array of sanity checks to be performed on field value List of sanity checks.	array of string	Required Enum: ALL_PUBLIC_IPS, ALL_PRIVATE_IPS, ALL_IPV6_CIDRS, ALL_IPV6_IPS, ALL_IPV4_CIDRS, ALL_IPV4_IPS
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
operator	A conditional operator	string	Required Enum: OR, AND
resource_type	Must be set to the value FieldSanityConstraintExpression	string	Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

FieldSetting (schema)

FieldSetting

Field Setting.

Name	Description	Type	Notes
field_pointer	Field Pointer Field Pointer.	string	Required
value	Value Value that the field must be set to.	FieldSettingValue (Abstract type: pass one of the following concrete types) ConstantFieldValue	Required

FieldSettingValue (schema)

Field Setting Value

Field Setting Value.
This is an abstract type. Concrete child types:
ConstantFieldValue

Name	Description	Type	Notes
resource_type	Resource Type Field Setting Value resource type.	string	Required Enum: ConstantFieldValue

FieldsFilterData (schema)

Name	Description	Type	Notes
network_info	Network layer information Network layer information.	NetworkInfo
resource_type	Must be set to the value FieldsFilterData	string	Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData"
transport_info	Transport layer information Transport layer information.	TransportInfo
ip_info	IP address information This property is deprecated. Please use the property network_info instead.	IpInfo	Deprecated

FieldsPacketData (schema)

Name	Description	Type	Notes
arp_header	The ARP header	ArpHeader
eth_header	The ethernet header	EthernetHeader
frame_size	Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.	integer	Minimum: 60 Maximum: 1000 Default: "128"
ip_header	The IPv4 header	Ipv4Header
ipv6_header	The IPv6 header	Ipv6Header
payload	RFC3548 compatible base64-encoded payload Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header.	string	Maximum length: 1336
resource_type	Must be set to the value FieldsPacketData	string	Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData"
routed	Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. The scenario where a user injects a packet with a VLAN tag into a parent port is referred to as the traceflow container case. Please note that the value of `routed` depends on the connected network of the child segment rather than the connected network of segment of the parent port in this case. Here is the explanation: The parent port in this context is the port on a segment which is referred to by a SegmentConnectionBindingMap. The bound segment of the SegmentConnectionBindingMap is the child segment. The user-crafted traceflow packet will be directly forwarded to the corresponding child segment of the parent port without interacting with any layer 2 forwarding/layer 3 routing in this scenario. The crafted packet will follow the forwarding/routing polices of the child segment's connected network. For example, if a user injects a crafted packet to port_p, and the segment (seg_p) of port_p is referred to by the binding map m1, where m1 is bound to segment seg_c, and the destination port (port_d) of the packet is the VM vNIC connected to seg_p. Although port_p and port_d are on the same segment, the 'routed' value should be set to true if the user expects the crafted packet to be correctly delivered to the destination. This is because the child segments seg_c and seg_d are on different segments and require router interaction to communicate.	boolean
transport_header	The transport header This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported).	TransportProtocolHeader
transport_type	Transport type of the traceflow packet This type takes effect only for IP packet.	string	Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST"

FileProperties (schema)

File properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
created_epoch_ms	File creation time in epoch milliseconds	integer	Required
modified_epoch_ms	File modification time in epoch milliseconds	integer	Required
name	File name	string	Required Pattern: "^[^/]+$"
path	File path	string	Readonly
size	Size of the file in bytes	integer	Required

FilePropertiesListResult (schema)

File properties query results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	File property results	array of FileProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

FileThumbprint (schema)

File thumbprint

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
name	File name	string	Required Pattern: "^[^/]+$"
sha256	File's SHA256 thumbprint	string	Required
sha1	File's SHA1 thumbprint	string	Deprecated Required

FileTransferAuthenticationScheme (schema)

Remote server authentication details

Name	Description	Type	Notes
identity_file	SSH private key data	secure_string
password	Password to authenticate with	secure_string
scheme_name	Authentication scheme name	string	Required Enum: PASSWORD, KEY
username	User name to authenticate with	string	Required Pattern: "^([a-zA-Z][a-zA-Z0-9-.]*[a-zA-Z]\\\){0,1}\w[\w.-]+$"

FileTransferProtocol (schema)

Protocol to transfer backup file to remote server

Name	Description	Type	Notes
authentication_scheme	Scheme to authenticate if required	FileTransferAuthenticationScheme	Required
protocol_name	Protocol name	string	Required Enum: sftp Default: "sftp"
ssh_fingerprint	SSH fingerprint of server The expected SSH fingerprint of the server. If the server's fingerprint does not match this fingerprint, the connection will be terminated. Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the host's ssh fingerprint, you should connect via some method other than SSH to obtain this information. You can use one of these commands to view the key's fingerprint: 1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub 2. awk '{print $2}' ssh_host_ecdsa_key.pub \| base64 -d \| sha256sum -b \| sed 's/ .*$//' \| xxd -r -p \| base64 \| sed 's/.//44g' \| awk '{print "SHA256:"$1}'	string	Required Pattern: "^SHA256:.*$"

FileType (schema)

MalwarePrevention File type

Name	Description	Type	Notes
FileType	MalwarePrevention File type	string	Enum: DOCUMENT, EXECUTABLE, MEDIA, ARCHIVE, DATA, SCRIPT, OTHER

FilterRequest (schema)

Filter request

Filter request parameters

Name	Description	Type	Notes
case_sensitive	Flag to indicate whether filtering is case-sensitive or not Set this flag to true to make filtering case-sensitive.	boolean	Default: "True"
field_names	Field Names Comma separated fields to be filtered on	string	Required
value	Value Filter value	string	Required

FilterWidgetConfiguration (schema)

Filter widget Configuration

Represents configuration for filter widget. This is abstract representation of filter widget.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alias	Alias to be used when emitting filter value Alias to be used when emitting filter value.	string
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value FilterWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

FirewallConfiguration (schema)

Firewall related configurations

For Multi-tenancy, only disable_auto_draft field applies, the other fields have no effect.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disable_auto_drafts	Auto draft deactivate flag To deactivate auto drafts, set it to true. By default, auto drafts are enabled.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_firewall	Firewall enable flag If set to true, Firewall is enabled.	boolean	Default: "True"
global_addrset_mode_enabled	A flag to indicate if global address set is enabled in DFW When this flag is set to true, global address set is enabled in Distributed Firewall.	boolean	Default: "True"
global_macset_optimization_mode_enabled	Global MACSet Optimization Flag MACSet optimization is turned on when this flag is set to true. By default it is set to false.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value FirewallConfiguration	string	Required Enum: DfwFirewallConfiguration
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

FirewallFilterByRequestParameters (schema)

Request parameters for filtering entities based on the given criteria

Name	Description	Type	Notes
enforcement_point_path	Path of the enforcement point Path of the enforcement point from where the result need to be fetched. If not provided, default enforcement point will be considered. It is mandatory parameter on global manager.	string
parent_path	Path of the parent object of the entities The path of the parent object of entities that are need to be filtered based in the given criteria. Parent path is required for filtering rules of particular policy.	string
scope	Scope filter criteria All those firewall entities, policies/rules, will be returned whose scope value satisfies the given criteria. The value for scope can be, - virtual machine id or - logical router id. Based on the given scope value, the entities will be filtered.	string	Required

FirewallIdentityStoreLdapServerTestParameters (schema)

Parameters for performing LDAP server test

Name	Description	Type	Notes
action	LDAP server test requested Type of LDAP server test to perform.	string	Required Enum: CONNECTIVITY
enforcement_point_path	String Path of the enforcement point Enforcement point path, forward slashes must be escaped using %2F.	string

FirewallIdentityStoreListRequestParameters (schema)

Firewall identity store list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

FloodProtectionProfile (schema)

Flood Protection profile

A profile holding TCP, UDP and ICMP and other protcol connection limits. This is an abstract type. Concrete child types:
DistributedFloodProtectionProfile
GatewayFloodProtectionProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_active_flow_limit	Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections.	integer	Minimum: 1 Maximum: 1000000
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
other_active_conn_limit	Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.	integer	Minimum: 1 Maximum: 1000000
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value FloodProtectionProfile	FloodProtectionProfileResourceType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_half_open_conn_limit	Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections.	integer	Minimum: 1 Maximum: 1000000
udp_active_flow_limit	Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections.	integer	Minimum: 1 Maximum: 1000000
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

FloodProtectionProfileBindingListResult (schema)

Paged Collection of flood protection profile binding maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Flood protection profile binding maps list results	array of FloodProtectionProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

FloodProtectionProfileBindingMap (schema)

Policy Flood Protection Profile binding map

This entity will be used to establish association between Flood Protection
profile and Logical Routers.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value FloodProtectionProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

FloodProtectionProfileListRequestParameters (schema)

Flood Protection profile list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

FloodProtectionProfileListResult (schema)

Paged Collection of flood protection profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Flood protection profile list results	array of FloodProtectionProfile (Abstract type: pass one of the following concrete types) DistributedFloodProtectionProfile GatewayFloodProtectionProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

FloodProtectionProfileResourceType (schema)

Resource types of flood protection profiles

GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways.
DistributedFloodProtectionProfile is used for all Transport Nodes.

Name	Description	Type	Notes
FloodProtectionProfileResourceType	Resource types of flood protection profiles GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways. DistributedFloodProtectionProfile is used for all Transport Nodes.	string	Enum: GatewayFloodProtectionProfile, DistributedFloodProtectionProfile

FlowInfo (schema)

Details of config flow

Provides details of config flow in federation
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)

Name	Description	Type	Notes
cross_site_flow_info	Corss site flow information for the flow	CrossSiteFlowInfo
flow_type	Flow identifier	string	Enum: GM_TO_LM, LM_TO_GM, GM_TO_GM, LM_TO_LM, GM_WORK_QUEUE, GM_DELETE_QUEUE
id	System identifier for the flow	string
queue_infos	Queue information for the flow Every flow will have transmitter and receiver queues.	array of FederationQueueInfo

Footer (schema)

Widget Footer

Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API.

Name	Description	Type	Notes
actions	Footer Actions Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API.	array of FooterAction	Minimum items: 0
condition	Expression for evaluating condition If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.	string	Maximum length: 1024

FooterAction (schema)

Widget Footer Action

Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API.

Name	Description	Type	Notes
dock_to_container_footer	Dock the footer at container If true, the footer will appear in the underlying container that holds the widget.	boolean	Default: "True"
label	Label for action Label to be displayed against the footer action.	Label	Required
url	Clickable hyperlink, if any Hyperlink to the UI page that provides details of action.	string	Maximum length: 1024

ForceRevisionCheckRequestParameter (schema)

Parameter to enforce revision check before updating objects

Forces revision check before updating

Name	Description	Type	Notes
enforce_revision_check	Force revision check If this is set to true, each child object in the request needs to have _revision property set correctly. System will honor the revision numbers while updating the resources.	boolean	Default: "False"

ForwardStatsOutlier (schema)

Outlier for forward packet statistics

Name	Description	Type	Notes
deviation	Number of standard deviations away from the mean Number of standard deviations away from the mean	number	Required Readonly
observed_until	Timestamp till the forward packet drop rate, i.e. forward outlier was detected Timestamp till the forward packet drop rate, i.e. forward outlier was detected	EpochMsTimestamp	Required Readonly
pnic_rx_pps	Average packets being received per second for physical nic across the cluster Average packets being received per second for physical nic across the cluster	number	Required Readonly
pnic_tx_pps	Average packets being transmitted per second for physical nic across the cluster Average packets being transmitted per second for physical nic across the cluster	number	Required Readonly
start_time	Timestamp when the forward packet drop rate, i.e. forward outlier was detected Timestamp when the forward packet drop rate, i.e. forward outlier was detected	EpochMsTimestamp	Required Readonly
vnic_rx_pps	Average packets being received per second for virtual nic across the cluster Average packets being received per second for virtual nic across the cluster	number	Required Readonly
vnic_tx_pps	Average packets being transmitted per second for virtual nic across the cluster Average packets being transmitted per second for virtual nic across the cluster	number	Required Readonly

FpCounters (schema)

Name	Description	Type	Notes
rx_bytes	Count of rx bytes of ENS-Fastpath/FC-lookup.	integer	Readonly
rx_drops	Count of rx packet drops of ENS Fastpath / Not applicable for FC Module.	integer	Readonly
rx_drops_sp	Count of rx pkts drops of slowpath / Not applicable for FC Module.	integer	Readonly
rx_drops_uplink	Count of rx packet drops of ENS Uplink / Not applicable for FC Module.	integer	Readonly
rx_pkts	Count of rx packets of ENS Fastpath / Count of rx packets at FC lookup of vnic.	integer	Readonly
rx_pkts_sp	Count of rx pkt of slowpath / Not applicable for FC Module.	integer	Readonly
rx_pkts_uplink	Count of rx packets of ENS Uplink / Count of rx packets at FC lookup of Uplink.	integer	Readonly
tx_bytes	Count of tx bytes of ENS/FC Fastpath	integer	Readonly
tx_drops	Count of tx packet drops of ENS Fastpath / Count of packets dropped at FC lookup of vnic	integer	Readonly
tx_drops_sp	Count of tx pkts drops by slowpath / Not applicable for FC Module.	integer	Readonly
tx_drops_uplink	Count of tx packet drops of ENS Uplink / Count of packets dropped at FC lookup of Uplink.	integer	Readonly
tx_pkts	Count of tx packets of ENS Fastpath / Count of packets going through FC fastpath at vnic.	integer	Readonly
tx_pkts_sp	Count of tx pkts of ENS/FC slowpath	integer	Readonly
tx_pkts_uplink	Count of tx packets of ENS Uplink / Count of packets going through FC fastpath at Uplink.	integer	Readonly

FqdnAnalysisConfig (schema)

FQDN Analysis feature configuration entity

The type contains information about the configuration of the FqdnAnalysis feature for a
specific node.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enabled Property which specifies the enabling/disabling of the feature.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value FqdnAnalysisConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

FullSyncInfo (schema)

Full sync details for the flow

Represents details of the last full sync if full sync is not running,
otherwise returns the status of current full sync.

Name	Description	Type	Notes
data_streaming_from_source_end_time	End time of streaming full state from source	integer
data_streaming_from_source_progress	Details about full sync on sender side	string
data_streaming_from_source_start_time	Start time of streaming full state from source	integer
end_time	Full sync end time	integer
errors	Errors if any	array of string
fullSyncId	Full sync id	string
reason	Description of full sync reason	string
reason_code	Reason code for full sync Full sync can happen for various internal reasons, as well user can request for one. The code provides the classification of possible reasons to start a full sync.	string	Enum: QUEUE_OVERFLOW_ON_TRANSMITTER, QUEUE_OVERFLOW_ON_RECEIVER, CONNECTION_RESTORED, LM_ONBOARDED, GM_SWITCHOVER, RESTORED_GM_FROM_BACKUP, RESTORED_LM_FROM_BACKUP, BROWNFIELD_CONFIG_MIGRATION_FROM_LM_TO_GM, GM_REQUESTED_OVERSIZED_PAYLOAD, GM_REQUESTED_SITE_ONBOARDING, GM_REQUESTED_OTHER, LM_REQUSTED_OVERSIZED_PAYLOAD, LM_REQUESTED_OTHER, USER_REQUSTED, OTHER_AR_INTERNAL, POST_UPGRADE_GM, POST_UPGRADE_LM, UNKNOWN
receiver_end_time	End time of completing applying full state on receiver side	integer
receiver_start_time	Start time of applying full state on receiver side	integer
receiver_state	Internal receiver state This is optional information, provides useful insights on receiver side once async channel hands over full state data to receiver.	string
receiver_time_to_apply_in_millis	Time taken by application receiver to apply the full state received	integer
stage	Current stage details if full sync in progress This provides the insights into current full sync stage if in progress.	string	Enum: NOT_STARTED, REQUESTED_FULL_STATE_FROM_SOURCE, TRANSFERRING_FULL_STATE, COMPLETED_TRANSFERRING_FULL_STATE, DESTINATION_APPLYING_FULL_STATE, COMPLETED_SUCCESSFUL, TIMEOUT_ON_SOURCE_RECEIVE_FULL_STATE, TIMEOUT_ON_DESTINATION_APPLY, COMPLETED_FAILED
start_time	Full sync start time	integer
status	Full sync status	string	Enum: NOT_STARTED, IN_PROGRESS, COMPLETED
warnings	Errors if any	array of string

FullSyncState (schema)

Full sync state

Provides FullSync state for Local Manager from Global Manager.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
errors	Errors occurred during full sync Errors occurred during full sync.	array of string	Readonly
full_sync_id	Full sync id Full sync id generated by Async Replicator (AR) service.	string	Readonly
id	Unique identifier of this resource	string	Sortable
last_completed_stage	Full sync stage that is last completed for this request. The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request	string	Readonly Enum: INITIAL, PAUSE_DCNS, DELETED_STALE_ENTITIES, PROCESSED_FULLSYNC_DATA, PROCESSED_DELTAS, UNPAUSE_DCNS, COMPLETED, ERROR, ABORTED
last_update_time	Timestamp of last update, could be progress or success or error.	EpochMsTimestamp	Readonly Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value FullSyncState	string
start_time	Timestamp of Full Sync start.	EpochMsTimestamp	Readonly Sortable
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
last_upate_time	Deprecated, refer to last_update_time for the last update time stamp.	EpochMsTimestamp	Deprecated Readonly Sortable

FullSyncStateListResult (schema)

Paged Collection of FullSync states.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	FullSync states list FullSync states list.	array of FullSyncState	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

FullSyncStatus (schema)

Name	Description	Type	Notes
completed_at	Time at which the full sync was completed.	string	Required
snapshot_version	Snapshot version targeted by full sync.	string	Required
status	Status of full sync.	string	Required Enum: UNAVAILABLE, ERROR, ONGOING, COMPLETE, NOT_STARTED
sync_id	Identifier for the full sync.	string	Required
sync_type	Type of full sync.	string	Required Enum: UNAVAILABLE, STANDARD, FORCED

GatewayConnection (schema)

Policy gateway connection

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
advertise_outbound_route_filters	Outbound advertise route filters Array of path of a prefixlist object that will have Transit gateway to tier-0 gateway advertise route filter.	array of string	Maximum items: 1
aggregate_routes	Aggregate routes Configure aggregate TGW_PREFIXES routes on Tier-0 gateway for prefixes owned by TGW gateway. If not specified then in-use prefixes are configured as TGW_PREFIXES routes on Tier-0 gateway.	array of IPv4CIDRBlock
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GatewayConnection	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tier0_path	Tier-0 path Tier-0 gateway object path	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GatewayFloodProtectionProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_active_flow_limit	Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections.	integer	Minimum: 1 Maximum: 1000000
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nat_active_conn_limit	Maximum limit of active NAT connections The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource.	integer	Minimum: 1 Maximum: 4294967295 Default: "4294967295"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
other_active_conn_limit	Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections.	integer	Minimum: 1 Maximum: 1000000
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GatewayFloodProtectionProfile	FloodProtectionProfileResourceType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_half_open_conn_limit	Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections.	integer	Minimum: 1 Maximum: 1000000
udp_active_flow_limit	Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections.	integer	Minimum: 1 Maximum: 1000000
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GatewayGeneralSecurityProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_double_flow	Flag to indicate double flow check is enabled or not The flag to indicate double flow check is enabled or not. This option applies only to EDGE components.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GatewayGeneralSecurityProfile	GeneralSecurityProfileResourceType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GatewayInterfaceReference (schema)

Gateway interface reference

Contains gateway interface details.

Name	Description	Type	Notes
interface_path	interface path Absolute policy path of member interface.	string	Required

GatewayL2ForwarderSiteSpanInfo (schema) (Experimental)

Name	Description	Type	Notes
gateway_path	Gateway path Policy path of a gateway.	string	Required Readonly
inter_site_forwarder_status	Inter-site forwarder status per node Inter-site forwarder status per node.	array of L2ForwarderStatusPerNode	Readonly
last_update_timestamp	Last updated timestamp Timestamp when the L2 forwarder remote mac addresses was last updated.	EpochMsTimestamp	Required Readonly
remote_macs_per_site	L2 forwarder remote mac addresses per site L2 forwarder remote mac addresses per site for logical switch.	array of L2ForwarderRemoteMacsPerSite	Readonly

GatewayPolicy (schema)

Contains ordered list of Rules for GatewayPolicy

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildRule
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GatewayPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	Rules that are a part of this SecurityPolicy	array of Rule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GatewayPolicyListResult (schema)

Paged Collection of gateway policies

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	GatewayPolicy list results	array of GatewayPolicy	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GatewayQosProfile (schema)

QoS configuration of Tier1 gateway

QoS profile contains configuration of rate limiting properties which can be
applied in ingress and egress directions at Tier1 gateways

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
burst_size	Burst size in bytes Burst size in bytes.	int	Minimum: 1 Default: "1"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
committed_bandwidth	Committed bandwidth in Mbps Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate.	int	Minimum: 1 Default: "1"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
excess_action	Action on traffic exceeding bandwidth. Action on traffic exceeding bandwidth.	string	Enum: DROP
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GatewayQosProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
committed_bandwitdth	Committed bandwidth in Mbps Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. This property is deprecated, use committed_bandwidth instead.	int	Deprecated Minimum: 1 Default: "1"

GatewayQosProfileConfig (schema)

Gateway QoS profile configuration

Name	Description	Type	Notes
egress_qos_profile_path	Egress QoS profile Policy path to gateway QoS profile in egress direction.	string
ingress_qos_profile_path	Ingress QoS profile Policy path to gateway QoS profile in ingress direction.	string

GatewayQosProfileListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paginated list of GatewayQosProfile	array of GatewayQosProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GatewayRecoverySiteConfig (schema)

Recovery site config

Name	Description	Type	Notes
failover_linked_tier1_gateway	Failover Linked Tier-1 Gateway Linked Tier1 gateway whose primary site matches from_site_path and are stretched to new primary site are recovered on new primary site path.	boolean	Default: "True"
tier0_gateway_path	Tier-0 gateway path Path of Tier-0 gateway	string	Required
to_primary_site_path	Recovery site path Recovery site path	string	Required

GatewayRouteCsvRecord (schema)

Name	Description	Type	Notes
admin_distance	The admin distance of the next hop	integer
black_hole	BlackHole Value of this field will be true if given routes are null routes	boolean	Readonly
edge_path	Edge path Edge node policy path.	string	Readonly
interface	The policy path of the interface which is used as the next hop	string
lr_component_id	Logical router component(Service Router/Distributed Router) id	string
lr_component_type	Logical router component(Service Router/Distributed Router) type	string
network	CIDR network address	IPCIDRBlock	Required
next_hop	The IP of the next hop	IPAddress
next_hop_gateway	Next hop gateway path	string
route_type	Route type (USER, CONNECTED, NSX_INTERNAL,..)	string	Required
transport_node_path	Transport node path Transport node path.	string	Readonly

GatewayRouteTableInCsvFormat (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
results		array of GatewayRouteCsvRecord

GatewaySiteFailoverActionConfig (schema)

Gateway site failover action

configuration to trigger site failover for one or more Tier0 and linked Tier1 gateway(s).

Name	Description	Type	Notes
from_site_path	Source site path Source site path for failover. Gateway whose primary site path matches from_site_path are considered for recovery.	string	Required
to_primary_site_config	Recovery site for gateway Recovery stie for Tier-0 gateway and linked Tier-1 gateway.	array of GatewayRecoverySiteConfig	Required Maximum items: 200

GeneralSecurityProfile (schema)

General Security profile

A profile holding general security settings. This is an abstract type. Concrete child types:
GatewayGeneralSecurityProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GeneralSecurityProfile	GeneralSecurityProfileResourceType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GeneralSecurityProfileBindingMap (schema)

Policy General Security profile binding map

This entity will be used to establish association between General Security
profile and Logical Routers.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GeneralSecurityProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GeneralSecurityProfileResourceType (schema)

Resource types of General Security profiles

GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.

Name	Description	Type	Notes
GeneralSecurityProfileResourceType	Resource types of General Security profiles GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.	string	Enum: GatewayGeneralSecurityProfile

GenericDhcpOption (schema) (Deprecated)

Generic DHCP option

Define DHCP options other than option 121.

Name	Description	Type	Notes
code	DHCP option code, [0-255] Code of the dhcp option.	integer	Required Minimum: 0 Maximum: 255
values	DHCP option value Value of the option.	array of string	Required Minimum items: 1 Maximum items: 10

GenericPolicyRealizedResource (schema)

Generic realized entity

Represents realized entity

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alarms	Alarm info detail	array of PolicyAlarmResource
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enforcement_point_path	Enforcement Point Path The path of the enforcement point.	string	Readonly
entity_type	Type of realized entity	string	Readonly
extended_attributes	Collection of type specific properties	array of AttributeVal	Readonly
id	Unique identifier of this resource	string	Sortable
intent_paths	Collection of intent paths	array of string	Readonly
intent_reference	Desire state paths of this object	array of string
operational_status	String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive.	string
operational_status_error	String representation of operational status error It defines the root cause for operational status error.	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
publish_status	String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive.	string
publish_status_error	String representation of publish status error It defines the root cause for publish status error.	string
publish_status_error_code	Represents error code for publish status. It defines error code for publish status error.	int
publish_status_error_details	Details for publich status error. Error details for publish status.	array of ConfigurationStateElement
publish_time	Publish time of the intent This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time	EpochMsTimestamp	Readonly Sortable
realization_api	Realization API of this object on enforcement point	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
realization_specific_identifier	Realization id of this object	string
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GenericPolicyRealizedResource	string
runtime_error	String representation of runtime error It define the root cause for runtime error.	string
site_path	Site Path The site where this entity resides.	string	Readonly
state	Realization state of this object	string	Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
time_taken_for_realization	Appoximate time taken in milliseconds for end to end realization. This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization	integer
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
runtime_status	String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive.	string	Deprecated

GenericPolicyRealizedResourceListResult (schema)

GenericPolicyRealizedResource list result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of GenericPolicyRealizedResources List of realized resources	array of GenericPolicyRealizedResource
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GeoIpSetting (schema)

Geo IP Setting

Geo IP Setting used to activate or deactivate auto-download of Geo IP Bundle.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_download	Geo IP Bundle Auto-Download Flag Property which indicates whether auto-download of Geo IP Bundle is ON or OFF.	boolean	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GeoIpSetting	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GeoLocationExpression (schema)

Geo location expression node

Represents Geo location expressions in the form of an array, to support
geo location in a group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
country_code	This contain country code for System created GeoIP Groups.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
exclude	Members to be excluded from the condition List of members to be excluded from the GeoLocationExpression. This field is applicable only for expression representing the list of GeoIp groups. Only IPAddressExpression and PathExpression are supported. The PathExpression should have group_type IPAddress. Only IP based groups are supported and GeoIp groups are not supported here.	ExcludedMembersList
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_group_paths	Array of Default System GeoIP group paths. This array consists of Default System GeoIP group paths.	array of string	Required Minimum items: 1 Maximum items: 200
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GeoLocationExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GetBackupUiFramesInfoRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
ui_tab_type		string	Readonly Enum: LOCAL_MANAGER_TAB, GLOBAL_MANAGER_TAB Default: "LOCAL_MANAGER_TAB"

GetCertParameter (schema)

Name	Description	Type	Notes
details	whether to expand the pem data and show all its details	boolean	Default: "False"
fmt		CertificateFormatParameter

GetSNMPParameters (schema)

Get SNMP request parameters

Get SNMP request parameters.

Name	Description	Type	Notes
show_sensitive_data	Show SNMP sensitive data or not Whether to show SNMP service properties including community strings if any applicable.	boolean	Default: "False"

GlobalCollectorConfig (schema)

Abstract base type for Global collector configurations of different types

The GlobalCollectorConfig is the base class for global collector configurations for
different types in a NSX domain.
This is an abstract type. Concrete child types:
VrniGlobalCollector
VrniStreamingGlobalCollector
WaveFrontGlobalCollector

Name	Description	Type	Notes
collector_ip	IP address for the global collector collector IP address for the global collector.	IPAddress	Required
collector_port	Port for the global collector Port for the global collector.	int	Required Minimum: 1 Maximum: 65535
collector_type	Specify the global collector type.	GlobalCollectorType	Required

GlobalCollectorType (schema)

Valid Global collector types

Name	Description	Type	Notes
GlobalCollectorType	Valid Global collector types	string	Enum: VRNI, WAVE_FRONT, VRNI_STREAMING

GlobalConfig (schema)

Global configuration

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allow_changing_vdr_mac_in_use	A flag to indicate if changing the VDR MAC being used is allowed When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has "nested_nsx" property set to true, the MAC in "vdr_mac_nested" is used; otherwise the MAC in "vdr_mac" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose "nested_nsx" property is true but is in an OVERLAY transport zone, the first way is updating the "vdr_mac" property. The 2nd way is updating one of the OVERLAY transport zones joined by the host switch to set "nested_nsx" property true which will make the host switch use the VDR MAC in "vdr_mac_nested". The third way is directly updating the transport node to add an OVERLAY transport zone whose "nested_nsx" property is true into the host switch which will also make the host switch use the VDR MAC in "vdr_mac_nested". If the host switch is in some OVERLAY transport zone(s) whose "nested_nsx" property is true, the first way is updating the "vdr_mac_nested" property. The 2nd way is updating all those OVERLAY transport zones to set "nested_nsx" property false which will make the host switch use the VDR MAC in "vdr_mac". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in "vdr_mac". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage!	boolean	Default: "False"
arp_limit_per_gateway	ARP limit per Tier0/Tier1 gateway Global configuration of maximum number of ARP entries per transport node at each Tier0/Tier1 gateway.	int	Minimum: 5000 Maximum: 50000 Default: "50000"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
default_host_switch_mode	Default operational mode of VDS HostSwitch on ESX TransportNodes. The value of this field will be used only if TN/TNP create API does not contain hostswitch mode. ENS_INTERRUPT - This is an interrupt driven variant of the Enhanced Data Path mode. Please, consult your account representative for applicability. This mode is available only on ESX hypervisor (7.0 and above). STANDARD - This mode was formerly the default and is realized as pktHandle mode in the datapath.	string	Enum: ENS_INTERRUPT, STANDARD Default: "ENS_INTERRUPT"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_gateway_bfd	External Bidirectional Flow Detection configuration Configuration for BFD session between host nodes and external gateways. If this configuration is not provided, system defaults are applied.	ExternalGatewayBfdConfig
fips	FIPS enabled config Contains the FIPSGlobalConfig object.	FIPSGlobalConfig
global_replication_mode_enabled	A flag to indicate if global replication mode is enabled When this flag is set true, certain types of BUM packets will be sent to all VTEPs in the global VTEP table, ignoring the logical switching span.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
is_inherited	This field indicates whether this is a copy version of GM/NSX+ or not if True, meaning that this is a copy version of GM if False, meaning that this is a local version on LM	boolean
l3_forwarding_mode	L3 forwarding mode Configure forwarding mode for routing. This setting does not restrict configuration for other modes.	string	Enum: IPV4_ONLY, IPV4_AND_IPV6 Default: "IPV4_ONLY"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mtu	MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. This is the global default MTU for all the EXTERNAL (uplink) and SERVICE (CSP) interfaces in the NSX domain. There is no option to override this value at the transport zone level or transport node level.	int	Minimum: 1280
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
physical_uplink_mtu	MTU for the physical uplinks This is the global default MTU for all the physical uplinks in a NSX domain. This is the default value for the optional uplink profile MTU field. When the MTU value is not specified in the uplink profile, this global value will be used. This value can be overridden by providing a value for the optional MTU field in the uplink profile. Whenever this value is updated, the updated value will only be propagated to the uplinks that don't have the MTU value in their uplink profiles. If this value is not set, the default value of 1700 will be used. The Transport Node state can be monitored to confirm if the updated MTU value has been realized.	int	Default: "1700"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remote_tunnel_physical_mtu	The physical MTU for the remote tunnel endpoints This is the global default MTU for all the physical remote tunnel endpoints in an NSX domain. Please consider intersite link MTU minus any external overhead when defining the MTU. If this value is not set, the default value of 1500 will be used.	int	Default: "1700"
resource_type	Must be set to the value GlobalConfig	string
site_infos	Collection of Site information Information related to sites applicable for given config.	array of SiteInfo	Maximum items: 16
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tep_group_config	VTEP Group Configuration. Indicates if the TEP Grouping is supported in Transport Nodes.	TepGroupConfig
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
uplink_mtu_threshold	Upper threshold for MTU on physical and logical uplinks This value defines the upper threshold for the Maximum Transmission Unit (MTU) value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU.	int	Default: "9000"
vdr_mac	MAC address of the Virtual Distributed Router (VDR) port This is the global default MAC address for all VDRs in all transport nodes in a NSX system. It can be changed only when there is no transport node in the NSX system. This value cannot be same as vdr_mac_nested. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has "nested_nsx" property being true.	MACAddress	Default: "02:50:56:56:44:52"
vdr_mac_nested	The MAC address of the Virtual Distributed Router (VDR) port in a nested NSX environment. This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. It can be changed only when there is no transport node in the NSX system. All transport zones in such a nested NSX system will have the "nested_nsx" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose "nested_nsx" property is true.	MACAddress	Default: "02:50:56:56:44:53"
lb_ecmp	Flag for controlling equal-cost multi-path(ECMP) load balancing. Flag to activate/deactivate ECMP load balancing. By default ECMP load balancing is deactivated.	boolean	Deprecated Default: "False"
operation_collectors	Operation global collector config This property is a part of OpsGlobalConfig object. Use /infra/ops-global-config instead. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode.	array of GlobalCollectorConfig (Abstract type: pass one of the following concrete types) VrniGlobalCollector VrniStreamingGlobalCollector WaveFrontGlobalCollector	Deprecated

GlobalDfwConfiguration (schema)

Global distributed firewall configuration for a specific site

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_firewall	Distributed firewall enable flag If set to true, distributed firewall is enabled on a specified site.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalDfwConfiguration	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GlobalDfwConfigurationListResult (schema)

Paged Collection of global distributed firewall configurations for all the sites

Paged Collection of global distributed firewall configurations for all the sites.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Global distributed firewall configuration list results Global distributed firewall configuration list results.	array of GlobalDfwConfiguration	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GlobalIdsSettings (schema)

Global Intrusion Detection System settings

Represents the Intrusion Detection System settings for NSX+.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_update	Auto update signatures flag Parameter to let the user decide whether to update the IDS Signatures automatically or not.	boolean	Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalIdsSettings	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GlobalIdsSignature (schema)

Global IDS signature

Global IDS signature.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Global IDS signature's action It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action.	string	Enum: ALERT, DROP, REJECT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	Flag to Activate/Deactivate a IDS Signature globally. Flag through which user can Activate/Deactivate a Signature at Global Level.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
is_custom_signature	Flag to determine custom signature It represents whether the overridden signature is custom or system signature.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalIdsSignature	string
signature_id	Signature ID Represents the Signature's id.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GlobalIdsSignatureListRequestParameters (schema)

Global IDS signature request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

GlobalIdsSignatureListResult (schema)

Paged collection of Global IDS signatures

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Global IDS signature list results	array of GlobalIdsSignature	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GlobalManager (schema)

Global Manager

Global Manager.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
connection_info	Connection information To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_id	Global manager federation UUID Internally generated UUID to the federation of Global Manager.	string	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
mode	Mode of the global manager There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined.	string	Required Enum: ACTIVE, STANDBY
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalManager	string
site_id	UUID of the site where Global manager is running UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GlobalManagerConfig (schema)

Global Manager configuration

This configuration is distributed to all Sites participating in federation.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GlobalManagerConfig	string
rtep_config	Global Manager federation RTEP configuration Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation.	GmRtepConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GlobalManagerListRequestParameters (schema)

Site List Request Parameters

Site list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

GlobalManagerListResult (schema)

Paged Collection of Global Managers

Paged Collection of Global Managers.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Global Manager List Result Global Manager List Result.	array of GlobalManager	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GlobalManagerSwitchOverRequestParameter (schema)

Parameter to force switchover

Parameter to force switch over from Standby to Active.

Name	Description	Type	Notes
force	Indciates force switchover to Active If true indicates that user requested make standby Global Manager as active ignoring the state of current active Global Manager. Typically, recommended to use when active Global Manager is failed or not reachable.	boolean

GlobalRestoreStatus (schema)

Overall restore process status

Name	Description	Type	Notes
description	A description of the restore status	string	Required Readonly
value	Global rolled-up restore status value	string	Required Readonly Enum: INITIAL, SUCCESS, FAILED, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, SUSPENDED, ABORTED

GmConfigOnboardingConflictEntityInfo (schema)

GM config Onboarding Conflicting Entity Info

Conflicting Entity information on GM.

Name	Description	Type	Notes
error_messages		ConfigOnboardingError	Readonly
example	Conflict example Conflict example	OnboardingFeatureInfo	Readonly

GmFederationSiteConfig (schema)

Federation configuration for the site

Additional configuration required for federation at Site.

Name	Description	Type	Notes
transit_subnet	Transit subnet in CIDR format IP Addresses to be allocated for transit segment when the gateway is stretched. Note that Global Manager will carve out the IP Pool for each site to be used for edge nodes when gateway is stretched based on the user provided subnet and maximum number of edge nodes allowed per site.	string	Format: ip-cidr-block

GmNodeStatus (schema)

Represents the Global Manager node switchover status

Name	Description	Type	Notes
end_time	End time of the switchover operation	integer
errors	Errors if any	array of string
node_id	UUID of the Global Manager node	string
start_time	Start time of the switchover operation	integer
status	Status of switchover operation	string	Enum: IN_PROGRESS, COMPLETED, FAILED
warnings	Errors if any	array of string

GmOperationalState (schema)

Represents the operational state of Global Manager

Represents the switchover operational state of Global Manager. Offers information
about the current switchover operation including status from each Global Manager
node and the errors if any.

Name	Description	Type	Notes
consolidated_progress	Consolidated status of the current operation	string	Enum: IN_PROGRESS, COMPLETED, FAILED
end_time	End time of the switchover operation	integer
errors	Errors if any	array of string
node_statuses	Switchover status from each NSX Global Manager appliance node	array of GmNodeStatus
site_manager_ref	Timestamp reference for the change provided by SiteManager	integer
start_time	Start time of the switchover operation	integer
status	The current switchover operation requested.	string	Required Enum: NONE, ACTIVE, STANDBY, SWITCHING_TO_ACTIVE, SWITCHING_TO_STANDBY, DECOMMISSIONED
warnings	Errors if any	array of string

GmRtepConfig (schema)

Global Manager federation RTEP configuration

Global Manager federation RTEP configuration. This configuration is distributed
to all Sites participating in federation.

Name	Description	Type	Notes
ibgp_password	Password for IBGP sessions between federated sites Password to authenticate IBGP session between remote tunnel endpoints created on federated sites. This is applied to inter-site underlay IBGP neighbors created over remote tunnel endpoints on all sites. Empty string ("") clears existing password.	secure_string	Maximum length: 20

GraphConfiguration (schema)

Graph Configuration

Represents configuration of a graph widget

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
axes	Axes of a graph	Axes
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
display_x_value	Show or hide the value of a point on X axis If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis.	boolean	Default: "False"
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
graphs	Graphs	array of GraphDefinition	Required Minimum items: 1
graphs_colors	A colors for the graph An array of graphs colors which will be applied to each graph seperately. if number of provided colors are smaller than number of graph in the widget then colors are applied in circular manner.	array of string
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
line_chart_plot_configs	List of line chart plotting configuration List of line chart plotting configuration. This plotting configuration will be applicable for the LINE_GRAPH only.	array of LineChartPlotConfiguration
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value GraphConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
sub_type	Subtype of a graph Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart	string	Enum: LINE_GRAPH, BAR_GRAPH, STACKED_BAR_GRAPH Default: "BAR_GRAPH"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
x_value_type	x value type x value type.	string	Enum: string, number, date, millisecond, second Default: "string"
y_value_type	y value type y value type.	string	Enum: integer, double
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

GraphDefinition (schema)

Definition of a graph

Defines a graph

Name	Description	Type	Notes
id	Identifier of graph Identifier of graph. It can be used to differentiate multiple graph series present in GraphWidgetConfiguration.	string
label	Label of a graph Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown.	Label
point_definition	Definition for points of a graph Defines the points of a graph.	PointDefinition	Required
render_configuration	Render Configuration Additional rendering or conditional evaluation of the field values to be performed, if any.	array of RenderConfiguration	Minimum items: 0
row_list_field	Expression for series of the graph An expression that represents the series of the graph	string

GreTunnel (schema)

GRE Tunnel

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_address	Destination IPv4 address Destination IP address of P2P GRE Tunnel. The IP address that the NSX Edge will connect to.	IPv4Address	Required
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable/Disable Tunnel	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mtu	Maximum transmission unit Maximum transmission unit(MTU) in bytes specifies the size of the largest packet that a tunnel can transmit.	int	Minimum: 64 Default: "1476"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GreTunnel	string	Required Enum: GreTunnel
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tunnel_address	Tunnel Address object parameter Specify list of IP address per every edge node for tunnel interface. Supports both IPv4 and IPv6 address.	array of TunnelAddress	Required Minimum items: 1 Maximum items: 8
tunnel_keepalive	tunnel keep alive object GRE Tunnel's keepalive configuration	TunnelKeepAlive
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GridConfiguration (schema)

Grid Configuration

Represents configuration of a Grid or Table widget.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
columns	Columns Array of columns of a Grid widget	array of ColumnItem	Required
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
page_size	Page Size Number of records per page. page_size will be effective only when the urls provided in the datasource support paging.	int	Default: "30"
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value GridConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
row_list_fields	List of fields from which rows are formed Rows of grid or table are formed from the list of objects returned by a row list field.	array of RowListField	Required Minimum items: 1
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

Group (schema)

Group

Group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
expression	Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed the defined Config Max limit for the form-factor of Manager nodes. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression
extended_expression	Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression	Maximum items: 1
group_type	Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType.	array of GroupTypes	Maximum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
reference	Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false.	boolean	Readonly Default: "False"
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Group	string
state	Realization state of this group	string	Readonly Enum: IN_PROGRESS, SUCCESS, FAILURE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GroupDeleteRequestParameters (schema) (Deprecated)

Group delete request parameters

Name	Description	Type	Notes
fail_if_subtree_exists	Do not delete if the group subtree has any entities Check if the group sub-tree has any entities. These primarily include the binding maps that point to various profiles. If this flag is passed as true, the group delete fails if any binding maps exist in the group sub-tree. By default, this flag is false, which means that the group is deleted along with the group sub-tree.	boolean	Default: "False"
force	Force delete the resource even if it is being used somewhere If true, deleting the resource succeeds even if it is being referred as a resource reference.	boolean	Default: "False"

GroupDiscoveryProfileBindingMap (schema)

Map for binding group with discovery profile

This entity will be used to establish association between discovery profile and
Group. With this entity, user can specify intent for applying discovery profile
profile to particular Group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GroupDiscoveryProfileBindingMap	string
sequence_number	Sequence number group discovery profile Binding Map Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000.	integer	Minimum: 1 Maximum: 100000
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GroupDiscoveryProfileBindingMapListRequestParameters (schema)

Group Discovery Profile Binding Map List Request Parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

GroupDiscoveryProfileBindingMapListResult (schema)

Paged collection of Group Discovery Profile Binding Map

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Group Discovery Profile Binding Map List Results	array of GroupDiscoveryProfileBindingMap
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GroupListRequestParameters (schema)

Group list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
member_types	Comma Separated Member types Optionally, specify valid member types as request parameter to filter NSGroups.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

GroupListResult (schema)

Paged Collection of Groups

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Group list results	array of Group	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

GroupMemberActionParameters (schema)

Request Parameters for Group members

Request Parameter to either add or remove the Group members.

Name	Description	Type	Notes
action	Add or Remove group members. Action parameter determines whether to add or remove the group members.	string	Required Enum: add, remove

GroupMemberList (schema)

Members to add or remove for a Group.

List of same type members to either add or remove from a group.

Name	Description	Type	Notes
members	Groups members collection This array contains group members of similar types.	array of string	Required Minimum items: 1 Maximum items: 4000

GroupMemberTagsList (schema)

Group tags list for a particular member type

Collection of tags used in a policy group for a particular member type

Name	Description	Type	Notes
member_type	Member type for which we will list the tags	string	Required
tags	List of tags for the member type	array of string	Required

GroupMemberType (schema)

Valid Group member type

Name	Description	Type	Notes
GroupMemberType	Valid Group member type	string	Enum: VirtualMachine, VirtualNetworkInterface, SegmentPort, Segment, CloudNativeServiceInstance, IPAddress, MACAddress, IPSet, IdentityGroup, PhysicalServer, Pod, Service, Namespace, Cluster, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode, VpcSubnet, VpcSubnetPort, BareMetalServer, BareMetalServerInterface

GroupMemberTypeListResult (schema)

Name	Description	Type	Notes
result_count	Count of the member types in the results array	integer	Required Readonly
results	Collection of member types for the given Group	array of GroupMemberType	Required

GroupMonitoringProfileBindingMap (schema)

Group Monitoring Profile binding map

This entity will be used to establish association between monitoring
profile and Group. Using this entity, you can specify intent for applying
monitoring profile to particular Group. Group with membership criteria vm
only supported as source group. Port mirroring is only supported on group
with five vms. For the IPFIX profile, Segment, Segment Port, VM, VIF, DVPORT, DVPG member types
are supported in the group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_profile_path	IPFIX DFW Profile Path PolicyPath of associated IPFIX DFW Profile	string
ipfix_l2_profile_path	IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
port_mirroring_profile_path	Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GroupMonitoringProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GroupScopeExpression (schema)

Scope association expression node

Represents scope of the workloads that needs to be added to the Group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value GroupScopeExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
scope_path	Path of the scope	string	Required
scope_type	Scope type	string	Required Enum: PROJECT, VPC
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

GroupStatusListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
has_errors	Flag to indicate whether to return only upgrade units with errors	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

GroupTagsList (schema)

Group tags list listed per member type

Collection of tags used in a policy group listed per member type

Name	Description	Type	Notes
results	Collection of tags used in a policy group listed per member type	array of GroupMemberTagsList	Required

GroupTypes (schema)

Valid Group Types.

ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.

Name	Description	Type	Notes
GroupTypes	Valid Group Types. ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.	string	Enum: IPAddress, ANTREA, BareMetalServer

Header (schema)

Widget Header

Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs.

Name	Description	Type	Notes
condition	Expression for evaluating condition If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.	string	Maximum length: 1024
content_alignment	alignment for labelvalue pair Alignment of header labels.	string	Enum: LEFT, RIGHT Default: "RIGHT"
sub_header_widgets	An array of widgets inside the container header An array of widgets which will appear inside the container header Instead of 'sub_headers' property use this property.	array of WidgetItem	Minimum items: 0
sub_headers	Rows An array of label-value properties. This field is deprecated instead used 'sub_header_widgets' property to define header widgets.	array of PropertyItem	Deprecated Minimum items: 0

HealthRequestParameters (schema)

Service list request parameters

Name	Description	Type	Notes
dependent_services_health	Fetch the health of policy and it's dependent services. If set to false, then it will return only policy health. If set to true, then it will return health of policy and it's dependent services. If it is not provided, then then it will return health of policy and it's dependent services.	boolean

HostKeyAlgorithms (schema)

SSH key type

Name	Description	Type	Notes
HostKeyAlgorithms	SSH key type	string	Enum: ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, ssh-ed25519, ssh-rsa

HostUpgradeStatus (schema)

Status of host upgrade

Name	Description	Type	Notes
can_rollback	Can perform rollback This field indicates whether we can perform upgrade rollback.	boolean	Readonly
can_skip	Can the upgrade of the remaining units in this component be skipped	boolean	Readonly
component_type	Component type for the upgrade status	string	Readonly
current_version_node_summary	Mapping of current versions of nodes and counts of nodes at the respective versions.	NodeSummaryList	Readonly
details	Details about the upgrade status	string	Readonly
node_count_at_target_version	Count of nodes at target component version Number of nodes of the type and at the component version	int	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
pre_upgrade_status	Pre-upgrade status of the component-type	UpgradeChecksExecutionStatus	Readonly
status	Upgrade status of component	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
target_component_version	Target component version	string	Readonly

HostnameOrIPAddress (schema)

Hostname or IPv4 or IPv6 address

Name	Description	Type	Notes
HostnameOrIPAddress	Hostname or IPv4 or IPv6 address	string	Format: hostname-or-ip

HostnameOrIPv46Address (schema)

Hostname or IPv4 or IPv6 address

Name	Description	Type	Notes
HostnameOrIPv46Address	Hostname or IPv4 or IPv6 address	string	Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?)*\.?$\|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"

HostnameOrIPv4AddressOrEmptyString (schema)

Hostname or IPv4 address

Name	Description	Type	Notes
HostnameOrIPv4AddressOrEmptyString	Hostname or IPv4 address	string	Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?)*\.?$\|^$"

HttpProtocol (schema)

Name	Description	Type	Notes
authentication_scheme	Scheme to authenticate if required	BasicAuthenticationScheme
name	Must be set to the value HttpProtocol	string	Required Enum: http, https, scp, sftp

HttpRequestMethodType (schema)

http monitor method

Name	Description	Type	Notes
HttpRequestMethodType	http monitor method	string	Enum: GET, OPTIONS, POST, HEAD, PUT

HttpRequestVersionType (schema)

http request version

Name	Description	Type	Notes
HttpRequestVersionType	http request version	string	Enum: HTTP_VERSION_1_0, HTTP_VERSION_1_1

HttpServiceProperties (schema)

HTTP Service properties

Name	Description	Type	Notes
logging_level	Service logging level	string	Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO"
basic_authentication_enabled	Enable or disable basic authentication Identifies whether basic authentication is enabled or disabled in API calls.	boolean	Deprecated Default: "True"
certificate		Certificate	Deprecated Required Readonly
cipher_suites	Cipher suites used to secure contents of connection	array of CipherSuite	Deprecated Minimum items: 1
client_api_concurrency_limit	Client API concurrency limit in calls A per-client concurrency limit. This is the maximum number of outstanding requests that a client can have. For example, a client can open multiple connections to NSX and submit operations on each connection. When this limit is exceeded, the server returns a 503 Service Unavailable error to the client. To disable API concurrency limiting, set this value to 0.	integer	Deprecated Minimum: 0 Default: "40"
client_api_rate_limit	Client API rate limit in calls per second The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0.	integer	Deprecated Minimum: 0 Default: "100"
connection_timeout	NSX connection timeout, set to 0 to configure no timeout	integer	Deprecated Minimum: 0 Maximum: 2147483647
cookie_based_authentication_enabled	Enable or disable cookie-based authentication Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create.	boolean	Deprecated Default: "True"
global_api_concurrency_limit	Global API concurrency limit in calls The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0.	integer	Deprecated Minimum: 0 Default: "100"
protocol_versions	TLS protocol versions	array of ProtocolVersion	Deprecated Minimum items: 1
redirect_host	Host name or IP address to use for redirect location headers, or empty string to derive from current request	HostnameOrIPv4AddressOrEmptyString	Deprecated Default: ""
session_timeout	NSX session inactivity timeout, set to 0 to configure no timeout	integer	Deprecated Minimum: 0 Maximum: 2147483647

HttpsProtocol (schema)

Name	Description	Type	Notes
authentication_scheme	Scheme to authenticate if required	BasicAuthenticationScheme
name	Must be set to the value HttpsProtocol	string	Required Enum: http, https, scp, sftp
sha256_thumbprint	SSL thumbprint of server	string	Required

ICMPTypeServiceEntry (schema)

A ServiceEntry that represents IPv4 or IPv6 ICMP protocol

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_code	ICMP message code	integer	Minimum: 0 Maximum: 255
icmp_type	ICMP message type	integer	Minimum: 0 Maximum: 255
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol		string	Required Enum: ICMPv4, ICMPv6
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ICMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IGMPTypeServiceEntry (schema)

A ServiceEntry that represents IGMP protocol

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IGMPTypeServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPAddress (schema)

IPv4 or IPv6 address

Name	Description	Type	Notes
IPAddress	IPv4 or IPv6 address	string	Format: ip

IPAddressExpression (schema)

IP address expression node

Represents IP address expressions in the form of an array, to support addition of IP addresses in a group.If duplicate IP Addresses are provided these will be filtered out and only unique IP Addresses will be considered. Avoid creating groups with multiple IPAddressExpression.In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_addresses	Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". The max limit for number of IP addresses applies across all expressions in a group. Please refer to Config Max limits specification document for a given environment.	array of IPElement	Required Minimum items: 1 Maximum items: 25000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPAddressExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPAddressGroupAssociationRequestParams (schema)

List request parameters containing ip address and enforcement point path

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
ip_address	IPAddress	string	Required
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IPAddressList (schema)

IP Address collection.

Collection of IP Addresses.

Name	Description	Type	Notes
ip_addresses	Array of IP addresses The array contains IP addresses.	array of IPElement	Required Minimum items: 1 Maximum items: 25000

IPAddressOrCIDRBlock (schema)

IPAddress or CIDR Block

Name	Description	Type	Notes
IPAddressOrCIDRBlock	IPAddress or CIDR Block	string	Format: address-or-cidr-block

IPAddresses (schema)

Name	Description	Type	Notes
ip_addresses	IPs of the filter The IP addresses in the form of IP Address, IP Range, CIDR, used as source IPs or destination IPs of filters.	array of IPElement	Minimum items: 1

IPCIDRBlock (schema)

IPv4 or IPv6 CIDR Block

Name	Description	Type	Notes
IPCIDRBlock	IPv4 or IPv6 CIDR Block	string	Format: ip-cidr-block

IPDiscoveryProfile (schema)

IP Discovery Profile

Using this profile to configure different options of IP Discovery

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
arp_nd_binding_timeout	ARP and ND cache timeout (in minutes) This property controls the ARP and ND cache timeout period. It is recommended that this property be greater than the ARP/ND cache timeout on the VM.	int	Minimum: 5 Maximum: 120 Default: "10"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
duplicate_ip_detection	Duplicate IP Dection Options Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port.rt.	DuplicateIPDetectionOptions
id	Unique identifier of this resource	string	Sortable
ip_v4_discovery_options	IPv4 Discovery options Indicates IPv4 Discovery options	IPv4DiscoveryOptions
ip_v6_discovery_options	IPv6 Discovery options Indicates IPv6 Discovery options	IPv6DiscoveryOptions
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPDiscoveryProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tofu_enabled	Is TOFU enabled or not Indicates whether "Trust on First Use(TOFU)" paradigm is enabled.	boolean	Default: "True"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPDiscoveryProfileListRequestParameters (schema)

IP Discovery Profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IPDiscoveryProfileListResult (schema)

Paged collection of IP Discovery Profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IP Discovery profile list results	array of IPDiscoveryProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IPElement (schema)

IP address, range, or subnet

IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"

Name	Description	Type	Notes
IPElement	IP address, range, or subnet IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64"	string	Format: address-or-block-or-range

IPElementList (schema)

List of IP address, range, or subnet

Name	Description	Type	Notes
IPElementList	List of IP address, range, or subnet IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64"	string	Format: list-of-address-or-block-or-range

IPFIXDFWCollector (schema)

IPFIX DFW Collector

IPFIX DFW data will be collected on collector
Host IP and Port address should be provided for collector.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
collector_ip_address	IP address IP address for the IPFIX DFW collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid.	IPAddress	Required
collector_port	Port Port for the IPFIX DFW collector.	int	Required Minimum: 0 Maximum: 65535
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWCollector	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPFIXDFWCollectorProfile (schema)

IPFIX DFW Collector Profile

IPFIX data for the NSX distributed firewall will be sent to the specified
IPFIX collectors.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collectors	IPFIX DFW Collectors. It accepts Multiple Collectors.	array of IPFIXDFWCollector	Required Minimum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWCollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPFIXDFWProfile (schema)

IPFIX DFW Profile

IPFIX packets from source will be sent to IPFIX DFW collector.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_flow_export_timeout	Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes.	int	Required Minimum: 1 Maximum: 60 Default: "1"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_dfw_collector_profile_path	IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
observation_domain_id	Observation domain ID An identifier that is unique to the exporting process and used to meter the flows.	int	Minimum: 0 Maximum: 65536 Default: "0"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
priority	Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only.	int	Minimum: 0 Maximum: 32000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXDFWProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPFIXL2Collector (schema)

IPFIX L2 Collector

IPFIX packets will be collected on collector.
IP and port address should be provided for collector.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
collector_ip_address	IP address IP address for the IPFIX L2 collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid.	IPAddress	Required
collector_port	Port Port number for the IPFIX L2 collector.	int	Minimum: 0 Maximum: 65535 Default: "4739"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXL2Collector	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPFIXL2CollectorProfile (schema)

IPFIX L2 Collector Profile

IPFIX L2 data will be collected on collectors.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_l2_collectors	It accepts Multiple Collector objects. It accepts Multiple Collector objects.	array of IPFIXL2Collector	Required Minimum items: 1 Maximum items: 4
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXL2CollectorProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPFIXL2Profile (schema)

IPFIX L2 Profile

IPFIX data from source logical segment, port, group will be forwarded to IPFIX
collector.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_timeout	Active timeout The time in seconds after a flow is expired even if more packets matching this flow are received by the cache.	int	Minimum: 60 Maximum: 3600 Default: "300"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_collector_profile_path	IPFIX collector Path Policy path for IPFIX collector profile. User can specify only one IPFIX collector.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
max_flows	Max flows The maximum number of flow entries in each exporter flow cache.	integer	Minimum: 0 Maximum: 4294967295 Default: "16384"
observation_domain_id	Observation domain ID An identifier that is unique to the exporting process and used to meter the flows.	integer	Minimum: 0 Maximum: 4294967295 Default: "0"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
packet_sample_probability	Packet sample probability Specifies the probability, in percentage, that a packet will be sampled. The value must be between 0 and 100, with up to three decimal places. This probability is applied uniformly to all packets.	number	Required Minimum: 0 Maximum: 100 Default: "0.1"
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
priority	Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. The priority -1 is reserved for the vRNI GLOBAL IPFIX profile. Non-GLOBAL IPFIX profiles are not allowed to use priority -1.	int	Minimum: -1 Maximum: 32000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPFIXL2Profile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
export_overlay_flow	Export overlay Flow This property controls whether overlay flow info is included in the sample result.	boolean	Deprecated Default: "True"
idle_timeout	Idle timeout The time in seconds after a flow is expired if no more packets matching this flow are received by the cache.	int	Deprecated Minimum: 60 Maximum: 3600 Default: "300"

IPInfo (schema)

An IP information structure that includes a single IP address and its associated prefix length.

Name	Description	Type	Notes
ip_addresses	IP Addresses	array of IPAddress	Required Minimum items: 1 Maximum items: 1
prefix_length	Subnet Prefix Length	integer	Required Minimum: 1 Maximum: 128

IPProtocolServiceEntry (schema)

A ServiceEntry that represents an IP protocol

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocol_number		integer	Required Minimum: 0 Maximum: 255
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPProtocolServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPReputationExclusionList (schema)

IP Reputation IP Address Exclusion List

List of IP addresses present in the exclusion list of default malicious IP Group for given site.

Name	Description	Type	Notes
exclusion_list	Array of IP addresses The list returns the IPs present in the exclusion list of default malicious IP reputation group present on a specific site. This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6.	array of IPElement	Readonly

IPReputationFeedDownloadStatus (schema)

IP Reputation Feed Download Status

IP Reputation feed download status from NTICS.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
download_status	Feed download status IP Reputation last feed download status from NTICS.	string	Required Readonly Enum: IN_PROGRESS, COMPLETE, FAILED
failure_reason	Failure Reason In case of failure to download the feed, the reason for the failure.	string	Readonly
id	Unique identifier of this resource	string	Sortable
last_feed_download	Feed download time Timestamp of the most recent successful feed download in milliseconds since epoch.	EpochMsTimestamp	Readonly Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPReputationFeedDownloadStatus	string
site_path	Site path Site for which the status of last feed download is requested.	string	Required Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPReputationSiteMapping (schema)

IP Reputation Site Mapping

Configuration to allow management of IP reputation on a specific site from the global manager.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_auto_download	IP reputation feed auto-download flag Property which indicates whether auto-download of IP Reputation feed is activated or deactivated for the given site.	boolean	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPReputationSiteMapping	string
site_path	Site path Path of the site that needs management of IP reputation from the GM	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPReputationSiteMappingListRequestParameters (schema)

IP Reputation site mapping listing request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IPReputationSiteMappingListResult (schema)

Paged collection of IP reputation site mapping

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IP Reputation site mapping list results	array of IPReputationSiteMapping	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IPSecDigestAlgorithm (schema)

Digest Algorithms used in IPSec tunnel establishment

The IPSecDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.

Name	Description	Type	Notes
IPSecDigestAlgorithm	Digest Algorithms used in IPSec tunnel establishment The IPSecDigestAlgorithms are used to verify message integrity during IPSec VPN tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.	string	Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

IPSecEncryptionAlgorithm (schema)

Encryption algorithm used in IPSec tunnel

IPSecEncryptionAlgorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.

Name	Description	Type	Notes
IPSecEncryptionAlgorithm	Encryption algorithm used in IPSec tunnel IPSecEncryptionAlgorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encyption. Digest algorithm should be empty for this option.	string	Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION

IPSecVpnDpdProfile (schema)

Dead peer detection (DPD) profile

Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dpd_probe_interval	DPD Probe Interval DPD probe interval defines an interval for DPD probes (in seconds). - When the DPD probe mode is periodic, this interval is the number of seconds between DPD messages. - When the DPD probe mode is on-demand, this interval is the number of seconds during which traffic is not received from the peer before DPD retry messages are sent if there is IPSec traffic to send. For PERIODIC Mode: Minimum: 3 Maximum: 360 Default: 60 For ON_DEMAND Mode: Minimum: 1 Maximum: 10 Default: 10	integer
dpd_probe_mode	DPD Probe Mode DPD probe mode is used to query the liveliness of the peer. Two modes are possible: - PERIODIC: is used to query the liveliness of the peer at regular intervals (dpd_probe_interval). It does not take into consideration traffic coming from the peer. The benefit of this mode over the on-demand mode is earlier detection of dead peers. However, use of periodic DPD incurs extra overhead. When communicating to large numbers of peers, please consider using on-demand DPD instead. - ON_DEMAND: is used to query the liveliness of the peer by instructing the local endpoint to send DPD message to a peer if there is traffic to send to the peer AND the peer was idle for dpd_probe_interval seconds (i.e. there was no traffic from the peer for dpd_probe_interval seconds).	string	Enum: PERIODIC, ON_DEMAND Default: "PERIODIC"
enabled	Enable dead peer detection (DPD) If true, enable dead peer detection.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnDpdProfile	string
retry_count	Retry Count Maximum number of DPD messages' retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand.	integer	Minimum: 1 Maximum: 100 Default: "10"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnIkeProfile (schema)

Internet key exchange (IKE) profile

IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dh_groups	DH group Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.	array of DhGroup
digest_algorithms	Algorithm for message hash Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. A default value of SHA2_256 will be applied only when the supplied encryption algorithms contain either AES_128 or AES_256.	array of IkeDigestAlgorithm
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
encryption_algorithms	Encryption algorithm for IKE Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128.	array of IkeEncryptionAlgorithm
id	Unique identifier of this resource	string	Sortable
ike_version	IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.	string	Enum: IKE_V1, IKE_V2, IKE_FLEX Default: "IKE_V2"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnIkeProfile	string
sa_life_time	Security association (SA) life time Life time for security association. Default is 86400 seconds (1 day).	integer	Minimum: 21600 Maximum: 31536000 Default: "86400"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnLocalEndpoint (schema)

IPSec VPN Local Endpoint

Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope attribute at the corresponding LM. Local endpoint without any scope will be realized on all sites. The scope attribute is applicable only on GM not on LM.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate_path	Certificate path Policy path referencing site certificate.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
local_address	IPv4 or IPv6 Address of local endpoint IPv4 or IPv6 Address of local endpoint. Please note that configuring local_address as IPv6 address is not supported in the deprecated IPSecVpnLocalEndpoint Patch/PUT APIs.	IPAddress	Required
local_id	Local identifier Local identifier.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnLocalEndpoint	string
scope	scope identify the site to which LocalEndpoint configuration associated with. Applicable only in GM Scope attribute refers to the Policy path identifying the LocaleService of specific site where all the local end point configurations will be realized. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope at the corresponding LM. Local endpoint without any scope will be realized on all sites. This attribute will not be applicable on LM.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
trust_ca_paths	Certificate authority (CA) paths List of policy paths referencing certificate authority (CA) to verify peer certificates.	array of string
trust_crl_paths	Certificate revocation list (CRL) paths List of policy paths referencing certificate revocation list (CRL) to peer certificates.	array of string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnRule (schema)

IPSec VPN Rule

For policy-based IPsec VPNs, a security policy specifies as its action the VPN tunnel to be used for transit traffic that meets the policy’s match criteria.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Action to be applied PROTECT - Protect rules are defined per policy based IPSec VPN session. BYPASS - Bypass rules are defined per IPSec VPN service and affects all policy based IPSec VPN sessions. Bypass rules are prioritized over protect rules.	string	Readonly Enum: PROTECT, BYPASS Default: "PROTECT"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destinations	Destination list List of IPv4 or IPv6 peer subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 peer subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	array of IPSecVpnSubnet	Maximum items: 256
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enabled flag A flag to enable/disable the rule.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
logged	Logging flag A flag to enable/disable the logging for the rule.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnRule	string
sequence_number	Sequence number of the IPSecVpnRule A sequence number is used to give a priority to an IPSecVpnRule.	int	Minimum: 0
sources	Source list List of IPv4 or IPv6 local subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 local subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	array of IPSecVpnSubnet	Maximum items: 256
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnService (schema)

IPSec VPN service

Create and manage IPSec VPN service under tier-0/tier-1.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bypass_rules	Bypass Policy rules Bypass policy rules are configured using VPN service. Bypass rules always have higher priority over protect rules and they affect all policy based vpn sessions associated with the IPSec VPN service. Protect rules are defined per policy based vpn session.	array of IPSecVpnRule
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable virtual private network (VPN) service If true, enable VPN services under tier-0/tier-1.	boolean	Default: "True"
ha_sync	Flag to enable IPSec HA State Sync Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ike_log_level	Internet key exchange (IKE) log level Log level for internet key exchange (IKE).	string	Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnService	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnSession (schema)

IPSec VPN session

VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized. This is an abstract type. Concrete child types:
PolicyBasedIPSecVpnSession
RouteBasedIPSecVpnSession

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authentication_mode	Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.	string	Enum: PSK, CERTIFICATE Default: "PSK"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
compliance_suite	Compliance suite Compliance suite.	string	Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE
connection_initiation_mode	Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.	string	Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dpd_profile_path	Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.	string
enabled	Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ike_profile_path	Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile.	string
local_endpoint_path	Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
peer_address	IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	IPAddress
peer_id	Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	string
psk	Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters.	secure_string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnSession	IPSecVpnSessionResourceType	Required
site_overrides	SiteOverride list A collection of site specific attributes specificed only on GM	array of SiteOverride	Maximum items: 128
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_mss_clamping	TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value.	TcpMaximumSegmentSizeClamping
tunnel_profile_path	IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnSessionResourceType (schema)

Resource types of IPsec VPN session

A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.

Name	Description	Type	Notes
IPSecVpnSessionResourceType	Resource types of IPsec VPN session A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.	string	Enum: PolicyBasedIPSecVpnSession, RouteBasedIPSecVpnSession

IPSecVpnSubnet (schema)

Subnet for IPSec Policy based VPN

Used to specify the local/peer subnets in IPSec VPN rule.

Name	Description	Type	Notes
subnet	IPv4/IPv6 Peer or local subnet Subnet used in policy rule.	IPCIDRBlock	Required

IPSecVpnTunnelInterface (schema)

IP tunnel interface configuration

IP tunnel interface configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_subnets	IP Tunnel interface subnet IP Tunnel interface (commonly referred as VTI) subnet. Supports assigning both IPv4 and IPV6 subnets to VTI. If two IPs are provided for VTI, both cannot be of same IP versions. Please note that configuring IPv6 subnets to VTI is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	array of TunnelInterfaceIPSubnet	Required Minimum items: 1 Maximum items: 2
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnTunnelInterface	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSecVpnTunnelProfile (schema)

IPSec VPN tunnel profile

IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
df_policy	Policy for handling defragmentation bit Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet.	string	Enum: COPY, CLEAR Default: "COPY"
dh_groups	Dh group Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14.	array of DhGroup
digest_algorithms	Algorithm for message hash Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128".	array of IPSecDigestAlgorithm
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_perfect_forward_secrecy	Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled.	boolean	Default: "True"
encryption_algorithms	Encryption algorithm to use in IPSec tunnel establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.	array of IPSecEncryptionAlgorithm
extended_attributes	Extended Attributes. Collection of type specific properties. As of now, to hold encapsulation mode and transform protocol.	array of AttributeVal	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IPSecVpnTunnelProfile	string
sa_life_time	Security association (SA) life time SA life time specifies the expiry time of security association. Default is 3600 seconds.	integer	Minimum: 900 Maximum: 31536000 Default: "3600"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IPSubnet (schema)

Name	Description	Type	Notes
ip_addresses	IP Addresses All IP addresses, some of which may be automatically configured. When updating this field, the payload may contain only the IP addresses that should be changed, or may contain the IP addresses to change as well as the automatically assigned addresses. Currently, only one updatable address and one system-maintained address are supported. Currently, the system-maintained address supported is Extended Unique Identifier(EUI)-64 address. EUI-64 address is generated by the system only when user configured ip-subnet has prefix length less than or equal to 64.	array of IPAddress	Required Minimum items: 1 Maximum items: 2
prefix_length	Subnet Prefix Length	integer	Required Minimum: 1 Maximum: 128

IPv4Address (schema)

IPv4 address

Name	Description	Type	Notes
IPv4Address	IPv4 address	string	Format: ipv4

IPv4AddressProperties (schema)

IPv4 address properties

Name	Description	Type	Notes
ip_address	Interface IPv4 address	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
netmask	Interface netmask	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"

IPv4CIDRBlock (schema)

IPv4 CIDR Block

Name	Description	Type	Notes
IPv4CIDRBlock	IPv4 CIDR Block	string	Format: ipv4-cidr-block

IPv4DiscoveryOptions (schema)

IPv4 discovery options

Contains IPv4 related discovery options.

Name	Description	Type	Notes
arp_snooping_config	ARP snooping configuration Indicates ARP snooping options	ArpSnoopingConfig
dhcp_snooping_enabled	Is DHCP snooping enabled or not Indicates whether DHCP snooping is enabled	boolean	Default: "True"
vmtools_enabled	Is VM tools enabled or not Indicates whether fetching IP using vm-tools is enabled. This option is only supported on ESX where vm-tools is installed.	boolean	Default: "True"

IPv6Address (schema)

IPv6 address

Name	Description	Type	Notes
IPv6Address	IPv6 address	string	Format: ipv6

IPv6AddressProperties (schema)

IPv6 address properties

Name	Description	Type	Notes
ip6_address	Interface IPv6 address	string	Pattern: "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"
ip6_gateway	IPv6 Gateway	string	Pattern: "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"
prefixlen	Prefix length	integer

IPv6CIDRBlock (schema)

IPv6 CIDR Block

Name	Description	Type	Notes
IPv6CIDRBlock	IPv6 CIDR Block	string	Format: ipv6-cidr-block

IPv6DADStatus (schema)

IPv6 DAD status

Name	Description	Type	Notes
ip_address	IP address IP address on the port for which DAD status is reported.	IPAddress	Readonly
status	DAD Status DAD status for IP address on the port.	DADStatus	Readonly
transport_node	Transport node Array of transport node id on which DAD status is reported for given IP address.	array of ResourceReference	Readonly

IPv6DiscoveryOptions (schema)

IPv6 discovery options

Contains IPv6 related discovery options.

Name	Description	Type	Notes
dhcp_snooping_v6_enabled	Is DHCP snoping v6 enabled or not Enable this method will snoop the DHCPv6 message transaction which a VM makes with a DHCPv6 server. From the transaction, we learn the IPv6 addresses assigned by the DHCPv6 server to this VM along with its lease time.	boolean	Default: "False"
nd_snooping_config	ND snooping configuration Indicates ND snooping options	NdSnoopingConfig
vmtools_v6_enabled	Enable this method will learn the IPv6 addresses which are configured on interfaces of a VM with the help of the VMTools software.	boolean	Default: "False"

IPv6Status (schema)

IPv6 status

Name	Description	Type	Notes
connected_segment_path	Connected segment path Path of the segment attached to the interface.	string	Readonly
dad_statuses	IPv6 DAD status Array of DAD status which contains DAD information for IP addresses on the interface.	array of IPv6DADStatus	Readonly
interface_id	Policy path or realization ID of interface Policy path or realization ID of interface for which IPv6 DAD status is returned.	string
tier0_gateway	Tier-0 Gateway Tier-0 Gateway this router Link belongs to.	string
tier1_gateway	Tier-1 Gateway Tier-1 Gateway this router Link belongs to.	string

IcmpEchoRequestHeader (schema)

Name	Description	Type	Notes
id	ICMP id	integer	Minimum: 0 Maximum: 65535 Default: "0"
sequence	ICMP sequence number	integer	Minimum: 0 Maximum: 65535 Default: "0"

Icon (schema)

Icon

Icon to be applied at dashboard for widgets and UI elements.

Name	Description	Type	Notes
color	Icon color applied to icon in hex format Icon color applied to icon in hex format.	string
placement	Position at which to display icon, if any If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element.	string	Enum: PRE, POST Default: "PRE"
size	Icon size in unit Icon size in unit applied to icon.A unit can be specified by the 'size_unit' property.	number	Minimum: 1
size_unit	Icon size unit in rem/px/pc Icon size unit applied to icon along with size. if 'size' property value is provided and no value is provided for this property then default value for this proerty is set to 'px'.	string	Enum: px, rem, pc
tooltip	Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the icon.	array of Tooltip
type	Type of icon Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. or else custom svg icon name can be given.	string

IdentityFirewallAdStore (schema)

Active IdentityFirewallStore

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
base_distinguished_name	IdentityFirewallStore base distinguished name Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.	string	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
event_log_servers	Event Log server of IdentityFirewallStore IdentityFirewallStore Event Log server's information including host, name, protocol and so on.	array of IdentityFirewallStoreEventLogServer	Readonly Maximum items: 50
id	Unique identifier of this resource	string	Sortable
ldap_servers	LDAP server of IdentityFirewallStore IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on.	array of IdentityFirewallStoreLdapServer	Required Maximum items: 50
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
name	IdentityFirewallStore name IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.	string	Required
netbios_name	IdentityFirewallStore NETBIOS name NetBIOS names can contain all alphanumeric characters except for the certain disallowed characters. Names can contain a period, but names cannot start with a period. NetBIOS is similar to DNS in that it can serve as a directory service, but more limited as it has no provisions for a name hierarchy and names are limited to 15 characters. The netbios name is case insensitive and is stored in upper case regardless of input case.	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdentityFirewallAdStore	string	Required Enum: IdentityFirewallAdStore
selective_sync_settings	SelectiveSync settings SelectiveSync settings toggle the SelectiveSync feature and selected OrgUnits. If this is not specified, SelectiveSync is disabled by default.	SelectiveSyncSettings
sync_settings	IdentityFirewallStore sync settings Each domain sync settings can be changed using this object. It is not required since there are default values used if there is no specification for this object.	DirectoryDomainSyncSettings
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdentityFirewallStore (schema)

IdentityFirewallStore

This is an abstract type. Concrete child types:
IdentityFirewallAdStore

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildIdentityFirewallStoreEventLogServer ChildIdentityFirewallStoreLdapServer
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
event_log_servers	Event Log server of IdentityFirewallStore IdentityFirewallStore Event Log server's information including host, name, protocol and so on.	array of IdentityFirewallStoreEventLogServer	Readonly Maximum items: 50
id	Unique identifier of this resource	string	Sortable
ldap_servers	LDAP server of IdentityFirewallStore IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on.	array of IdentityFirewallStoreLdapServer	Required Maximum items: 50
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
name	IdentityFirewallStore name IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains.	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdentityFirewallStore	string	Required Enum: IdentityFirewallAdStore
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdentityFirewallStoreEventLogServer (schema)

Event log server of IdentityFirewallStore

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	IdentityFirewallStore name IdentityFirewallStore name which best describes the IdentityFirewallStore. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores.	string
host	Event log server host name Directory Event Log server DNS host name or ip address which is reachable by NSX manager to be connected and do event fetching.	string	Required Format: hostname-or-ip
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
password	Event log server password IdentityFirewallStore event log server connection password.	secure_string
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdentityFirewallStoreEventLogServer	string
status	Event log server connection status Event log server connection status object	DirectoryEventLogServerStatus
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
username	Event log server username Directory event log server connection user name.	string

IdentityFirewallStoreLdapServer (schema)

LDAP server of directory domain

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate_path	LDAP server certificate IdentityFirewallStore LDAP server certificate used in secure LDAPS connection.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	IdentityFirewallStore name IdentityFirewallStore name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores.	string
host	LDAP server host name IdentityFirewallStore LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization.	string	Required Format: hostname-or-ip
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
password	LDAP server password IdentityFirewallStore LDAP server connection password.	secure_string
path	Absolute path of this object Absolute path of this object	string	Readonly
port	LDAP server TCP/UDP port IdentityFirewallStore LDAP server connection TCP/UDP port.	integer	Default: "389"
protocol	LDAP server protocol IdentityFirewallStore LDAP server connection protocol which is either LDAP or LDAPS.	string	Enum: LDAP, LDAPS Default: "LDAP"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdentityFirewallStoreLdapServer	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
use_certificate	Flag for certificate usage This flag helps in deciding whether to use thumbprint or certificate.	boolean
username	LDAP server username IdentityFirewallStore LDAP server connection user name.	string
thumbprint	LDAP server certificate thumbprint using SHA-256 algorithm IdentityFirewallStore LDAP server certificate thumbprint used in secure LDAPS connection.	string	Deprecated

IdentityFirewallStoreLdapServerListResults (schema)

List of FirewallIdentityStore LDAP servers

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of directory domain LDAP servers	array of IdentityFirewallStoreLdapServer	Required Maximum items: 50
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdentityFirewallStoreListResults (schema)

List of IdentityFirewallStore

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of IdentityFirewallStores	array of IdentityFirewallStore (Abstract type: pass one of the following concrete types) IdentityFirewallAdStore	Required Maximum items: 500
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdentityGroupExpression (schema)

IdentityGroup expression node

Represents a list of identity group (Ad group SID) expressions.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
identity_groups	Array of identity group This array consists of set of identity group object. All members within this array are implicitly OR'ed together.	array of IdentityGroupInfo	Required Minimum items: 1 Maximum items: 500
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdentityGroupExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdentityGroupInfo (schema)

Identity (Directory) group

Name	Description	Type	Notes
distinguished_name	LDAP distinguished name Each LDAP object is uniquely identified by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com. A valid fully qualified distinguished name should be provided to include specific groups else the create / update realization of the Group containing an invalid/ partial DN will fail. This value is valid only if it matches to exactly 1 LDAP object on the LDAP server.	string	Required
domain_base_distinguished_name	Identity (Directory) domain base distinguished name This is the base distinguished name for the domain where this particular group resides. (e.g. dc=example,dc=com) Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head.	string	Required
sid	Identity (Directory) Group SID (security identifier) A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components: The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID. This field is only populated for Microsoft Active Directory identity store.	string

IdentitySourceLdapServer (schema)

An LDAP server

Information about a single LDAP server.

Name	Description	Type	Notes
bind_identity	Username or DN for LDAP authentication A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. [email protected]) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com).	string
certificates	TLS certificate(s) for LDAP server(s) If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case.	array of string
enabled	If true, this LDAP server is enabled Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users.	boolean	Default: "True"
password	Username for LDAP authentication A password used when authenticating to the directory.	secure_string
url	The URL for the LDAP server The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme.	string	Required
use_starttls	Enable/disable StartTLS If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS.	boolean	Default: "False"

IdentitySourceLdapServerEndpoint (schema)

An LDAP server endpoint

Information about a single LDAP server endpoint.

Name	Description	Type	Notes
url	The URL for the LDAP server The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme.	string	Required
use_starttls	Enable/disable StartTLS If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS.	boolean	Default: "False"

IdentitySourceLdapServerProbeResult (schema)

Results from one LDAP server probe

The results of probing an individual LDAP server.

Name	Description	Type	Notes
errors	Error details Detail about errors encountered during the probe.	array of LdapProbeError
result	Overall result Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property.	string	Enum: SUCCESS, FAILURE
url	LDAP Server URL THe URL of the probed LDAP host.	string

IdfwDirGroupUserSessionMapping (schema)

Identity Firewall NSGorup to user mapping to link DirGroup to user session data

Identity Firewall NSGorup to user mapping to link DirGroup to user session data.

Name	Description	Type	Notes
dir_group_id	Directory Group ID Directory Group ID.	string	Required Readonly
user_id	User ID User ID.	string	Required Readonly

IdfwSystemStats (schema)

Identity Firewall statistics data

Identity Firewall statistics data.

Name	Description	Type	Notes
num_concurrent_users	Number of concurrent logged on users (across VDI & RDSH) Number of concurrent logged on users (across VDI & RDSH). Multiple logins by the same user is counted as 1.	int	Required
num_user_sessions	Number of active user sessions/logins Number of active user sessions/logins in IDFW enabled compute collections (including both UP and DOWN hosts). N sessions/logins by the same user is counted as n.	int	Required

IdfwUserSessionData (schema)

Identity Firewall user session data on client machine

Identity Firewall user session data on a client machine (typically a VM).
Multiple entries for the same user can be returned if the user logins to
multiple sessions on the same VM.

Name	Description	Type	Notes
domain_name	AD Domain AD Domain of user.	string	Required
id	User session data Identifier Identifier of user session data.	string	Readonly
login_time	Login time Login time.	EpochMsTimestamp	Required
logout_time	Logout time if applicable Logout time if applicable. An active user session has no logout time. Non-active user session is stored (up to last 5 most recent entries) per VM and per user.	EpochMsTimestamp
session_source	Source for the user session User session source can be one of: - GI (Guest Introspection) - ELS (AD Event log server) - LI (Log Insight)	string	Readonly Enum: GI, ELS, LI
user_id	AD user ID (may not exist) AD user ID (may not exist).	string	Readonly
user_name	AD user name AD user name.	string	Required
user_session_id	User session ID User session ID. This also indicates whether this is VDI / RDSH.	integer	Required
vm_ext_id	Virtual machine external ID or BIOS UUID Virtual machine (external ID or BIOS UUID) where login/logout events occurred.	string	Required Readonly

IdfwUserSessionDataAndMappings (schema)

Identity Firewall user session data list and Directory Group to user mappings

Identity Firewall user session data list and Directory Group to user mappings.

Name	Description	Type	Notes
active_user_sessions	Active user session data list	array of IdfwUserSessionData	Required
archived_user_sessions	Archived user session data list	array of IdfwUserSessionData	Required
dir_group_to_user_session_data_mappings	Directory Group to user session data mappings	array of IdfwDirGroupUserSessionMapping	Required

IdfwVmDetail (schema)

Identity Firewall user login/session data for a single VM

Name	Description	Type	Notes
last_login_user_session	Last logged in user and time (if exists) Record of the last logged in user session (if exists).	ResourceReference
user_sessions	List of user session data List of user session data.	array of IdfwUserSessionData	Required
vm_ext_id	Virtual machine external ID or BIOS UUID Virtual machine (external ID or BIOS UUID) where login/logout event occurred.	string	Required
vm_ip_addresses	Client VM IP addresses List of client machine IP addresses.	array of string

IdfwVmStats (schema)

Identity Firewall user login/session data for a single VM

Identity Firewall user login/session data for a single VM.

Name	Description	Type	Notes
active_sessions	List of active (still logged in) user login/sessions data (no limit)	array of IdfwUserSessionData	Required
archived_sessions	Optional list of archived (previously logged in) user login/session data (maximum 5) Optional list of up to 5 most recent archived (previously logged in) user login/session data.	array of IdfwUserSessionData
vm_ext_id	Virtual machine external ID or BIOS UUID Virtual machine (external ID or BIOS UUID) where login/logout event occurred.	string	Required

IdsClusterConfig (schema)

Intrusion Detection System cluster configuration

IDS configuration to activate/deactivate IDS on cluster level.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cluster	PolicyResourceReference Contains policy resource reference object	PolicyResourceReference	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ids_enabled	Ids enabled flag If set to true, IDS is enabled on the respective cluster	boolean	Required
is_stale	Cluster stale flag If set to true, this cluster has been deleted from NSX.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsClusterConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsClusterConfigListRequestParameters (schema)

IDS cluster config request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsClusterConfigListResult (schema)

Paged collection of IDS cluster configuration

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Cluster wise IDS configuration list results	array of IdsClusterConfig	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsCustomSignatureSettings (schema)

IDS Custom Signature settings

Represents the IDS Custom Signature settings.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_custom_signatures	Custom signatures global enablement flag Flag to enable custom signatures globally.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsCustomSignatureSettings	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsFileUpload (schema)

File of IDS signatures that is uploaded

Name	Description	Type	Notes
file	IDS signatures file	multipart_file	Required

IdsGatewayPolicy (schema)

Contains ordered list of IDS Rules

Represents the Intrusion Detection System Gateway Policy, which contains
the list of IDS Rules.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildIdsRule
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsGatewayPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	IDS Rules that are a part of this SecurityPolicy	array of IdsRule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsGatewayPolicyListResult (schema)

Paged collection of IDS Gateway policies

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS Gateway policy list results	array of IdsGatewayPolicy	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsGlobalEventConfig (schema)

Intrusion Detection System global event configuration

Represents IDS event publishing configuration for NSX-I and NDR.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ids_data_topic_name	kafka topic into which to publish IDS events.	string	Default: "ids_data"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
publish_ids_events	A flag to indicate if IDS events need to be sent to kafka When this flag is set to true, IDS events will be sent to kafka, for consumption by components such as NSX-I and NDR.	boolean	Default: "False"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsGlobalEventConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsPcapConfig (schema)

IDPS Pcap configuration

Pcap Configuration for IdsProfile.

Name	Description	Type	Notes
pcap_byte_count	IDPS Byte capture count. Determine how many bytes will be captured.	int	Minimum: 1524 Maximum: 65536 Default: "10000"
pcap_enabled	A flag to activate/deactivate pcap for IDPS Profile. Flag which determines whether packet capturing is enabled or not.	boolean	Default: "False"
pcap_packet_count	IDPS Packet capture count. Determine how many packets will be captured.	int	Minimum: 1 Maximum: 15 Default: "5"

IdsPcapExport (schema)

Export IDPS pcap file

Export the pcap file of all the mentioned pcap_ids.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pcap_ids	Pcap Ids. List of all pcap ids for which the pcap file are requested by the user.	array of string	Required Minimum items: 1 Maximum items: 50
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsPcapExport	string
signature_ids	Signature Ids. List of all signature ids which are part of the events whose pcap files is requested by the user.	array of string	Required Minimum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsPcapFileMetadata (schema)

IDPS pcap file

Represents pcap file as requested by the User.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
available_until	Available untill Time until which the file will be avilable for download.	string	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
exported_on	Extracted Time Time when the file extraction started.	string	Readonly
failure_cause	Failure Cause If creation of zipped pcap file fails then this will tell the failure cause.	string	Readonly
file_name	Pcap File Name. Name of the Pcap File requested by the user.	string
file_size	File size Tells the size of the zipped pcap file.	integer	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
node_id	Node Id Node wher file extraction is triggered.	string	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pcap_ids	Pcap Ids. List of all pcap ids which are requested by the user as part of this File.	array of string	Required Minimum items: 1
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsPcapFileMetadata	string
signature_ids	Signature Ids. List of all signature ids which are part of the events whose pcap files is selected by the user as part of this File.	array of string	Required Minimum items: 1
status	IDS zipped pcap file status READY means zipped pcap file is succesfully created and ready to download. IN_PROGRESS means creation of zipped pcap file is in progress. FAILED means some error occurred during creation of zipped pcap file. INCOMPLETE means zipped pcap file doea not have all the specified pcaps.	string	Readonly Enum: READY, IN_PROGRESS, FAILED, INCOMPLETE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsPcapFileMetadataListRequestParameters (schema)

IDS Pcap File request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of PCAPs needs to be fetched.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsPcapFileMetadataListResult (schema)

Paged collection of IDS Pcap File

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS Pcap File list results	array of IdsPcapFileMetadata	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsPcapFileRequestParameters (schema)

IDS Pcap File request parameters

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the PCAPs needs to be exported, downloaded or deleted.	string

IdsPolicy (schema)

Contains ordered list of IDS Rules

Represents the Intrusion Detection System Policy, which contains
the list of IDS Rules.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	IDS Rules that are a part of this SecurityPolicy	array of IdsRule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsProfile (schema)

Intrusion Detection System Profile

IDS Profile which contains the signatures and will be used in IDS rules.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
criteria	Filtering criteria of IDS Profile Represents the filtering criteria for the IDS Profile. 1. A non-empty criteria list, must be of odd size. In a list, with indices starting from 0, all IdsProfileFilterCriteria must be at even indices, separated by the IdsProfileConjunctionOperator AND at odd indices. 2. There may be at most 7 IdsProfileCriteria objects inside a list.	array of IdsProfileCriteria (Abstract type: pass one of the following concrete types) IdsProfileConjunctionOperator IdsProfileFilterCriteria	Maximum items: 7
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
include_custom_signatures	Include Custom Signatures flag Represents the flag to enable/disable the inclusion of custom signatures in the profile.	boolean
include_system_signatures	Include System Signatures flag Represents the flag to enable/disable the inclusion of system signatures in the profile. By default this flag will be true.	boolean
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
overridden_signatures	Represents the signatures that is overridden for the Profile Represents the signatures that has been overridden for this Profile.	array of IdsProfileLocalSignature
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pcap_config	Represents pcap configuration Tells about the Pcap configuration for a IDS Profile. Only supported on Local Manager.	IdsPcapConfig
profile_severity	IDS Profile severity Represents the severities of signatures which are part of this profile.	array of ProfileSeverity
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
severities	IDS Profile severity Represents the severities of signatures which are part of this profile.	array of IdsProfileSeverity	Deprecated

IdsProfileConjunctionOperator (schema)

Represents the operator AND

Represents the operator AND.

Name	Description	Type	Notes
operator	IDS Profile Filter Condition	string	Required Enum: AND
resource_type	Must be set to the value IdsProfileConjunctionOperator	string	Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria

IdsProfileCriteria (schema)

Base class for IDS Profile criteria

All the filtering criteria objects extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
IdsProfileConjunctionOperator
IdsProfileFilterCriteria

Name	Description	Type	Notes
resource_type		string	Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria

IdsProfileFilterCriteria (schema)

IDS Profile filter criteria

Represents the filtering criteria of a IDS Profile.

Name	Description	Type	Notes
filter_name	Represents the filter name Represents the filter for IDS Profile.	string	Required Enum: CVSS, ATTACK_TARGET, ATTACK_TYPE, PRODUCT_AFFECTED
filter_value	Represents the value of selected filter name Represents the value of selected filter name. Note : The supported values for filter name CVSS are NONE, LOW, MEDIUM, HIGH, CRITICAL. NONE means CVSS score as 0.0 LOW means CVSS score as 0.1-3.9 MEDIUM means CVSS score as 4.0-6.9 HIGH means CVSS score as 7.0-8.9 CRITICAL means CVSS score as 9.0-10.0	array of string	Required
resource_type	Must be set to the value IdsProfileFilterCriteria	string	Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria

IdsProfileListRequestParameters (schema)

IDS profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsProfileListResult (schema)

Paged collection of IDS profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS profile list results	array of IdsProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsProfileLocalSignature (schema)

IDS Profile local signature

IDS Profile local signature.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Global IDS signature's action It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action.	string	Enum: ALERT, DROP, REJECT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	Flag to Activate/Deactivate a IDS Signature globally. Flag through which user can Activate/Deactivate a Signature at Global Level.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
is_custom_signature	Flag to determine custom signature It represents whether the overridden signature is custom or system signature.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsProfileLocalSignature	string
signature_id	Signature ID Represents the Signature's id.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsProfileSeverity (schema)

Intrusion Detection System Profile severity

Intrusion Detection System Profile severity.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ignore_signatures	Represents the signatures that will be ignored Contains the id of signatures that will be ignored as part of the profile. This field is deprecated, please use ignore_signatures field under IdsProfile to ignore the signatures.	array of string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsProfileSeverity	string
severity	Severity of profile Represents the severity of a profile.	string	Required Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS, NONE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsProfileSignatures (schema)

IDS Profile Signatures

An entity that holds the list of IDS signatures attached
to an IDS Profile depending upon the Profile's criteria.
These are the Signatures which needs to be detected.

Name	Description	Type	Notes
profile_path	IDS Profile path Represents the Path of the IDS Profile.	string
signatures	IDS Signatures List of IDS signature ids which need to be detected.	array of string	Minimum items: 1 Maximum items: 30000

IdsRealizationRequestParameters (schema)

IDS pass through APIs request parameters

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point The path of the enforcement point.	string

IdsRule (schema)

A rule specifies the IDS security policy rule between the workload groups

Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Action The action to be applied.	string	Enum: DETECT, DETECT_PREVENT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_groups	Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
destinations_excluded	Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups	boolean	Default: "False"
direction	Direction Define direction of traffic.	string	Enum: IN, OUT, IN_OUT Default: "IN_OUT"
disabled	Flag to deactivate the rule Flag to deactivate the rule. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ids_profiles	IDS profiles collections of IDS or Anti-Malware profiles. At Max 1 each Profile will be supported.	array of string	Minimum items: 1 Maximum items: 2
ip_protocol	IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.	string	Enum: IPV4, IPV6, IPV4_IPV6
is_default	Default rule flag A flag to indicate whether rule is a default rule.	boolean	Readonly
logged	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
notes	Text for additional notes on changes User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.	string	Maximum length: 2048
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
oversubscription	Rule-level selection for oversubscription behavior Following are the choices for oversubscription configuration at the rule-level. INHERIT_GLOBAL: Inherit the behavior from the global settings BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped	Oversubscription	Default: "INHERIT_GLOBAL"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profiles	Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.	array of string	Maximum items: 128
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsRule	string
rule_id	Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.	integer	Readonly
scope	The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.	array of string	Maximum items: 128
sequence_number	Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number	int	Minimum: 0
service_entries	Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Maximum items: 128
services	Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
source_groups	Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
sources_excluded	Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups	boolean	Default: "False"
tag	Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsRuleListRequestParameters (schema)

IDS rule request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsRuleListResult (schema)

Paged collection of IDS rules

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS rule list results	array of IdsRule	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsRuleStatistics (schema)

IDS Rule Statistics

IDS Rule Statistics.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
byte_count	Bytes count Aggregated number of bytes processed by the rule.	integer	Readonly
hit_count	Hits count Aggregated number of hits received by the rule.	integer	Readonly
internal_rule_id	NSX internal rule id Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created.	string	Readonly
l7_accept_count	L7 Accept count Aggregated number of L7 Profile Accepted counters received by the rule.	integer	Readonly
l7_reject_count	L7 Reject count Aggregated number of L7 Profile Rejected counters received by the rule.	integer	Readonly
l7_reject_with_response_count	L7 Reject with response count Aggregated number of L7 Profile Rejected with Response counters received by the rule.	integer	Readonly
lr_path	Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Edge FW.	string	Readonly
max_popularity_index	The maximum popularity index Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.	integer	Readonly
max_session_count	Maximum Sessions count Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.	integer	Readonly
packet_count	Packets count Aggregated number of packets processed by the rule.	integer	Readonly
popularity_index	The index of the popularity of rule This is calculated by sessions count divided by age of the rule.	integer	Readonly
rule	Rule path Path of the rule.	string	Readonly
segment_path	Segment path Path of the Segment on which the section is applied in case of Bridge Firewall.	string	Readonly
session_count	sessions count Aggregated number of sessions processed by the rule.	integer	Readonly
total_session_count	Total Sessions count Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.	integer	Readonly

IdsRuleStatisticsForEnforcementPoint (schema)

IDS Rule statistics for an enforcement point

IDS Rule statistics for a specfic enforcement point.

Name	Description	Type	Notes
enforcement_point	Enforcement point path IDS Rule statistics for a single enforcement point	string	Readonly
statistics	IDS Rule Statistics Statistics for the specified enforcement point	IdsRuleStatistics	Readonly

IdsRuleStatisticsListResult (schema)

Paged Collection of IDS rule statistics

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IdsRuleStatistics list results	array of IdsRuleStatisticsForEnforcementPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsSecurityPolicy (schema)

Contains ordered list of IDS Rules

Represents the Intrusion Detection System Security Policy, which contains
the list of IDS Rules.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildIdsRule
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsSecurityPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	IDS Rules that are a part of this SecurityPolicy	array of IdsRule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsSecurityPolicyListRequestParameters (schema)

IDS security policy request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
include_rule_count	Include the count of rules in policy If true, populate the rule_count field with the count of rules in the particular policy. By default, rule_count will not be populated.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsSecurityPolicyListResult (schema)

Paged collection of IDS security policies

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS security policy list results	array of IdsSecurityPolicy	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsSecurityPolicyStatistics (schema)

IDS Security Policy Statistics

IDS RSecurity Policy Statistics.

Name	Description	Type	Notes
internal_section_id	NSX internal section id Realized id of the section on NSX MP. Policy Manager can create more than one section per SecurityPolicy, in which case this identifier helps to distinguish between the multiple sections created.	string	Readonly
lr_path	Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Gateway Firewall.	string	Readonly
result_count	Rule stats count Total count for rule statistics	integer	Required Readonly
results	Statistics for all rules List of rule statistics.	array of RuleStatistics	Readonly Maximum items: 1000
segment_path	Segment path Path of the Segment on which the section is applied in case of Bridge Firewall.	string	Readonly

IdsSecurityPolicyStatisticsForEnforcementPoint (schema)

IDS Security policy statistics for an enforcement point

Aggregate statistics of all the IDS rules in a security policy for a specific
enforcement point.

Name	Description	Type	Notes
enforcement_point	Enforcement point path Enforcement point to fetch the statistics from.	string	Readonly
statistics	IDS Security Policy Statistics Statistics for the specified enforcement point	IdsSecurityPolicyStatistics	Readonly

IdsSecurityPolicyStatisticsListResult (schema)

Paged Collection of IDS Security Policy statistics

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS Security Policy statistics list results	array of IdsSecurityPolicyStatisticsForEnforcementPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsSettings (schema)

Intrusion Detection System settings

Represents the Intrusion Detection System settings.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_update	Auto update signatures flag Parameter to let the user decide whether to update the IDS Signatures automatically or not.	boolean	Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ids_events_to_syslog	Flag to send IDS events to syslog server. Flag to send IDS events to syslog server.	boolean	Default: "False"
ids_ever_enabled	Flag which tells whether IDS was ever enabled. Flag which tells whether IDS was ever enabled.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
oversubscription	Global toggle for whether the IDS oversubscribed packets need to be bypassed or dropped Following are the choices for oversubscription configuration at the global level. BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped	Oversubscription	Default: "BYPASSED"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsSettings	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsSignature (schema)

Intrusion Detection System Signature

Intrusion Detection System Signature .

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Represents the signature's action Signature action.	string
attack_target	Signature attack target Target of the signature.	string
categories	IDS Signature Internal category Represents the internal categories a signature belongs to.	array of IdsSignatureInternalCategory
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
class_type	Signature class type Class type of Signature.	string
confidence	Confidence Signature's confidence score.	string
cves	Represents the cve score. CVE score	array of string
cvss	CVSS of signature Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. NONE means cvssv3/cvssv2 score as 0.0 LOW means cvssv3/cvssv2 score as 0.1-3.9 MEDIUM means cvssv3/cvssv2 score as 4.0-6.9 HIGH means cvssv3/cvssv2 score as 7.0-8.9 CRITICAL means cvssv3/cvssv2 score as 9.0-10.0	string	Enum: NONE, LOW, MEDIUM, HIGH, CRITICAL
cvss_score	Signature CVSS score Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. If cvssv3 exists, then this is the cvssv3 score, else it is the cvssv2 score.	string
cvssv2	Signature cvssv2 score Signature cvssv2 score.	string
cvssv3	Signature cvssv3 score Signature cvssv3 score.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
direction	Direction Source-destination direction.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable	Activate/Deactivate flag Flag which tells whether the signature is enabled or not.	boolean
flow	Flow established. Flow established from server, from client etc.	string
id	Unique identifier of this resource	string	Sortable
impact	Impact Impact of Signature.	string
malware_family	Malware Family Family of the malware tracked in the signature.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mitre_attack	MitreAttack Mitre Attack details of Signature.	array of MitreAttack
name	Represents the signature name Signature name.	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
performance_impact	Performance impact Performance impact of the signature.	string
policy	Policy Signature policy.	array of string
product_affected	Signature product affected Product affected by this signature.	string
protocol	Protocol Protocol used in the packet analysis.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsSignature	string
risk_score	Risk Score Risk score of signature.	string
severity	Signature severity Represents the severity of the Signature.	string
signature	Signature Decoded Signature.	string
signature_id	Signature ID Represents the Signature's id.	string
signature_revision	Signature revision Represents revision of the Signature.	string
signature_severity	Signature severity Signature vendor set severity of the signature rule.	string
tag	Signature tag Vendor assigned classification tag.	array of string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
threshold	IDS signature threshold values Default threshold values for IDS signature.	IdsSignatureThreshold
type	Type Signature type.	array of string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
urls	List of mitre attack URLs pertaining to signature. List of mitre attack URLs pertaining to signature	array of string

IdsSignatureInternalCategory (schema)

IDS signature internal categories

Represents the internal categories.
APPLICATION : IDS signature having protocol comes under APPLICATION internal category.
MALWARE: IDS signature having malware_family comes under this internal category.
VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.

Name	Description	Type	Notes
IdsSignatureInternalCategory	IDS signature internal categories Represents the internal categories. APPLICATION : IDS signature having protocol comes under APPLICATION internal category. MALWARE: IDS signature having malware_family comes under this internal category. VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.	string	Enum: APPLICATION, MALWARE, VULNERABILITY

IdsSignatureListRequestParameters (schema)

IDS signature request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsSignatureListResult (schema)

Paged collection of IDS signatures

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS signature list results	array of IdsSignature	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsSignatureRateFilter (schema)

IDS signature rate filter

Rate filter for IDS signature can be used to change signature action when thresholds are met.

Name	Description	Type	Notes
count	Rate filter threshold count Number of signature hits before rate filter is activated.	integer	Required Minimum: 1 Maximum: 60
new_action	New action for rate filter Indicates the new action to be applied when rate filter is activated for the signature. DROP - Traffic will be dropped when rate filter is activated.	string	Enum: DROP Default: "DROP"
time_period	Rate filter time period in seconds Time period (in seconds) during which signature must be hit 'count' number of times in order to activate rate filter.	integer	Required Minimum: 1 Maximum: 3600
timeout	Rate filter activation timeout in seconds Time period (in seconds) during which rate filter will remain active once activated.	integer	Required Minimum: 1 Maximum: 3600

IdsSignatureStatus (schema)

Intrusion Detection System signature status

Ids signature status.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
download_status	IDS signature download status READY means signatures were downloaded and parsed successfully. PENDING means that signatures download is in progress. ERROR means error occurred during signature processing. DISABLED means IDS is deactivated.	string	Readonly Enum: READY, PENDING, ERROR, DISABLED
failure_cause	Failure Cause If signature download fails then this will tell the failure cause.	string	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsSignatureStatus	string
signature_status	IDS signature status AVAILABLE means the signatures are available for the version. UNAVAILABLE means there are no available signatures for the version.	string	Readonly Enum: AVAILABLE, UNAVAILABLE
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
version_id	Version Id Represents the version id.	string	Readonly

IdsSignatureStatusRequestParameters (schema)

IDS Download Status request parameters

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point	string

IdsSignatureThreshold (schema)

IDS signature threshold values

Threshold values for IDS signature can be used to control IDS event generation frequency.

Name	Description	Type	Notes
count	Threshold count Number of signature hits for threshold.	integer	Required Minimum: 1 Maximum: 60
threshold_type	Threshold type THRESHOLD - An IDS event is generated if signature is hit at least 'count' times within specified time period. LIMIT - At most 'count' number of IDS events are generated for this signature within specified time period. BOTH - A single IDS event is generated if signature is hit at least 'count' times within specified time period.	string	Required Enum: THRESHOLD, LIMIT, BOTH
time_period	Time period (in seconds) for threshold Time period (in seconds) for signature threshold.	integer	Required Minimum: 1 Maximum: 3600
track_by	Signature threshold tracking type This property is read-only and shows existing track by value from the signature. SOURCE - Track signature matches for threshold by source. DESTINATION - Track signature matches for threshold by destination.	string	Readonly Enum: SOURCE, DESTINATION

IdsSignatureVersion (schema)

Intrusion Detection System signature version

It represents the version information corresponding to which the
signatures will be available.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
auto_update	Auto update Signature bundle flag Flag which tells whether the Signature version is come via auto update mechanism. It can be via auto update periodic task or via update now mechanism.	boolean	Readonly
change_log	Change log Represents the version's change log.	string	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsSignatureVersion	string
sites	Represents the Sites mapped with the Signature Version. Contains the path of sites that has been mapped with the Signature Version.	array of string
state	State of the Version This flag tells which Version is currently active. ACTIVE: It means the signatures under this version is currently been used under IDS Profiles. NOTACTIVE: It means signatures of this version are available but not being used in IDS Profiles.	string	Readonly Enum: ACTIVE, NOTACTIVE
status	Status of the Version This flag tells the status of the signatures under a version. OUTDATED: It means the signatures under this version are outdated and new version is available. LATEST: It means the signatures of this version are up to date.	string	Readonly Enum: OUTDATED, LATEST
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
update_time	IDS Signature Version update time Time when this version was downloaded and saved.	EpochMsTimestamp	Readonly
user_uploaded	User Uploaded Signature bundle flag Flag which tells whether the Signature version is uploaded by user or not.	boolean	Readonly
version_id	Version Id Represents the version id.	string	Readonly

IdsSignatureVersionListRequestParameters (schema)

IDS signature version request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsSignatureVersionListResult (schema)

Paged collection of IDS signature versions

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS signature version list results	array of IdsSignatureVersion	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsSiteSettings (schema)

IDS version site mapping

IDS configuration to map a version to a site.
When this object is included in the IdsSiteVersionMapping, all the properties in this object need to be provided.

Name	Description	Type	Notes
ids_events_to_syslog	Flag to send IDS events to syslog server. If true, send the IDS events to the syslog server on the provided site.	string	Required Enum: TRUE, FALSE, DEFAULT_TO_LM Default: "DEFAULT_TO_LM"
oversubscription	Toggle for whether the IDS oversubscribed packets need to be bypassed or dropped For the provided site, define if the oversubscribed packets need to be bypassed or dropped. Following are the choices for oversubscription configuration at the global level. BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped DEFAULT_TO_LM: This value is only applicable on the global manager in a federated environment. If this value is provided, the local manager's value is honored for oversubscription.	Oversubscription	Required Default: "DEFAULT_TO_LM"

IdsSiteVersionMapping (schema)

IDS version site mapping

IDS configuration to map a version to a site. Configuring an IdsSiteVersionMapping for a site
pushes the IDPS configuration from global manager to the site. This includes Profiles, GlobalIdsSignatures,
Policies and Rule (both gateway and distributed). This does not include Threshold and Rate limiting configuration.
The threshold and Rate limiting configuration needs to be managed from the site even after the mapping is
created for a site.
After mapping, in case of custom signatures, everything is still configurable from the site, except the
GlobalIdsSignatures (signature overrides). The GlobalIdsSignatures are controlled by the global manager
for system signatures.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
effective_signature_version_path	Effective signature version for the site This readonly field provides which version is associated with the provided site. This flag is useful when the auto_update flag is true.	string	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsSiteVersionMapping	string
signature_version_path	Signature version path Associate the provided site to this signature version. To associate the provided site with the auto updated version on the GM, set this field to "AUTO_UPDATE".	string	Required
site_path	Site path Associate the provided signature version to this site.	string	Required
site_settings	Site specific settings This field holds the site specific settings such as syslog and oversubscription. If this field is not provided, LM setting take effect.	IdsSiteSettings
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsSiteVersionMappingActionsQueryParameters (schema)

Query parameters to be provided with the ReplaceIdsVersion API.

Name	Description	Type	Notes
action	Action to be performed	string	Required Enum: REPLACE
new_version	New version	string	Required
old_version	Version to be replaced	string	Required

IdsSiteVersionMappingListRequestParameters (schema)

IDS version site mapping request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IdsSiteVersionMappingListResult (schema)

Paged collection of IDS version site mapping

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	IDS version site mapping list results	array of IdsSiteVersionMapping	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IdsStandaloneHostConfig (schema)

Intrusion Detection System configuration

IDS configuration to activate/deactivate IDS on standalone host level.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ids_enabled	IDS enabled flag If set to true, IDS is enabled on standalone hosts.	boolean	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsStandaloneHostConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsThresholdConfig (schema)

IDS signature threshold configuration

Threshold configuration for IDS signature.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
rate_filter	IDS signature rate filter Rate filter for IDS signature can be used to change signature action when threshold is met.	IdsSignatureRateFilter
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IdsThresholdConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
threshold	IDS signature threshold values Threshold values for IDS signature can be used to control IDS event generation frequency.	IdsSignatureThreshold
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IdsUploadAndReplaceQueryParameters (schema)

Query parameters to be provided with the UploadAndReplaceIdsSignatures API.

Name	Description	Type	Notes
action	Action to be performed	string	Required Enum: upload_and_replace
existing_version	Version path to be replaced	string	Required
file	IDS signatures file	multipart_file	Required

IkeDigestAlgorithm (schema)

Digest Algorithms used in IKE negotiations

The IkeDigestAlgorithms are used to verify message
integrity during Ike negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.

Name	Description	Type	Notes
IkeDigestAlgorithm	Digest Algorithms used in IKE negotiations The IkeDigestAlgorithms are used to verify message integrity during Ike negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.	string	Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

IkeEncryptionAlgorithm (schema)

Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.

Name	Description	Type	Notes
IkeEncryptionAlgorithm	Encryption algorithms used in IKE IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GCM_128 uses 128-bit keys. AES_GCM_192 uses 192-bit keys. AES_GCM_256 uses 256-bit keys.	string	Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

ImportErrorMessage (schema)

Error Message during import of network policy

Error message during import of network policy

Name	Description	Type	Notes
errors	List of errors, if any Contains a list of errors against all network policy rules and fields failed during import.	array of ImportErrorMessageDetail
network_policy_id	K8s network policy identifier. K8s Network Policy ID. If it's not set, the error_message is related to the overall import operation but not to specific K8s Network Policy.	string

ImportErrorMessageDetail (schema)

Detailed Error Message of a K8s NetworkPolicy Rule or Field

Detailed Error message during import of network policy rule or field.

Name	Description	Type	Notes
error_code	Error Code	string
error_message	Error message	string

ImportRequestParameter (schema)

Import task request parameters

This holds the request parameters required to invoke the import task.

Name	Description	Type	Notes
draft_description	Description to be set on the draft Description to be set on the draft, which will hold the imported configuration.	string
draft_display_name	Display name to be set on the draft Display name to be set on the draft, which will hold the imported configuration.	string	Required Minimum length: 1
file	File to be imported The file having stored firewall configuration. Only zip file will be accepted.	multipart_file	Required
passphrase	Passphrase to verify imported files Passphrase to verify imported files. Passphrase needs to be same as provided earlier to export operation which generated these imported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character.	secure_string	Required

ImportTask (schema)

Import task information

This object holds the information of the import task.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
async_response_available	True if response for asynchronous request is available	boolean	Readonly
cancelable	True if this task can be canceled	boolean	Readonly
description	Description of the task	string	Readonly
draft_path	Policy path of a draft Policy path of a draft in which the imported configuration gets stored after completion of import task.	string	Readonly
end_time	The end time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
failure_msg	Reason of the task failure This property holds the reason of the task failure, if any.	string	Readonly
id	Identifier for this task	string	Readonly
message	A message describing the disposition of the task	string	Readonly
progress	Task progress if known, from 0 to 100	integer	Readonly Minimum: 0 Maximum: 100
request_method	HTTP request method	string	Readonly
request_uri	URI of the method invocation that spawned this task	string	Readonly
start_time	The start time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
status	Current status of the task	TaskStatus	Readonly
user	Name of the user who created this task	string	Readonly

IncludedFieldsParameters (schema)

A list of fields to include in query results

Name	Description	Type	Notes
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string

Infra (schema)

Infra

Infra space related policy.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildBfdProfile ChildCaBundle ChildConstraint ChildConstraintGlobalConfig ChildDhcpRelayConfig ChildDhcpServerConfig ChildDnsSecurityProfile ChildDomain ChildEvpnTenantConfig ChildFloodProtectionProfile ChildFullSyncState ChildGatewayQosProfile ChildGlobalManager ChildGlobalManagerConfig ChildIPDiscoveryProfile ChildIPReputationSiteMapping ChildIdentityFirewallStore ChildIpv6DadProfile ChildIpv6NdraProfile ChildMacDiscoveryProfile ChildPolicyContextProfile ChildPolicyDnsForwarderZone ChildPolicyDraft ChildPolicyFirewallIpReputationConfig ChildPolicyFirewallScheduler ChildPolicyFirewallSessionTimerProfile ChildPolicyLabel ChildPolicyTransportZoneProfile ChildQoSProfile ChildSegment ChildSegmentSecurityProfile ChildService ChildSite ChildSpan ChildSpoofGuardProfile ChildTier0 ChildTier1 ChildTlsCertificate ChildTlsCrl ChildTlsCsr ChildTraceflowConfig ChildVMTagReplicationPolicy
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domains	Domains for infra This field is used while creating or updating the infra space.	array of Domain
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Infra	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
connectivity_strategy	Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added.	string	Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE

InfraSecurityConfig (schema)

NSX global configs for security purposes, like trust store and trust manager.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
automatic_appliance_certificate_renewal_enabled	Renew appliance certificates automatically When this flag is set to true, NSX will periodically check if any of the appliance certificates used for NSX internal communications are about to expire. If any are due to expire, new certificates will be created and installed automatically. If not provided, this defaults to true.	boolean
automatic_appliance_certificate_renewal_lead_time	Lead time for automatic renewal of appliance certificates The number of days before certificate expiration that NSX will automatically renew expiring appliance certificates. By default, this is 31 days.	int	Minimum: 31
ca_signed_only	A flag to indicate whether the server certs are only allowed to be ca-signed. When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates. Since this check has now moved to the compliance-report, enabling this check is no longer required if the NDcPP Security alarms have been enabled.	boolean
crl_checking_enabled	A flag to indicate whether the Java trust-managers check certificate revocation When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisable to import certificate without CRL info while CRL checking is deactivated, and then re-enable CRL checking.	boolean
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
eku_checking_enabled	A flag to indicate whether the Extended Key Usage extension in the certificate is checked. When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk. Since this check has now moved to the compliance-report, enabling/disabling this flag no longer has any effect when applying certificates.	boolean
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value InfraSecurityConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

IngressBroadcastRateLimiter (schema)

A shaper that specifies ingress rate properties in kb/s

Name	Description	Type	Notes
average_bandwidth	Average bandwidth in kb/s	int	Minimum: 0 Default: "0"
burst_size	Burst size in bytes	int	Minimum: 0 Default: "0"
enabled		boolean	Required
peak_bandwidth	Peak bandwidth in kb/s	int	Minimum: 0 Default: "0"
resource_type	Must be set to the value IngressBroadcastRateLimiter	string	Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter"

IngressRateLimiter (schema)

A shaper that specifies ingress rate properties in Mb/s

Name	Description	Type	Notes
average_bandwidth	Average bandwidth in Mb/s You can use the average bandwidth to reduce network congestion.	int	Minimum: 0 Default: "0"
burst_size	Burst size in bytes The burst duration is set in the burst size setting.	int	Minimum: 0 Default: "0"
enabled		boolean	Required
peak_bandwidth	Peak bandwidth in Mb/s The peak bandwidth rate is used to support burst traffic.	int	Minimum: 0 Default: "0"
resource_type	Must be set to the value IngressRateLimiter	string	Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter"

InitiateClusterRestoreRequest (schema)

Name	Description	Type	Notes
ip_address	IP address or FQDN of the node from which the backup was taken	string	Readonly Format: hostname-or-ip
ipv6_address	IPv6 address or FQDNv6 of the node from which the backup was taken IPv6 address or FQDNv6 of the node which would be used for the restoration. This should be same as the one on which backup was taken	string	Readonly Format: hostname-or-ip
node_id	Unique id of the backed-up configuration from which the appliance will be restored	string	Required Readonly
timestamp	Timestamp of the backed-up configuration from which the appliance will be restored	EpochMsTimestamp	Required Readonly

Injection (schema)

Injection

Injection holding a key and a corresponding value.

Name	Description	Type	Notes
key	Key Injection key.	string	Required
value	Value Injection value.	InjectionValue (Abstract type: pass one of the following concrete types) UnaryOperationBasedInjectionValue	Required

InjectionValue (schema)

Injection Value

Injection Value.
This is an abstract type. Concrete child types:
UnaryOperationBasedInjectionValue

Name	Description	Type	Notes
resource_type	Resource Type Injection Value resource type.	string	Required Enum: UnaryOperationBasedInjectionValue

InstallUpgradeServiceProperties (schema)

install-upgrade service properties

Name	Description	Type	Notes
enabled	True if service enabled; otherwise, false	boolean	Required
enabled_on	IP of manager on which install-upgrade is enabled	string	Readonly

InstructionInfo (schema)

Details of the instructions displayed during restore process

Name	Description	Type	Notes
actions	Actions list A list of actions that are to be applied to resources	array of string	Required Readonly
fields	Displayable fields A list of fields that are displayable to users in a table	array of string	Required Readonly
id	UUID of the instruction	string	Required Readonly
name	Instruction name	string	Required Readonly

IntegerArrayConstraintValue (schema)

Array of Integer Values to perform operation

List of values

Name	Description	Type	Notes
resource_type	Must be set to the value IntegerArrayConstraintValue	string	Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue
values	Array of Integer Array of integer values	array of int	Required Minimum items: 1 Maximum items: 100

IntentEnforcementPointListRequestParams (schema)

List request parameters containing intent path and enforcement point path

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
intent_path	String path of the intent object	string	Required
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

IntentPathRequestParameter (schema)

Parameter to filter realized entities by intent path

Intent path for which state/realized entities would be fetched.

Name	Description	Type	Notes
intent_path	String Path of the intent object Intent path of object, forward slashes must be escaped using %2F	string	Required
site_path	Policy Path of the site Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites	string

IntentRuntimeRequestParameters (schema)

Request Parameters for Intent Runtime Information

Request parameters that represents a an intent path.

Name	Description	Type	Notes
intent_path	Policy Path of the intent object Policy Path referencing an intent object.	string	Required
site_path	Policy Path of the site from where the realization status needs to be fetched Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites	string

IntentStatusRequestParameters (schema)

Request Parameters for Intent Status Information

Request parameters that represents a binding between an intent path and whether the
enforcement point specific status shall be retrieved from the enforcement point or
not. A request can be parameterized with this pair and will be evaluated as follows:
- <intent_path>: the request is evaluated on all enforcement points for the given
intent with no enforced statuses' details returned.
- <intent_path, include_enforced_status=true>: the request is evaluated on all
enforcement points for the given intent with enforced statuses' details returned.

Name	Description	Type	Notes
include_enforced_status	Include Enforced Status Flag Flag conveying whether to include detailed view of the enforcement point specific status or not.	boolean	Default: "False"
intent_path	Policy Path of the intent object Policy Path referencing an intent object.	string	Required
site_path	Policy Path of the site from where the realization status needs to be fetched Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites	string

InterSitePortCounters (schema)

Inter-site port counters

Provides the statistics of a port since the time it was created. It includes the number
of incoming, outgoing and dropped packet counters and, the number of errors and failures
causing the drops. The statistics will be reset on edge reboot or edge dataplane restart.

Name	Description	Type
blocked_packets	Packets blocked The total number of packets blocked on the port. This could be due to either port is operatively down or blocked. The port can be blocked due to admin-down, backplane port is in standby SR (internal operational state is down) etc. It also includes drops when a tunnel port receives packet with local VTEP which is not the assigned one. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
dad_dropped_packets	DAD packets dropped The total number of packets dropped because source IP is not assigned to the logical port. For IPv6 address, it could be due to DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
destination_unsupported_dropped_packets	Destination unsupported packets dropped The total number of packets dropped because the destination address in the packet - broadcast, multicast, loopback or reserved address - is not supported on the port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
dropped_packets	Packets dropped The total number of packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
firewall_dropped_packets	Firewall packets dropped The total number of packets dropped due to firewall rules or firewall state mismatch (For example, the expected sequence number in TCP window was not received). The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
frag_needed_dropped_packets	Fragmentation needed packets dropped The total number of packets dropped because they could not be fragmented when their size was larger than the port MTU due to DF bit set in them. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_dropped_packets	IPSec packets dropped The total number of IPSec packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
ipsec_no_sa_dropped_packets	IPSec no security association packets dropped The total number of IPSec packets dropped due to missing security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_no_vti_dropped_packets	IPSec no VTI packets dropped The total number of IPSec packets dropped due to missing Virtual tunnel interface (VTI) in the security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_pol_block_dropped_packets	IPSec policy block packets dropped The total number of IPSec packets dropped due to a discard policy configured for the traffic. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_pol_err_dropped_packets	IPSec policy error packets dropped The total number of IPSec packets dropped due to policy lookup failure for the packets in the security policy database. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipv6_dropped_packets	IPv6 packets dropped The total number of IPv6 packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
kni_dropped_packets	Kernel NIC interface packets dropped The total number of packets that the DPDK kernel NIC interface failed to send to the linux kernel. For example BGP packets, Load balancer etc. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
l4port_unsupported_dropped_packets	L4 port unsupported packets dropped The total number of packets dropped for having an unknown/unsupported L4 port (TCP or UDP) and destination IP which is owned by the logical router ports including the loopback port. For example, if we receive a UDP packet whose port does not map to the expected port of BFD, AppHA, IPSec or DHCP, then we drop it. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
malformed_dropped_packets	Malformed packets dropped The total number of malformed packets dropped on the port due to IP checksum error by IP checksum verification or the physical NIC (vmxnet3 for VM or other NIC for BM) marks the IP checksum error. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_arp_dropped_packets	No ARP packets dropped The total number of packets dropped due to incomplete ARP resolution of the next-hop. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_linked_dropped_packets	No linked packets dropped The total number of packets dropped because the port did not have a linked peer port. For example, the logical router port is not connected to a segment port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_mem_dropped_packets	No memory packets dropped The total number of packets dropped due to insufficient memory. One such example is the mBuf pool memory. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_receiver_dropped_packets	No receiver packets dropped The total number of packets dropped due to absence of the receiver. This could happen when the protocol is not supported by the logical router, or the corresponding tunnel does not exist. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_route_dropped_packets	No route packets dropped The total number of packets dropped because no route exists for the IP destination of the packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
non_ip_dropped_packets	Non IP packets dropped The total number of non-IP packets dropped because only IP packets are allowed on the port. For example spanning tree BPDU packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
proto_unsupported_dropped_packets	Protocol unsupported packets dropped The total number of packets dropped because the known protocols such as ARP, ICMP, DHCP cannot be decoded/fully supported. Also, when the ether-type is MPLS but the IP version is not 4 nor 6. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
redirect_dropped_packets	Redirect packets dropped The total number of packets dropped due to redirection of packet to Kernel NIC Interface(KNI) failed. This could be due to either the redirected interface is a non-KNI interface or we could not fetch the mapping KNI interface for the UUID of the redirected interface. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
rpf_check_dropped_packets	Reverse-path forwarding check packets dropped The total number of packets dropped due to RPF check failure. It is applicable to both unicast and multicast. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
service_insert_dropped_packets	Service insert packets dropped Total number of service insertion packets dropped.	integer
total_bytes	Bytes transferred The total number of bytes transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
total_packets	Packets transferred The total number of packets transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
ttl_exceeded_dropped_packets	Time to live exceeded packets dropped The total number of packets dropped due to exceeded TTL. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer

InterVrfRouteAdvertisementTypes (schema)

Inter-vrf route advertisement types

Inter-vrf route advertisement types.

TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute TIER0 connected subnets.
TIER0_NAT: Redistribute NAT IPs owned by TIER0.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0.
TIER1_STATIC: Redistribute user added static routes.
TIER1_CONNECTED: Redistribute Tier1 connected subnets.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.

Name	Description	Type	Notes
InterVrfRouteAdvertisementTypes	Inter-vrf route advertisement types Inter-vrf route advertisement types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute TIER0 connected subnets. TIER0_NAT: Redistribute NAT IPs owned by TIER0. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0. TIER1_STATIC: Redistribute user added static routes. TIER1_CONNECTED: Redistribute Tier1 connected subnets. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.	string	Enum: TIER0_STATIC, TIER0_CONNECTED, TIER0_NAT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_ENDPOINT, TIER1_STATIC, TIER1_CONNECTED, TIER1_LB_SNAT, TIER1_LB_VIP, TIER1_NAT, TIER1_DNS_FORWARDER_IP, TIER1_IPSEC_LOCAL_ENDPOINT

InterfaceArpCsvRecord (schema)

Name	Description	Type	Notes
ip	The IP address	IPAddress	Required
mac_address	The MAC address	string	Required

InterfaceArpEntry (schema)

Name	Description	Type	Notes
ip	The IP address	IPAddress	Required
mac_address	The MAC address	string	Required

InterfaceArpProxy (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
arp_proxy_entries	Array of ARP proxy table entries	array of PolicyArpProxyEntry	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
interface_path	Policy path of gateway interface	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

InterfaceArpProxyCsvEntry (schema)

Name	Description	Type	Notes
arp_proxy_ip	ARP proxy service addresses ARP proxy information for a service with ip.	string	Readonly
interface_path	Policy path of gateway interface	string	Readonly
service_id	Service type id Identifier of connected service on port.	string	Readonly

InterfaceArpTable (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
edge_path	Policy path of edge node Policy path of edge node.	string
enforcement_point_path	Enforcement point path String Path of the enforcement point.	string
interface_path	The ID of the logical router port	string	Required
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results		array of InterfaceArpEntry
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

InterfaceArpTableInCsvFormat (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
results		array of InterfaceArpCsvRecord

InterfaceDADState (schema)

Interface DAD status

Duplicate address detection status on the interface.

Name	Description	Type	Notes
dad_statuses	IPv6 DAD status Array of DAD status which contains DAD information for IP addresses on the interface.	array of InterfaceIPv6DADStatus	Readonly
interface_path	Policy path or realization ID of interface Policy path or realization ID of interface for which IPv6 DAD status is returned.	string	Readonly

InterfaceIPv6DADStatus (schema)

IPv6 DAD status for Interface

Duplicate address detection status for IP address on the interface.

Name	Description	Type	Notes
edge_paths	Edge node paths Array of edge nodes on which DAD status is reported for given IP address.	array of string	Readonly
ip_address	IP address IP address on the port for which DAD status is reported.	IPAddress	Readonly
status	DAD Status DAD status for IP address on the port.	DADStatus	Readonly

InterfaceSubnet (schema)

Subnet specification for interface connectivity

Name	Description	Type	Notes
ip_addresses	IP addresses assigned to interface	array of IPAddress	Required
prefix_len	Subnet prefix length	int	Required Minimum: 1 Maximum: 128

IntersiteGatewayConfig (schema)

Intersite gateway configuration

Intersite gateway configuration.

Name	Description	Type	Notes
fallback_sites	Fallback sites Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery.	array of string
intersite_transit_subnet	Transit subnet in CIDR format IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. This is unused field in VRF, only applicable for stretched gateways and VRF will always use parent T0's intersite_transit_subnet.	string	Default: "169.254.32.0/20" Format: ip-cidr-block
last_admin_active_epoch	Epoch of last time admin changing active LocaleServices Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value.	integer	Maximum: 4294967295
primary_site_path	Primary egress site for gateway. Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services.	string

IntervalBackupSchedule (schema)

Schedule to specify the interval time at which automated backups need to be taken

Name	Description	Type	Notes
resource_type	Must be set to the value IntervalBackupSchedule	string	Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule
seconds_between_backups	Time interval in seconds between two consecutive automated backups	integer	Minimum: 300 Maximum: 86400 Default: "3600"

InvalidCertificateAction (schema)

Action for invalid certificates

If presented invalid certificates take this action.

Name	Description	Type	Notes
InvalidCertificateAction	Action for invalid certificates If presented invalid certificates take this action.	string	Readonly Enum: BLOCK, ALLOW

InvalidConfigSummary (schema)

Invalid Configuration Summary

Invalid Configuration details for a category.

Name	Description	Type	Notes
category	Configuration Category Configuration category representing resources not supported for the federation site configuration onboarding.	string	Required Readonly
resource_count	Resource Count Total resource count for category	integer	Required Readonly
resource_summary_details	Resource Summary List Represents list of resource summaries for a configuration category which are not supported for the federation site configuration onboarding.	array of ResourceSummaryDetail	Required Readonly Maximum items: 10

IpAddressAllocation (schema)

Parameters for IP allocation

Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocated_ip	Represents IP Address that is allocated from a pool in a NSX+ instance.	IPAddress	Readonly
allocation_ip	Address that is allocated from pool	IPAddress
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IpAddressAllocation	string
sync_realization	Synchronize realization Realization of intent will be called synchronously	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IpAddressBlock (schema)

IP address space represented by network address and prefix

A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cidr	A contiguous IP address space represented by network address and prefix length Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR.	string	Required Format: ip-cidr-block
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_address_type	Type of IP address. This indicates the type of IP address.	string	Readonly Enum: IPV4, IPV6
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IpAddressBlock	string
sync_realization	Synchronize realization If this property is set to true, realization of intent will be called synchronously	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
visibility	Visibility of IpAddressBlock Represents visibility or scope of IpAddressBlock and expected consumption of IpAddressBlock with same scope. It is empty by default. Visibility cannot be updated once block is associated with other intents. If visibility is populated then sync_realization will be true.	string	Enum: PRIVATE, EXTERNAL
available_allocation_size	Current available size of an IpAddressBlock This size indicates available allocation size of an IpAddressBlock. Note: This field is deprecated. Please use below GET API instead. https://<policy-mgr>/policy/api/v1/infra/ip-blocks/Finance-block/usage	string	Deprecated

IpAddressInfo (schema)

Ipaddress information of the fabric node.

Name	Description	Type	Notes
ip_addresses	IP Addresses of the the virtual network interface, as discovered in the source.	array of IPAddress	Required Readonly
source	Source of the ipaddress information.	string	Required Readonly Enum: VM_TOOLS

IpAddressPool (schema)

A collection of IP subnets

IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
check_overlap_with_existing_pools	Whether to perform overlap check with existing IpAddressPools while realization. If an existing IpAddressPool is found that overlaps with the given IpAddressPool, then a validation error would be thrown while realization. It is false by default.	boolean	Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_address_type	Type of IP Address. Represents the type of IP addresses present inside the pool.	string	Readonly Enum: IPV4, IPV6, DUAL
ip_release_delay	IP address release delay in milliseconds Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins).	integer
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pool_usage	IpAddressPool usage statistics Shows Pool statistics like total IPs, allocated IPs, requested IP allocations and available IPs of an IpAddressPool.	PolicyPoolUsage	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IpAddressPool	string
sync_realization	Synchronize realization Realization of intent will be called synchronously	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
visibility	Visibility of IpAddressPool Represents visibility or scope of IpAddressPool and expected consumption of IpAddressPool with same scope. Visibility cannot be updated once pool is created. It is empty by default.	string	Enum: PRIVATE, PUBLIC

IpAddressPoolBlockSubnet (schema)

IpAddressPoolSubnet dynamically carved out of a IpAddressBlock

This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP address space is available in the specified IpAddressBlock, the system automatically configures subnet range. IpAddressBlock available size is calculated based on the size of IpAddressPoolBlockSubnet intent object and not on realized. The user should delete failed IpAddressPoolBlockSubnet to utilize IpAddressBlock size correctly.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocation_range	Range used for allocation/release of IPs from subnet. Allocation range is used to limit subnet range to be used for allocations of IPs from subnet. This must be less than or equal to subnet size. Instead of taking whole subnet range for allocations, user can limit the range used for allocation of IPs. This is very useful in IPv6 case where big subnets needs to be carved out from IpAddressBlock but whole subnet range will not be needed for IP allocations. Eg: subnet range is (2002:2345::0001-2002:2345::7fff:ffff): subnet_start_ip: 2002:2345::0001-2002:2345 subnet_end_ip: 2002:2345::7fff:ffff User would like to use only 128 IPs for allocations. allocation_range: 128 allocation range used (2002:2345::0001-2002:2345::7fff:007f): allocation_range_start_ip: 2002:2345::0001-2002:2345 allocation_range_end_ip: 2002:2345::7fff:007f	integer	Minimum: 1 Maximum: 1048576
auto_assign_gateway	Indicate whether default gateway is to be reserved from the range If this property is set to true, the first IP in the range will be reserved for gateway.	boolean	Default: "True"
broadcast_address	Broadcast Address Represents Broadcast address of the subnet in a NSX+ instance.	string	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cidr	A contiguous IP address space represented by network address and prefix length Represents network address and the prefix length in a NSX+ instance which will be associated with a layer-2 broadcast domain.	string	Readonly Format: ip-cidr-block
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
gateway_address	Gateway Address Represents Gateway address of the subnet in a NSX+ instance.	string	Readonly
id	Unique identifier of this resource	string	Sortable
ip_block_path	The path of the IpAddressBlock from which the subnet is to be created.	string	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
network_address	Network Address Represents Network address of the subnet in a NSX+ instance.	string	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IpAddressPoolBlockSubnet	IpAddressPoolSubnetType	Required
start_ip	Represents start ip address of the subnet For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address.	IPAddress
subnet_size	Represents the size or number of IP addresses in the subnet The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later.	string
sync_realization	Synchronize realization Realization of intent will be called synchronously	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
size	Represents the size or number of IP addresses in the subnet The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. Please use subnet_size instead as integer type cannot hold big values needs for IPv6.	integer	Deprecated

IpAddressPoolStaticSubnet (schema)

IpAddressPoolSubnet statically configured by a user

This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocation_ranges	A collection of IPv4 or IPv6 IP Pool Ranges.	array of IpPoolRange	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cidr	Subnet representation is a network address and prefix length	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dns_nameservers	The collection of upto 3 DNS servers for the subnet.	array of IPAddress	Maximum items: 3
dns_suffix	The DNS suffix for the DNS server.	string	Format: hostname
gateway_ip	The default gateway address on a layer-3 router.	IPAddress
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IpAddressPoolStaticSubnet	IpAddressPoolSubnetType	Required
sync_realization	Synchronize realization Realization of intent will be called synchronously	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IpAddressPoolSubnet (schema)

Abstract class for IpSubnet in a IpAddressPool

IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required. This is an abstract type. Concrete child types:
IpAddressPoolBlockSubnet
IpAddressPoolStaticSubnet

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value IpAddressPoolSubnet	IpAddressPoolSubnetType	Required
sync_realization	Synchronize realization Realization of intent will be called synchronously	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

IpAddressPoolSubnetType (schema)

Type of IpAddressPoolSubnet

IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet

Name	Description	Type	Notes
IpAddressPoolSubnetType	Type of IpAddressPoolSubnet IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet	string	Enum: IpAddressPoolBlockSubnet, IpAddressPoolStaticSubnet

IpBlockQuota (schema)

IP Block Quota definition

Represents the limits that can be defined for an IP block.

Name	Description	Type	Notes
ip_block_address_type	Quota Address Type A quota will be applied to blocks of the same address type. One IPv4 block and another IPv6 block cannot be specified within the same quota.	string	Required Enum: IPV4, IPV6
ip_block_paths	IP Blocks in Quota	array of string
ip_block_visibility	Quota Visibility A quota will be applied on blocks with same visibility. Private and External blocks cannot be specified within the same block	string	Required Enum: PRIVATE, EXTERNAL
other_cidrs	Quota on CIDRs The mask specifies the largest size subnet that can be carved. Any subnet size <= the mask that is not /32 can be carved out of the IP block.	OtherCidrsMsg
resource_type	Must be set to the value IpBlockQuota	string	Required Enum: IpBlockQuota
single_ip_cidrs	Single IP count The number of /32 subnets that can be carved from IP blocks defined in the quota. A value of -1 for this field denotes no restriction on the number of subnets.	int

IpInfo (schema) (Deprecated)

Only support IP address or subnet. Its type can be of
IPv4 or IPv6. It will be converted to subnet when netmask
is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24,
2008:12:12:12::2/64 => 2008:12:12:12::/64).
This type is deprecated. Please use the type NetworkInfo instead.

Name	Description	Type	Notes
dst_ip	The destination IP address or subnet The destination IP can be an IP address or a subnet.	IPElement
src_ip	The source IP address or subnet The source IP can be an IP address or a subnet.	IPElement

IpPoolRange (schema)

A set of IPv4 or IPv6 addresses defined by a start and end address.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
end	The end IP Address of the IP Range.	IPAddress	Required
start	The start IP Address of the IP Range.	IPAddress	Required

Ipv4Header (schema)

Name	Description	Type	Notes
dst_ip	The destination ip address.	IPv4Address
flags	IP flags	integer	Minimum: 0 Maximum: 8 Default: "0"
protocol	IP protocol - defaults to ICMP	integer	Minimum: 0 Maximum: 255 Default: "1"
src_ip	The source ip address.	IPv4Address
src_subnet_prefix_len	source subnet prefix length. This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases.	integer	Minimum: 1 Maximum: 32
ttl	Time to live (ttl)	integer	Minimum: 0 Maximum: 255 Default: "64"

Ipv6DadProfile (schema)

Duplicate address detection profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
dad_mode	DAD Mode	DADMode	Default: "LOOSE"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
ns_retries	NS retries count Number of Neighbor solicitation packets generated before completing the Duplicate address detection process.	integer	Minimum: 0 Maximum: 10 Default: "3"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Ipv6DadProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
wait_time	Wait time The time duration in seconds, to wait for Neighbor advertisement after sending the Neighbor solicitation message.	integer	Minimum: 0 Maximum: 60 Default: "1"

Ipv6DadProfileListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paginated list of Ipv6DadProfile	array of Ipv6DadProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Ipv6Header (schema)

Name	Description	Type	Notes
dst_ip	The destination ip address.	IPv6Address
hop_limit	hop limit Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero.	integer	Minimum: 0 Maximum: 255 Default: "64"
next_header	Identifies the type of header immediately following the IPv6 header.	integer	Minimum: 0 Maximum: 255 Default: "58"
src_ip	The source ip address.	IPv6Address

Ipv6NdraProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dns_config	DNS Configurations	RaDNSConfig
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
ndra_advertised_route	Route advertised in NDRAProfile.	array of NDRAAdvertisedRoute
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
ra_config	RA Configuration	RAConfig	Required
ra_mode	RA Mode	RAMode	Required Default: "SLAAC_DNS_THROUGH_RA"
reachable_timer	Reachable timer Neighbour reachable time duration in milliseconds. A value of 0 means unspecified.	integer	Minimum: 0 Maximum: 3600000 Default: "0"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Ipv6NdraProfile	string
retransmit_interval	Retransmission interval The time, in milliseconds, between retransmitted neighbour solicitation messages.	integer	Minimum: 0 Maximum: 4294967295 Default: "1000"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Ipv6NdraProfileListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paginated list of Ipv6NdraProfile	array of Ipv6NdraProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

IssuerSerialNumber (schema)

Name	Description	Type	Notes
issuer	Issuer Distinguished Name (DN) Issuer Distinguished Name of the revoked certificates.	string
serial_numbers	Certificate Serial Numbers List of Certificate Serial Numbers issued by the specified issuers.	array of string

KeySize (schema)

Crypto key size

Name	Description	Type	Notes
KeySize	Crypto key size	integer

KeyStoreInfo (schema)

KeyStoreInfo

Key Store information about the url alias or datasource.

Name	Description	Type
keystore	A location of the keystore file A location of the keystor file which stores private key and identity certificates that will be presented to both parties (server or client) for verification.	string
keystore_alias	An alias is used to uniquely identifies the entry in keystore Its an alias specified when an entity is added to the keystore.	string
keystore_phrase	A location of the key store pass phrase file. A location of the key store pass phrase file.	string
truststore	A location of the trust store file. A location of the trust store file which stores the certificate from CA that verify the certificate presented by the server in SSL connection.	string

KeyValue (schema)

Name	Description	Type	Notes
key	Key name.	string	Required
value	Key value.	string	Required

KeyValuePair (schema)

An arbitrary key-value pair

Name	Description	Type	Notes
key	Key	string	Required Maximum length: 255
value	Value	string	Required Maximum length: 1024

KnownHostParameter (schema)

Name	Description	Type	Notes
host	Known host hostname or IPv4/v6 address	HostnameOrIPv46Address	Required
port	Known host port	integer	Minimum: 1 Maximum: 65535 Default: "22"

L2AutoRD (schema)

Layer 2 Auto assigned Route Distinguisher

Name	Description	Type	Notes
l2_auto_rd	Layer 2 auto assigned route distinghusher	string
l2_vni	Layer 2 Virtual Network Interface	string

L2BridgeEndpointProfile (schema)

Layer 2 Bridge Endpoint Profile

Used to configure L2 Bridge endpoint profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_paths	List of path of Edge nodes List of policy paths to edge nodes. Edge allocation for L2 bridging.	array of string	Minimum items: 1 Maximum items: 2
failover_mode	Failover mode for the edge bridge cluster	string	Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "PREEMPTIVE"
ha_mode	High availability mode for the edge bridge cluster High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization.	string	Enum: ACTIVE_STANDBY Default: "ACTIVE_STANDBY"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L2BridgeEndpointProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L2BridgeEndpointProfileListRequestParameters (schema)

Layer 2 bridge endpoint list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

L2BridgeEndpointProfileListResult (schema)

Paged Collection of L2BridgeEndpointProfile

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	L2BridgeEndpointProfile list results	array of L2BridgeEndpointProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

L2Extension (schema)

Segment specific L2 VPN configuration

Name	Description	Type	Notes
l2vpn_paths	Policy paths of associated L2 VPN sessions Policy paths corresponding to the associated L2 VPN sessions	array of string
local_egress	Local Egress Local Egress.	LocalEgress
tunnel_id	Tunnel ID	int	Minimum: 1 Maximum: 4093
l2vpn_path	Policy path of associated L2 VPN session This property has been deprecated. Please use the property l2vpn_paths for setting the paths of associated L2 VPN session. This property will continue to work as expected to provide backwards compatibility. However, when both l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is used.	string	Deprecated

L2ForwarderRemoteMacsPerSite (schema) (Experimental)

Name	Description	Type	Notes
remote_active_ips	Remote active IPs Remote active IP addresses.	array of IPAddress	Readonly
remote_mac_addresses	Remote mac addresses Remote mac addresses.	array of string	Readonly
remote_site	Remote site Remote site details.	ResourceReference	Required Readonly
remote_standby_ips	Remote standby IPs Remote standby IP addresses.	array of IPAddress	Readonly
rtep_group_id	RTEP group id of logical switch per site 32 bit unique RTEP group id of the logical switch per site.	integer	Required Readonly

L2ForwarderStatusPerNode (schema) (Experimental)

Name	Description	Type	Notes
high_availability_status	Service router's HA status High Availability status of a service router on the edge node.	string	Required Readonly Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN
transport_node	Transport node Edge node details from where the router status is being retrieved.	ResourceReference	Required Readonly

L2L3RuntimeRequestParameters (schema)

L2 L3 connectivity runtime status request parameters

Name	Description	Type	Notes
bgp_neighbor_type	Bgp neighbor type Bgp neighbor type that can be used as filter for T0 bgp neighbor status filter.	string	Enum: INTER_SR, USER
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType
stats_type	Segment statistics type This indicates the type of statistics being requested. We support statistics from the data plane.	string	Enum: DATAPATH_STATS
transport_node_id	Transport Node Id Identifer of the transport node. This is a UUID.	string

L2TcpMaxSegmentSizeClamping (schema)

TCP MSS Clamping

TCP MSS Clamping Direction and Value.

Name	Description	Type	Notes
direction	Maximum Segment Size Clamping Direction Specifies the traffic direction for which to apply MSS Clamping.	string	Enum: NONE, BOTH Default: "BOTH"
max_segment_size	Maximum Segment Size Value MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8852.	integer	Minimum: 108 Maximum: 8860

L2VPNService (schema)

L2VPN Service

L2VPN Service defines if service running as server or client. It also
defines all the common properties for the multiple L2VPN Sessions
associated with this service.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_hub	Enable spoke to spoke (client) forwarding via hub (server) This property applies only in SERVER mode. If set to true, traffic from any client will be replicated to all other clients. If set to false, traffic received from clients is only replicated to the local VPN endpoint.	boolean	Default: "False"
encap_ip_pool	IP Pool for Logical Taps IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical tap.	array of IPv4CIDRBlock
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mode	L2VPN Service Mode Specify an L2VPN service mode as SERVER or CLIENT.	string	Enum: SERVER, CLIENT Default: "SERVER"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L2VPNService	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L2VPNSession (schema)

L2VPN Session

Defines the tunnel local and peer addresses along with multiple
tansport tunnels for redundancy. L2VPNSession belongs to only one
L2VPNService.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable L2VPN session Enable to extend all the associated segments.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L2VPNSession	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_mss_clamping	TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. This feature is supported for L2VPN Sessions that are Server mode only.	L2TcpMaxSegmentSizeClamping
transport_tunnels	List of transport tunnels List of transport tunnels for redundancy.	array of string	Required Minimum items: 1 Maximum items: 1
tunnel_encapsulation	Tunnel encapsulation config Tunnel encapsulation config. This property only applies in CLIENT mode. It is auto-populated from the L2VPNSessionData.	L2VPNTunnelEncapsulation	Readonly
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L2VPNTunnelEncapsulation (schema)

L2VPN Tunnel Encapsulation

L2VPN tunnel encapsulation config.

Name	Description	Type	Notes
local_endpoint_address	IP Address of the tunnel port IP Address of the local tunnel port. This property only applies in CLIENT mode.	IPv4Address	Readonly
peer_endpoint_address	IP Address of the peer tunnel port IP Address of the peer tunnel port. This property only applies in CLIENT mode.	IPv4Address	Readonly
protocol	Encapsulation protocol Encapsulation protocol used by the tunnel.	string	Readonly Enum: GRE Default: "GRE"

L2Vpn (schema) (Deprecated)

L2 Virtual Private Network Configuration

Contains information necessary to configure L2Vpn.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable L2Vpn Enable to extend all the associated segments.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L2Vpn	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_tunnels	List of paths referencing transport tunnels List of paths referencing transport tunnels.	array of string	Required Minimum items: 1 Maximum items: 1
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L2VpnContext (schema) (Deprecated)

L2Vpn Context

L2Vpn Context provides meta-data information about the parent Tier-0.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_hub	Enable to act as hub If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L2VpnContext	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L3Vpn (schema) (Deprecated)

L3 Virtual Private Network Configuration

Contains information necessary to configure IPSec VPN.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dh_groups	DH group Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14.	array of PolicyDHGroup	Maximum items: 1
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_perfect_forward_secrecy	Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled.	boolean	Default: "True"
enabled	Enable L3Vpn Flag to enable L3Vpn. Default is enabled.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ike_digest_algorithms	Digest Algorithm for IKE Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256.	array of PolicyIKEDigestAlgorithm	Maximum items: 1
ike_encryption_algorithms	Encryption algorithm for IKE Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128.	array of PolicyIKEEncryptionAlgorithm	Maximum items: 1
ike_version	IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.	PolicyIKEVersion	Default: "IKE_V2"
l3vpn_session	L3Vpn Session	L3VpnSession (Abstract type: pass one of the following concrete types) PolicyBasedL3VpnSession RouteBasedL3VpnSession	Required
local_address	IPv4 address of local gateway	IPv4Address	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
passphrases	List of IPSec pre-shared keys List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any.	array of secure_string	Maximum items: 1
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remote_private_address	Identifier of the remote site This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address.	string
remote_public_address	Public IPv4 address of remote gateway	IPv4Address	Required
resource_type	Must be set to the value L3Vpn	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tunnel_digest_algorithms	Digest Algorithm for Tunnel Establishment Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty.	array of PolicyTunnelDigestAlgorithm	Maximum items: 1
tunnel_encryption_algorithms	Encryption algorithm for Tunnel Establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128.	array of PolicyTunnelEncryptionAlgorithm	Maximum items: 1
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L3VpnContext (schema) (Deprecated)

L3Vpn Context

L3Vpn Context provides the configuration context that different L3Vpns can consume.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
available_local_addresses	IPv4 addresses of the local gateway Local gateway IPv4 addresses available for configuration of each L3Vpn.	array of PolicyIPAddressInfo
bypass_rules	List of Bypass L3VpnRules Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules.	array of L3VpnRule
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable L3 Virtual Private Network (VPN) service If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ike_log_level	Internet key exchange (IKE) log level Log level for internet key exchange (IKE).	string	Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO"
label	Policy path referencing Label Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L3VpnContext	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L3VpnRule (schema) (Deprecated)

L3Vpn Rule

For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used
for transit traffic that meets the rule's match criteria.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Action to apply to the traffic transiting through the L3Vpn Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules.	string	Enum: PROTECT, BYPASS Default: "PROTECT"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destinations	List of remote subnets List of remote subnets used in policy-based L3Vpn.	array of L3VpnSubnet	Required Minimum items: 1 Maximum items: 128
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L3VpnRule	string
sequence_number	Sequence number of the L3VpnRule This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext.	int
sources	List of local subnets List of local subnets used in policy-based L3Vpn.	array of L3VpnSubnet	Required Minimum items: 1 Maximum items: 128
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L3VpnSession (schema) (Deprecated)

L3Vpn Session

Contains information about L3Vpn session.
This is an abstract type. Concrete child types:
PolicyBasedL3VpnSession
RouteBasedL3VpnSession

Name	Description	Type	Notes
resource_type		L3VpnSessionResourceType	Required

L3VpnSessionResourceType (schema) (Deprecated)

Resource type of L3Vpn Session

- A Policy Based L3Vpn is a configuration in which protect rules to match local
and remote subnet needs to be defined. Tunnel is established for each pair of
local and remote subnet defined in protect rules.
- A Route Based L3Vpn is more flexible, more powerful and recommended over policy
based. IP Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through BGP.
A route based L3Vpn is required when using redundant L3Vpn.

Name	Description	Type	Notes
L3VpnSessionResourceType	Resource type of L3Vpn Session - A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn.	string	Deprecated Enum: PolicyBasedL3VpnSession, RouteBasedL3VpnSession

L3VpnSubnet (schema) (Deprecated)

Subnet used in L3Vpn Rule

Used to specify subnets in L3Vpn rule.

Name	Description	Type	Notes
subnet	Subnet Subnet used in L3Vpn Rule.	IPv4CIDRBlock	Required

L4PortSetServiceEntry (schema)

An ServiceEntry that represents TCP or UDP protocol

L4PortSet can be specified in comma separated notation of parts. Parts of a
L4PortSet includes single integer or range of port in hyphen notation.
Example of a PortSet: "22, 33-70, 44".

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
l4_protocol		string	Required Enum: TCP, UDP
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L4PortSetServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
source_ports	Number of values should not exceed 15, ranges count as 2 values.	array of PortElement	Maximum items: 15
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L7AccessAttributes (schema)

Policy Attributes data holder

Supported Attribute Keys are APP_ID, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL

Name	Description	Type	Notes
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: SYSTEM, CUSTOM Default: "SYSTEM"
custom_url_partial_match	true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url	boolean
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
isALGType	Is the value ALG type Describes whether the APP_ID value is ALG type or not.	boolean
key	Key for attribute Policy Attribute Key - Denotes the type of attribute we are adding to the context profile or the L7 access profile. The keys has to be one of the enums defined for this field.	string	Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

L7AccessEntry (schema)

Policy L7 Access entry

An entity that encapsulates attributes like APP_ID, CUSTOM_URL, URL_CATEGORY, URL_REPUTATION.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action		L7AccessEntryAction	Required
attributes	Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. APP_ID, CUSTOM_URL, URL_CATEGORY, are system created attributes, and user can use below API to get list of valid attributes and values and consume them in L7AccessEntry: GET /policy/api/v1/infra/l7-access-profiles/attributes?attribute_source=ALL CUSTOM_URL attribute value must be created explicitly by the user using below API: POST /policy/api/v1/infra/context-profiles/custom-attributes/default?action=add	array of L7AccessAttributes	Required Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
disabled	Flag to deactivate the entry Flag to deactivate the entry. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
logged	Enable logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessEntry	string
sequence_number	Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic.	int
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

L7AccessEntryAction (schema)

L7 acces profile entry action

The action to be applied to all the services.

Name	Description	Type	Notes
L7AccessEntryAction	L7 acces profile entry action The action to be applied to all the services.	string	Required Enum: ALLOW, REJECT, REJECT_WITH_RESPONSE

L7AccessProfile (schema)

Policy L7 Acces profile

An entity that encapsulates multiple L7 access profile entries.
The entity wil be consumed in firewall rules and can be added in new tuple called profile in
firewall rules. One of either Context Profile or L7 Access Profile can be used in firewall rule.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
default_action		L7AccessEntryAction	Required
default_action_logged	Enable default logging flag Flag to activate packet logging. Default is deactivated.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entry_count	Entry count The count of entries in the L7 profile.	int	Readonly
id	Unique identifier of this resource	string	Sortable
l7_access_entries	Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile.	array of L7AccessEntry	Maximum items: 1000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value L7AccessProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBAccessListControl (schema)

IP access list control to filter the connections from clients

LBAccessListControl is used to define how IP access list control can filter
the connections from clients.

Name	Description	Type	Notes
action	IP access list control action ALLOW means connections matching grouping object IP list are allowed and requests not matching grouping object IP list are dropped. DROP means connections matching grouping object IP list are dropped and requests not matching grouping object IP list are allowed.	string	Required Enum: ALLOW, DROP
enabled	Whether to enable access list control option The enabled flag indicates whether to enable access list control option. It is false by default.	boolean	Default: "False"
group_path	Grouping object path The path of grouping object which defines the IP addresses or ranges to match the client IP.	string	Required

LBActiveMonitor (schema)

Base class for each type of active LBMonitorProfile

All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fall_count	Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
id	Unique identifier of this resource	string	Sortable
interval	Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
monitor_port	Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.	int	Minimum: 0 Maximum: 65535
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBActiveMonitor	LBMonitorProfileType	Required
rise_count	Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBAppProfile (schema)

App profile

App profile. This is an abstract type. Concrete child types:
LBFastTcpProfile
LBFastUdpProfile
LBHttpProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBAppProfile	LBApplicationProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBApplicationProfileType (schema)

Application profile type

An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LBFastTCPProfile,
LBFastUDPProfile and LBHttpProfile.
LBFastTCPProfile or LBFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LBHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LBHttpProfile is intended to
simplify enabling certain common use cases.

Name	Description	Type	Notes
LBApplicationProfileType	Application profile type An application profile can be bound to a virtual server to specify the application protocol characteristics. It is used to influence how load balancing is performed. Currently, three types of application profiles are supported: LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile. LBFastTCPProfile or LBFastUDPProfile is typically used when the application is using a custom protocol or a standard protocol not supported by the load balancer. It is also used in cases where the user only wants L4 load balancing mainly because L4 load balancing has much higher performance and scalability, and/or supports connection mirroring. LBHttpProfile is used for both HTTP and HTTPS applications. Though application rules, if bound to the virtual server, can be used to accomplish the same goal, LBHttpProfile is intended to simplify enabling certain common use cases.	string	Enum: LBHttpProfile, LBFastTcpProfile, LBFastUdpProfile

LBClientCertificateIssuerDnCondition (schema)

Match condition for client certificate issuer DN

Match condition for client certificate issuer DN.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for issuer DN comparing If true, case is significant when comparing issuer DN value.	boolean	Default: "True"
issuer_dn	Value of issuer DN Value of issuer DN. The format should follow RFC 2253.	string	Required
match_type	Match type of issuer DN Match type of issuer DN.	LbRuleMatchType	Default: "REGEX"

LBClientCertificateSubjectDnCondition (schema)

Match condition for client certificate subject DN

Match condition for client certificate subject DN.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for subject DN comparing If true, case is significant when comparing subject DN value.	boolean	Default: "True"
match_type	Match type of subject DN Match type of subject DN.	LbRuleMatchType	Default: "REGEX"
subject_dn	Value of subject DN Value of subject DN. The format should follow RFC 2253.	string	Required

LBClientSslProfile (schema)

Client SSL profile

Client SSL profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cipher_group_label	Label of cipher group It is a label of cipher group which is mostly consumed by GUI.	SslCipherGroup
ciphers	Supported SSL cipher list to client side Supported SSL cipher list to client side.	array of SslCipher
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_fips	FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant..	boolean	Readonly
is_secure	Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
prefer_server_ciphers	Prefer server ciphers flag During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference.	boolean	Default: "True"
protocols	Supported SSL protocol list to client side SSL version TLS1.2 is supported and enabled.	array of SslProtocol
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBClientSslProfile	string
session_cache_enabled	Session cache Activate or deactivate flag SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake.	boolean	Default: "True"
session_cache_timeout	SSL session cache timeout value Session cache timeout specifies how long the SSL session parameters are held on to and can be reused.	integer	Minimum: 1 Maximum: 86400 Default: "300"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBClientSslProfileBinding (schema)

Client SSL profile binding

Client SSL profile binding.

Name	Description	Type	Notes
certificate_chain_depth	The maximum traversal depth of client certificate chain Authentication depth is used to set the verification depth in the client certificates chain.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
client_auth	Client authentication mode Client authentication mode.	ClientAuthType	Default: "IGNORE"
client_auth_ca_paths	CA path list to verify client certificate If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified.	array of string
client_auth_crl_paths	CRL path list to verify client certificate A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates.	array of string
default_certificate_path	Default service certificate identifier A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension.	string	Required
sni_certificate_paths	SNI certificate path list Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server.	array of string
ssl_profile_path	Client SSL profile path Client SSL profile defines reusable, application-independent client side SSL properties.	string

LBConnectionDropAction (schema)

Action to drop connections

This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.

Name	Description	Type	Notes
type	Must be set to the value LBConnectionDropAction	LBRuleActionType	Required

LBCookiePersistenceProfile (schema)

LBPersistenceProfile using Cookies for L7 LBVirtualServer

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cookie_domain	Cookie domain HTTP cookie domain could be configured, only available for insert mode.	string
cookie_fallback	Cookie persistence fallback If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server.	boolean	Default: "True"
cookie_garble	Cookie persistence garble If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text.	boolean	Default: "True"
cookie_httponly	Cookie httponly flag If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode.	boolean	Default: "False"
cookie_mode	Cookie persistence mode Cookie persistence mode.	CookiePersistenceModeType	Default: "INSERT"
cookie_name	Cookie name Cookie name.	string	Default: "NSXLB"
cookie_path	Cookie path HTTP cookie path could be set, only available for insert mode.	string
cookie_secure	Cookie secure flag If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode.	boolean	Default: "False"
cookie_time	Cookie time setting Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed.	LBCookieTime (Abstract type: pass one of the following concrete types) LBPersistenceCookieTime LBSessionCookieTime
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
persistence_shared	Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.	boolean	Default: "False"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBCookiePersistenceProfile	string	Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBCookieTime (schema)

Cookie time

Cookie time. This is an abstract type. Concrete child types:
LBPersistenceCookieTime
LBSessionCookieTime

Name	Description	Type	Notes
type		LBCookieTimeType	Required

LBCookieTimeType (schema)

CookieTime type

Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting

Name	Description	Type	Notes
LBCookieTimeType	CookieTime type Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting	string	Enum: LBSessionCookieTime, LBPersistenceCookieTime

LBFastTcpProfile (schema)

Fast TCP profile

Fast TCP profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
close_timeout	TCP connection idle timeout in seconds It is used to specify how long a closing TCP connection (both FINs received or a RST is received) should be kept for this application before cleaning up the connection.	integer	Minimum: 1 Maximum: 60 Default: "8"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ha_flow_mirroring_enabled	Flow mirroring enabled flag If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
idle_timeout	TCP connection idle timeout in seconds It is used to configure how long an idle TCP connection in ESTABLISHED state should be kept for this application before cleaning up.	integer	Minimum: 1 Maximum: 2147483647 Default: "1800"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBFastTcpProfile	LBApplicationProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBFastUdpProfile (schema)

Fast UDP profile

Fast UDP profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
flow_mirroring_enabled	Flow mirroring enabled flag If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
idle_timeout	UDP idle timeout in seconds Though UDP is a connectionless protocol, for the purposes of load balancing, all UDP packets with the same flow signature (source and destination IP/ports and IP protocol) received within the idle timeout period are considered to belong to the same connection and are sent to the same backend server. If no packets are received for idle timeout period, the connection (association between flow signature and the selected server) is cleaned up.	integer	Minimum: 1 Maximum: 2147483647 Default: "300"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBFastUdpProfile	LBApplicationProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBGenericPersistenceProfile (schema)

LB generic persistence profile

Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to virtual server directly,
it can be specified in LB rule actions. In HTTP forwarding phase,
the profile can be specified in LBVariablePersistenceOnAction. In HTTP
response rewriting phase, the profile can be specified in
LBVariablePersistenceLearnAction.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ha_persistence_mirroring_enabled	Mirroring enabled flag The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
persistence_shared	Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.	boolean	Default: "False"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBGenericPersistenceProfile	string	Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time.	integer	Minimum: 1 Maximum: 2147483647 Default: "300"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBHttpMonitorProfile (schema)

LBMonitorProfile for active health checks over HTTP

Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful.
Completing a healthcheck within timeout means establishing a connection
(TCP or SSL), if applicable, sending the request and receiving the
response, all within the configured timeout.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fall_count	Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
id	Unique identifier of this resource	string	Sortable
interval	Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
monitor_port	Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.	int	Minimum: 0 Maximum: 65535
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
request_body	HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST.	string
request_headers	Array of HTTP request headers Array of HTTP request headers.	array of LbHttpRequestHeader
request_method	The health check method for HTTP monitor type The health check method for HTTP monitor type.	HttpRequestMethodType	Default: "GET"
request_url	Customized HTTP request url for active health checks For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters.	string	Default: "/"
request_version	HTTP request version HTTP request version.	HttpRequestVersionType	Default: "HTTP_VERSION_1_1"
resource_type	Must be set to the value LBHttpMonitorProfile	LBMonitorProfileType	Required
response_body	Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful.	string
response_status_codes	Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code.	array of int	Maximum items: 64
rise_count	Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBHttpProfile (schema)

Http profile

Http profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
http_redirect_to	Http redirect static URL If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL.	string
http_redirect_to_https	Flag to indicate whether enable HTTP-HTTPS redirect Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
idle_timeout	HTTP application idle timeout in seconds It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting.	integer	Minimum: 1 Maximum: 5400 Default: "15"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
request_body_size	Maximum size of the buffer used to store HTTP request body If it is not specified, it means that request body size is unlimited.	integer	Minimum: 1 Maximum: 2147483647
request_header_size	Maximum size of the buffer used to store HTTP request headers A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis.	integer	Minimum: 1 Default: "1024"
resource_type	Must be set to the value LBHttpProfile	LBApplicationProfileType	Required
response_buffering	Activate or deactivate buffering of responses When buffering is deactivated, the response is passed to a client synchronously, immediately as it is received. When buffering is activated, LB receives a response from the backend server as soon as possible, saving it into the buffers.	boolean	Default: "False"
response_header_size	Maximum size of the buffer used to store HTTP response headers A response with header larger than response_header_size will be dropped.	integer	Minimum: 1 Maximum: 65536 Default: "4096"
response_timeout	Maximum server idle time in seconds If server doesn’t send any packet within this time, the connection is closed.	integer	Minimum: 1 Maximum: 2147483647 Default: "60"
server_keep_alive	Server keep-alive flag If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
x_forwarded_for	Insert or replace x_forwarded_for When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules.	LBXForwardedForType
ntlm	NTLM support flag NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value.	boolean	Deprecated

LBHttpRedirectAction (schema)

Action to redirect HTTP request messages

This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LBRule without any conditions, add an
LBHttpRedirectAction to the rule. Set the
redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.

Name	Description	Type	Notes
redirect_status	HTTP response status code HTTP response status code.	string	Required
redirect_url	The URL that the HTTP request is redirected to The URL that the HTTP request is redirected to.	string	Required
type	Must be set to the value LBHttpRedirectAction	LBRuleActionType	Required

LBHttpRejectAction (schema)

Action to reject HTTP request messages

This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.

Name	Description	Type	Notes
reply_message	Response message Response message.	string
reply_status	HTTP response status code HTTP response status code.	string	Required
type	Must be set to the value LBHttpRejectAction	LBRuleActionType	Required

LBHttpRequestBodyCondition (schema)

Condition to match content of HTTP request message body

This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.

Name	Description	Type	Notes
body_value	HTTP request body	string	Required
case_sensitive	A case sensitive flag for HTTP body comparing If true, case is significant when comparing HTTP body value.	boolean	Default: "True"
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of HTTP body	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBHttpRequestBodyCondition	LBRuleConditionType	Required

LBHttpRequestCookieCondition (schema)

Condition to match HTTP request cookie

This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for cookie value comparing If true, case is significant when comparing cookie value.	boolean	Default: "True"
cookie_name	Name of cookie Cookie name.	string	Required
cookie_value	Value of cookie Cookie value.	string	Required
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of cookie value Match type of cookie value.	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBHttpRequestCookieCondition	LBRuleConditionType	Required

LBHttpRequestHeaderCondition (schema)

Condition to match HTTP request header

This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value.	boolean	Default: "True"
header_name	Name of HTTP header	string	Default: "Host"
header_value	Value of HTTP header	string	Required
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of HTTP header value	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBHttpRequestHeaderCondition	LBRuleConditionType	Required

LBHttpRequestHeaderDeleteAction (schema)

Action to delete HTTP request header fields

This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.

Name	Description	Type	Notes
header_name	Name of a header field of HTTP request message Name of a header field of HTTP request message.	string	Required
type	Must be set to the value LBHttpRequestHeaderDeleteAction	LBRuleActionType	Required

LBHttpRequestHeaderRewriteAction (schema)

Action to rewrite header fields of HTTP request messages

This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.

Name	Description	Type	Notes
header_name	Name of HTTP request header Name of HTTP request header.	string	Required
header_value	Value of HTTP request header Value of HTTP request header.	string	Required
type	Must be set to the value LBHttpRequestHeaderRewriteAction	LBRuleActionType	Required

LBHttpRequestMethodCondition (schema)

Condition to match method of HTTP request messages

This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.

Name	Description	Type	Notes
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
method	Type of HTTP request method	HttpRequestMethodType	Required
type	Must be set to the value LBHttpRequestMethodCondition	LBRuleConditionType	Required

LBHttpRequestUriArgumentsCondition (schema)

Condition to match URI arguments of HTTP requests

This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for URI arguments comparing If true, case is significant when comparing URI arguments.	boolean	Default: "True"
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of URI arguments	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBHttpRequestUriArgumentsCondition	LBRuleConditionType	Required
uri_arguments	URI arguments URI arguments, aka query string of URI.	string	Required

LBHttpRequestUriCondition (schema)

Condition to match URIs of HTTP request messages

This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LBRuleAction field which supports variables, such as uri
field of LBHttpRequestUriRewriteAction. For example, set the uri field
of LBHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for URI comparing If true, case is significant when comparing URI.	boolean	Default: "True"
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of URI	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBHttpRequestUriCondition	LBRuleConditionType	Required
uri	A string used to identify resource	string	Required

LBHttpRequestUriRewriteAction (schema)

Action to rewrite HTTP request URIs.

This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LBRuleAction to see how to use variables in this
action.

Name	Description	Type	Notes
type	Must be set to the value LBHttpRequestUriRewriteAction	LBRuleActionType	Required
uri	URI of HTTP request URI of HTTP request.	string	Required
uri_arguments	URI arguments Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2.	string

LBHttpRequestVersionCondition (schema)

Condition to match HTTP protocol version of HTTP requests

This condition is used to match the HTTP protocol version of the HTTP
request messages.

Name	Description	Type	Notes
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
type	Must be set to the value LBHttpRequestVersionCondition	LBRuleConditionType	Required
version	HTTP version	HttpRequestVersionType	Required

LBHttpResponseHeaderCondition (schema)

Condition to match a header field of HTTP response

This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value.	boolean	Default: "True"
header_name	Name of HTTP header field	string	Required
header_value	Value of HTTP header field	string	Required
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of HTTP header value	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBHttpResponseHeaderCondition	LBRuleConditionType	Required

LBHttpResponseHeaderDeleteAction (schema)

Action to delete HTTP response header fields

This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.

Name	Description	Type	Notes
header_name	Name of a header field of HTTP response message Name of a header field of HTTP response message.	string	Required
type	Must be set to the value LBHttpResponseHeaderDeleteAction	LBRuleActionType	Required

LBHttpResponseHeaderRewriteAction (schema)

Action to rewrite HTTP response header fields

This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.

Name	Description	Type	Notes
header_name	Name of a header field of HTTP request message Name of a header field of HTTP request message.	string	Required
header_value	Value of header field Value of header field	string	Required
type	Must be set to the value LBHttpResponseHeaderRewriteAction	LBRuleActionType	Required

LBHttpSslCondition (schema)

Condition to match SSL handshake and SSL connection

This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.

Name	Description	Type	Notes
client_certificate_issuer_dn	The issuer DN match condition of the client certificate The issuer DN match condition of the client certificate for an established SSL connection.	LBClientCertificateIssuerDnCondition
client_certificate_subject_dn	The subject DN match condition of the client certificate The subject DN match condition of the client certificate for an established SSL connection.	LBClientCertificateSubjectDnCondition
client_supported_ssl_ciphers	Cipher list which supported by client Cipher list which supported by client.	array of SslCipher
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
session_reused	The type of SSL session reused The type of SSL session reused.	LbSslSessionReusedType	Default: "IGNORE"
type	Must be set to the value LBHttpSslCondition	LBRuleConditionType	Required
used_protocol	Protocol of an established SSL connection Protocol of an established SSL connection.	SslProtocol
used_ssl_cipher	Cipher used for an established SSL connection Cipher used for an established SSL connection.	SslCipher

LBHttpsMonitorProfile (schema)

LBMonitorProfile for active health checks over HTTPS

Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTPS. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fall_count	Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
id	Unique identifier of this resource	string	Sortable
interval	Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
monitor_port	Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.	int	Minimum: 0 Maximum: 65535
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
request_body	HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST.	string
request_headers	Array of HTTP request headers Array of HTTP request headers.	array of LbHttpRequestHeader
request_method	The health check method for HTTP monitor type The health check method for HTTP monitor type.	HttpRequestMethodType	Default: "GET"
request_url	Customized HTTPS request url for active health checks For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters.	string	Default: "/"
request_version	HTTP request version HTTP request version.	HttpRequestVersionType	Default: "HTTP_VERSION_1_1"
resource_type	Must be set to the value LBHttpsMonitorProfile	LBMonitorProfileType	Required
response_body	Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful.	string
response_status_codes	Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code.	array of int	Maximum items: 64
rise_count	Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
server_ssl_profile_binding	Pool side SSL binding setting The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server.	LBServerSslProfileBinding
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBIcmpMonitorProfile (schema)

LBMonitorProfile for active health checks over ICMP

Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over ICMP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healt hchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
data_length	The data size (in byte) of the ICMP healthcheck packet	integer	Minimum: 0 Maximum: 65507 Default: "56"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fall_count	Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
id	Unique identifier of this resource	string	Sortable
interval	Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
monitor_port	Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.	int	Minimum: 0 Maximum: 65535
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBIcmpMonitorProfile	LBMonitorProfileType	Required
rise_count	Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBIpHeaderCondition (schema)

Condition to match IP header fields

This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.

Name	Description	Type	Notes
group_path	Grouping object path Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions.	string
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
source_address	Source IP address of HTTP message Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported.	IPElement
type	Must be set to the value LBIpHeaderCondition	LBRuleConditionType	Required

LBJwtAuthAction (schema)

Action to control access using JWT authentication

This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LBRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.

Name	Description	Type	Notes
key	LBJwtKey used for verifying the signature of JWT token	LBJwtKey (Abstract type: pass one of the following concrete types) LBJwtCertificateKey LBJwtPublicKey LBJwtSymmetricKey
pass_jwt_to_pool	Whether to pass the JWT to backend server or remove it Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers.	boolean	Default: "False"
realm	JWT realm A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>".	string
tokens	JWT tokens JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>".	array of string
type	Must be set to the value LBJwtAuthAction	LBRuleActionType	Required

LBJwtCertificateKey (schema)

Specifies certificate used to verify the signature of JWT tokens

The key is used to specify certificate which is used to verify the
signature of JWT tokens.

Name	Description	Type	Notes
certificate_path	Certificate identifier	string	Required
type	Must be set to the value LBJwtCertificateKey	LBJwtKeyType	Required

LBJwtKey (schema)

Load balancer JWT key

LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LBJwtCertificateKey
LBJwtPublicKey
LBJwtSymmetricKey

Name	Description	Type	Notes
type	Type of load balancer JWT key The property is used to identify JWT key type.	LBJwtKeyType	Required

LBJwtKeyType (schema)

Type of load balancer JWT key

It is used to identify JWT key type.

Name	Description	Type	Notes
LBJwtKeyType	Type of load balancer JWT key It is used to identify JWT key type.	string	Enum: LBJwtCertificateKey, LBJwtSymmetricKey, LBJwtPublicKey

LBJwtPublicKey (schema)

Specifies public key content used to verify the signature of JWT tokens

The key is used to specify the public key content which is used to verify
the signature of JWT tokens.

Name	Description	Type	Notes
public_key_content	Content of public key	string	Required
type	Must be set to the value LBJwtPublicKey	LBJwtKeyType	Required

LBJwtSymmetricKey (schema)

Specifies the symmetric key used to verify the signature of JWT tokens

The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.

Name	Description	Type	Notes
type	Must be set to the value LBJwtSymmetricKey	LBJwtKeyType	Required

LBMonitorProfile (schema)

This is an abstract type. Concrete child types:
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBMonitorProfile	LBMonitorProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBMonitorProfileType (schema)

Monitor type

There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.

Name	Description	Type	Notes
LBMonitorProfileType	Monitor type There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols.	string	Enum: LBTcpMonitorProfile, LBUdpMonitorProfile, LBIcmpMonitorProfile, LBHttpMonitorProfile, LBHttpsMonitorProfile, LBPassiveMonitorProfile

LBPassiveMonitorProfile (schema)

Base class for each type of active LBMonitorProfile

The passive type of LBMonitorProfile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
max_fails	Number of consecutive connection failures When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBPassiveMonitorProfile	LBMonitorProfileType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Timeout in seconds before it is selected again for a new connection After this timeout period, the member is tried again for a new connection to see if it is available.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBPersistenceCookieTime (schema)

Persistence cookie time

Persistence cookie time.

Name	Description	Type	Notes
cookie_max_idle	Persistence cookie max idle time in seconds HTTP cookie max-age to expire cookie, only available for insert mode.	integer	Required Minimum: 1 Maximum: 2147483647
type	Must be set to the value LBPersistenceCookieTime	LBCookieTimeType	Required

LBPersistenceProfile (schema)

Contains the information related to load balancer persistence options

Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to LBVirtualServer
directly, it can be specified in LBVariablePersistenceOnAction or
LBVariablePersistenceLearnAction in LBRule. If a user attaches a
LBGenericPersistenceProfile directly to a virtual server, the operation
is rejected.
This is an abstract type. Concrete child types:
LBCookiePersistenceProfile
LBGenericPersistenceProfile
LBSourceIpPersistenceProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
persistence_shared	Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.	boolean	Default: "False"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBPersistenceProfile	string	Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBPool (schema)

Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile

Defining access of a Group from a LBVirtualServer and binding to
LBMonitorProfile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
active_monitor_paths	Active monitor path list In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Active healthchecks are deactivated by default and can be activated for a server pool by binding a health monitor to the pool. If multiple active monitors are configured, the pool member status is UP only when the health check status for all the monitors are UP.	array of string
algorithm	Load balancing algorithm Load Balancing algorithm chooses a server for each new connection by going through the list of servers in the pool. Currently, following load balancing algorithms are supported with ROUND_ROBIN as the default. ROUND_ROBIN means that a server is selected in a round-robin fashion. The weight would be ignored even if it is configured. WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted round-robin fashion. Default weight of 1 is used if weight is not configured. LEAST_CONNECTION means that a server is selected when it has the least number of connections. The weight would be ignored even if it is configured. Slow start would be enabled by default. WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted least connection fashion. Default weight of 1 is used if weight is not configured. Slow start would be enabled by default. IP_HASH means that consistent hash is performed on the source IP address of the incoming connection. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. It may be used on the Internet to provide a best-effort stickiness to clients which refuse session cookies.	string	Enum: ROUND_ROBIN, WEIGHTED_ROUND_ROBIN, LEAST_CONNECTION, WEIGHTED_LEAST_CONNECTION, IP_HASH Default: "ROUND_ROBIN"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_group	Load balancer member setting with grouping object Load balancer pool support grouping object as dynamic pool members. When member group is defined, members setting should not be specified.	LBPoolMemberGroup
members	Load balancer pool members Server pool consists of one or more pool members. Each pool member is identified, typically, by an IP address and a port.	array of LBPoolMember
min_active_members	Minimum number of active pool members to consider pool as active A pool is considered active if there are at least certain minimum number of members.	integer	Minimum: 1 Maximum: 2147483647 Default: "1"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
passive_monitor_path	Passive monitor path Passive healthchecks are deactivated by default and can be activated by attaching a passive health monitor to a server pool. Each time a client connection to a pool member fails, its failed count is incremented. For pools bound to L7 virtual servers, a connection is considered to be failed and failed count is incremented if any TCP connection errors (e.g. TCP RST or failure to send data) or SSL handshake failures occur. For pools bound to L4 virtual servers, if no response is received to a TCP SYN sent to the pool member or if a TCP RST is received in response to a TCP SYN, then the pool member is considered to have failed and the failed count is incremented.	string
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBPool	string
snat_translation	Snat translation configuration Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap.	LBSnatTranslation (Abstract type: pass one of the following concrete types) LBSnatAutoMap LBSnatDisabled LBSnatIpPool
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_multiplexing_enabled	TCP multiplexing enable flag TCP multiplexing allows the same TCP connection between load balancer and the backend server to be used for sending multiple client requests from different client TCP connections.	boolean	Default: "False"
tcp_multiplexing_number	Maximum number of TCP connections for multiplexing The maximum number of TCP connections per pool that are idly kept alive for sending future client requests.	integer	Minimum: 0 Maximum: 2147483647 Default: "6"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBPoolMember (schema)

Pool member

Pool member.

Name	Description	Type	Notes
admin_state	Member admin state Member admin state.	PoolMemberAdminStateType	Default: "ENABLED"
backup_member	Determine whether the pool member is for backup usage Backup servers are typically configured with a sorry page indicating to the user that the application is currently unavailable. While the pool is active (a specified minimum number of pool members are active) BACKUP members are skipped during server selection. When the pool is inactive, incoming connections are sent to only the BACKUP member(s).	boolean	Default: "False"
display_name	Pool member name Pool member name.	string
ip_address	Pool member IP address Pool member IP address.	IPAddress	Required
max_concurrent_connections	Maximum concurrent connection number To ensure members are not overloaded, connections to a member can be capped by the load balancer. When a member reaches this limit, it is skipped during server selection. If it is not specified, it means that connections are unlimited.	integer	Minimum: 1 Maximum: 2147483647
port	Pool member port number If port is specified, all connections will be sent to this port. Only single port is supported. If unset, the same port the client connected to will be used, it could be overrode by default_pool_member_port setting in virtual server. The port should not specified for port range case.	PortElement
weight	Pool member weight Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing algorithm. The weight value would be ignored in other algorithms.	integer	Minimum: 1 Maximum: 256 Default: "1"

LBPoolMemberGroup (schema)

Pool member group

Pool member group.

Name	Description	Type	Notes
customized_members	List of customized pool member settings The list is used to show the customized pool member settings. User can only user pool member action API to update the admin state for a specific IP address.	array of PoolMemberSetting
group_path	Grouping object path Load balancer pool support Group as dynamic pool members. The IP list of the Group would be used as pool member IP setting.	string	Required
ip_revision_filter	Filter of ipv4 or ipv6 address of grouping object IP list Ip revision filter is used to filter IPv4 or IPv6 addresses from the grouping object. If the filter is not specified, both IPv4 and IPv6 addresses would be used as server IPs. The link local and loopback addresses would be always filtered out.	string	Enum: IPV4, IPV6, IPV4_IPV6 Default: "IPV4"
max_ip_list_size	Maximum number of grouping object IP address list The size is used to define the maximum number of grouping object IP address list. These IP addresses would be used as pool members. If the grouping object includes more than certain number of IP addresses, the redundant parts would be ignored and those IP addresses would not be treated as pool members. If the size is not specified, one member is budgeted for this dynamic pool so that the pool has at least one member even if some other dynamic pools grow beyond the capacity of load balancer service. Other members are picked according to available dynamic capacity. The unused members would be set to DISABLED so that the load balancer system itself is not overloaded during runtime.	integer	Minimum: 0 Maximum: 2147483647
port	Pool member port for all IP addresses of the grouping object If port is specified, all connections will be sent to this port. If unset, the same port the client connected to will be used, it could be overridden by default_pool_member_ports setting in virtual server. The port should not specified for multiple ports case.	int	Minimum: 1 Maximum: 65535

LBRule (schema)

Binding of a LBPool and Group to a LBVirtualServer

Binding of a LBPool and Group to a LBVirtualServer
used to route application traffic passing through load balancers.
LBRule uses match conditions to match application traffic passing
through a LBVirtualServer using HTTP or HTTPS. Can bind
multiple LBVirtualServers to a Group. Each LBRule
consists of two optional match conditions, each match contidion defines a
criterion for application traffic. If no match conditions are
specified, then the LBRule will always match and it is used
typically to define default rules. If more than one match condition is
specified, then matching strategy determines if all conditions should
match or any one condition should match for the LBRule to be
considered a match. A match indicates that the LBVirtualServer
should route the request to the Group (parent of LBRule).

Name	Description	Type	Notes
actions	Actions to be executed A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc.	array of LBRuleAction (Abstract type: pass one of the following concrete types) LBConnectionDropAction LBHttpRedirectAction LBHttpRejectAction LBHttpRequestHeaderDeleteAction LBHttpRequestHeaderRewriteAction LBHttpRequestUriRewriteAction LBHttpResponseHeaderDeleteAction LBHttpResponseHeaderRewriteAction LBJwtAuthAction LBSelectPoolAction LBSslModeSelectionAction LBVariableAssignmentAction LBVariablePersistenceLearnAction LBVariablePersistenceOnAction	Required Maximum items: 60
display_name	Display name for LBRule A display name useful for identifying an LBRule.	string
match_conditions	Conditions to match application traffic A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match.	array of LBRuleCondition (Abstract type: pass one of the following concrete types) LBHttpRequestBodyCondition LBHttpRequestCookieCondition LBHttpRequestHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriArgumentsCondition LBHttpRequestUriCondition LBHttpRequestVersionCondition LBHttpResponseHeaderCondition LBHttpSslCondition LBIpHeaderCondition LBSslSniCondition LBTcpHeaderCondition LBVariableCondition	Maximum items: 60
match_strategy	Match strategy for determining match of multiple conditions If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match.	string	Enum: ALL, ANY Default: "ANY"
phase	Load balancer processing phase Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool.	string	Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT Default: "HTTP_FORWARDING"

LBRuleAction (schema)

Load balancer rule action

Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUST_REWRITE phase are:
LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction
LBHttpRedirectAction
LBSelectPoolAction
LBVariablePersistenceOnAction
LBConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction
LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LBJwtAuthAction
LBConnectionDropAction
LBVariableAssignmentAction
Supported action in TRANSPORT phase is:
LBSslModeSelectionAction
LBSelectPoolAction

If the match type of an LBRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LBRuleAction fields.
For example, define a rule with LBHttpRequestUriCondition as match
condition and LBHttpRequestUriRewriteAction as action. Set match_type field
of LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LBHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LBRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LBConnectionDropAction
LBHttpRedirectAction
LBHttpRejectAction
LBHttpRequestHeaderDeleteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestUriRewriteAction
LBHttpResponseHeaderDeleteAction
LBHttpResponseHeaderRewriteAction
LBJwtAuthAction
LBSelectPoolAction
LBSslModeSelectionAction
LBVariableAssignmentAction
LBVariablePersistenceLearnAction
LBVariablePersistenceOnAction

Name	Description	Type	Notes
type	Type of load balancer rule action The property identifies the load balancer rule action type.	LBRuleActionType	Required

LBRuleActionType (schema)

Types of load balancer rule actions

Types of load balancer rule actions.

Name	Description	Type	Notes
LBRuleActionType	Types of load balancer rule actions Types of load balancer rule actions.	string	Enum: LBSelectPoolAction, LBHttpRequestUriRewriteAction, LBHttpRequestHeaderRewriteAction, LBHttpRejectAction, LBHttpRedirectAction, LBHttpResponseHeaderRewriteAction, LBHttpRequestHeaderDeleteAction, LBHttpResponseHeaderDeleteAction, LBVariableAssignmentAction, LBVariablePersistenceOnAction, LBVariablePersistenceLearnAction, LBJwtAuthAction, LBSslModeSelectionAction, LBConnectionDropAction

LBRuleCondition (schema)

Match condition of load balancer rule

Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in TRANSPORT phase is:
LBSslSniCondition
This is an abstract type. Concrete child types:
LBHttpRequestBodyCondition
LBHttpRequestCookieCondition
LBHttpRequestHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestUriCondition
LBHttpRequestVersionCondition
LBHttpResponseHeaderCondition
LBHttpSslCondition
LBIpHeaderCondition
LBSslSniCondition
LBTcpHeaderCondition
LBVariableCondition

Name	Description	Type	Notes
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
type	Type of load balancer rule condition	LBRuleConditionType	Required

LBRuleConditionType (schema)

Type of load balancer rule match condition

Type of load balancer rule match condition.

Name	Description	Type	Notes
LBRuleConditionType	Type of load balancer rule match condition Type of load balancer rule match condition.	string	Enum: LBHttpRequestUriCondition, LBHttpRequestHeaderCondition, LBHttpRequestMethodCondition, LBHttpRequestUriArgumentsCondition, LBHttpRequestVersionCondition, LBHttpRequestCookieCondition, LBHttpRequestBodyCondition, LBHttpResponseHeaderCondition, LBTcpHeaderCondition, LBIpHeaderCondition, LBVariableCondition, LBHttpSslCondition, LBSslSniCondition

LBSelectPoolAction (schema)

Action to select a pool for HTTP request messages

This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.

Name	Description	Type	Notes
pool_id	Path of load balancer pool Path of load balancer pool.	string	Required
type	Must be set to the value LBSelectPoolAction	LBRuleActionType	Required

LBServerAuthType (schema)

server authentication mode

Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not.
Validation is automatic by default when server_auth_ca_certificate_paths are
configured and IGNORED when they are not configured.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.

Name	Description	Type	Notes
LBServerAuthType	server authentication mode Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to specify if the server certificate presented to the load balancer during handshake should be actually validated or not. Validation is automatic by default when server_auth_ca_certificate_paths are configured and IGNORED when they are not configured. If validation is REQUIRED, then to be accepted, server certificate must be signed by one of the trusted CAs whose self signed certificates are specified in the same server-side SSL profile binding.	string	Enum: REQUIRED, IGNORE, AUTO_APPLY

LBServerSslProfile (schema)

Server SSL profile

Server SSL profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cipher_group_label	Label of cipher group It is a label of cipher group which is mostly consumed by GUI.	SslCipherGroup
ciphers	Supported SSL cipher list to client side Supported SSL cipher list to client side.	array of SslCipher
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_fips	FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.	boolean	Readonly
is_secure	Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protocols	Supported SSL protocol list to client side SSL version TLS1.2 is supported and enabled.	array of SslProtocol
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBServerSslProfile	string
session_cache_enabled	Session cache activate/deactivate falg SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake.	boolean	Default: "True"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBServerSslProfileBinding (schema)

Server SSL profile binding

Server SSL profile binding.

Name	Description	Type	Notes
certificate_chain_depth	The maximum traversal depth of server certificate chain Authentication depth is used to set the verification depth in the server certificates chain.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
client_certificate_path	Client certificate path To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding	string
server_auth	Server authentication mode Server authentication mode.	LBServerAuthType	Default: "AUTO_APPLY"
server_auth_ca_paths	CA path list to verify server certificate If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified.	array of string
server_auth_crl_paths	CRL path list to verify server certificate A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates.	array of string
ssl_profile_path	Server SSL profile path Server SSL profile defines reusable, application-independent server side SSL properties.	string

LBService (schema)

Loadbalancer Service

Loadbalancer Service.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
connectivity_path	The connectivity target used to instantiate the LBService LBS could be instantiated (or created) on the one of Tier-1, Group, VPC. For SLB, the Tier-1 object or the VPC object is supported. If the LB service is created under VPC, the connectivity path is set as VPC path internally. For DLB, only the Group object is supported.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Flag to enable the load balancer service Flag to enable the load balancer service.	boolean	Default: "True"
error_log_level	Error log level of load balancer service Load balancer engine writes information about encountered issues of different severity levels to the error log. This setting is used to define the severity level of the error log.	LbLogLevel	Default: "INFO"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
relax_scale_validation	Whether scale validation is relaxed If relax_scale_validation is true, the scale validations for virtual servers/pools/pool members/rules are relaxed for load balancer service. When load balancer service is deployed on edge nodes, the scale of virtual servers/pools/pool members for the load balancer service should not exceed the scale number of the largest load balancer size which could be configured on a certain edge form factor. For example, the largest load balancer size supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer deployed on MEDIUM edge nodes can support the scale number of MEDIUM load balancer. It is not recommended to enable active monitors if relax_scale_validation is true due to performance consideration. If relax_scale_validation is false, scale numbers should be validated for load balancer service. For LB under Infra, the default relax_scale_validation value is false. For LB under VPC, the default relax_scale_validation value is true.	boolean
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBService	string
size	Load balancer service size Load balancer service size.	LbServiceSize	Default: "SMALL"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
access_log_enabled	Flag to enable access log	boolean	Deprecated

LBSessionCookieTime (schema)

Session cookie time

Session cookie time.

Name	Description	Type	Notes
cookie_max_idle	Session cookie max idle time in seconds Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode.	integer	Minimum: 1 Maximum: 2147483647
cookie_max_life	Session cookie max lifetime in seconds Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode.	integer	Minimum: 1 Maximum: 2147483647
type	Must be set to the value LBSessionCookieTime	LBCookieTimeType	Required

LBSnatAutoMap (schema)

Snat auto map

Snat auto map.

Name	Description	Type	Notes
type	Must be set to the value LBSnatAutoMap	LBSnatTranslationType	Required

LBSnatDisabled (schema)

Snat disabled

Snat disabled.

Name	Description	Type	Notes
type	Must be set to the value LBSnatDisabled	LBSnatTranslationType	Required

LBSnatIpElement (schema)

Snat Ip element

Snat Ip element.

Name	Description	Type	Notes
ip_address	Ip address or ip range Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160.	IPElement	Required
prefix_length	Subnet prefix length Subnet prefix length should be not specified if there is only one single IP address or IP range.	integer

LBSnatIpPool (schema)

Snat Ip pool

Snat Ip pool.

Name	Description	Type	Notes
ip_addresses	List of Ip address or ip range If an IP range is specified, the range may contain no more than 64 IP addresses.	array of LBSnatIpElement	Required Maximum items: 64
type	Must be set to the value LBSnatIpPool	LBSnatTranslationType	Required

LBSnatTranslation (schema)

Snat Translation

Snat Translation. This is an abstract type. Concrete child types:
LBSnatAutoMap
LBSnatDisabled
LBSnatIpPool

Name	Description	Type	Notes
type	Snat translation type Snat translation type.	LBSnatTranslationType	Required

LBSnatTranslationType (schema)

Snat translation type

Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are three modes:
LBSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LBSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
LBSnatDisabled deactivates Source NAT. This is referred to as no-SNAT
or TRANSPARENT mode.
LBSnatIpPool is not supported in LB under VPC for the current release.

Name	Description	Type	Notes
LBSnatTranslationType	Snat translation type Load balancers may need to perform SNAT to ensure reverse traffic from the server can be received and processed by them. There are three modes: LBSnatAutoMap uses the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. LBSnatIpPool allows user to specify one or more IP addresses along with their subnet masks that should be used for SNAT while connecting to any of the servers in the pool. LBSnatDisabled deactivates Source NAT. This is referred to as no-SNAT or TRANSPARENT mode. LBSnatIpPool is not supported in LB under VPC for the current release.	string	Enum: LBSnatAutoMap, LBSnatIpPool, LBSnatDisabled

LBSourceIpPersistenceProfile (schema)

LBPersistenceProflie using SourceIP

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ha_persistence_mirroring_enabled	Mirroring enabled flag to synchronize persistence entries Persistence entries are not synchronized to the HA peer by default.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
persistence_shared	Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions.	boolean	Default: "False"
purge	Persistence purge setting Persistence purge setting.	SourceIpPersistencePurge	Default: "FULL"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBSourceIpPersistenceProfile	string	Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time.	integer	Minimum: 1 Maximum: 2147483647 Default: "300"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBSslModeSelectionAction (schema)

Action to select SSL mode

This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.

Name	Description	Type	Notes
ssl_mode	Type of SSL mode SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured.	string	Required Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD
type	Must be set to the value LBSslModeSelectionAction	LBRuleActionType	Required

LBSslProfile (schema)

Load balancer abstract SSL profile

Load balancer abstract SSL profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBSslProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBSslSniCondition (schema)

Condition to match SSL SNI in client hello

This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for SNI comparing If true, case is significant when comparing SNI value.	boolean	Default: "True"
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of SNI	LbRuleMatchType	Default: "REGEX"
sni	The server name indication The SNI(Server Name indication) in client hello message.	string	Required
type	Must be set to the value LBSslSniCondition	LBRuleConditionType	Required

LBTcpHeaderCondition (schema)

Condition to match TCP header fields

This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.

Name	Description	Type	Notes
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
source_port	TCP source port of HTTP message	PortElement	Required
type	Must be set to the value LBTcpHeaderCondition	LBRuleConditionType	Required

LBTcpMonitorProfile (schema)

LBMonitorProfile for active health checks over TCP

Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the
LBRule object. This represents active health monitoring over TCP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member
will the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring
the member back to UP state. After a healthcheck is initiated, if it
does not complete within a certain period, then also
the healthcheck is considered to be unsuccessful. Completing a
healthcheck within timeout means establishing a connection (TCP or SSL),
if applicable, sending the request and receiving the response, all within
the configured timeout.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fall_count	Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
id	Unique identifier of this resource	string	Sortable
interval	Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
monitor_port	Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.	int	Minimum: 0 Maximum: 65535
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
receive	Expected data received from server Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported.	string
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBTcpMonitorProfile	LBMonitorProfileType	Required
rise_count	Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
send	Data to send If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBUdpMonitorProfile (schema)

LBMonitorProfile for active health checks over UDP

Active healthchecks are deactivated by default and can be activated for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over UDP. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fall_count	Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
id	Unique identifier of this resource	string	Sortable
interval	Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
monitor_port	Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required.	int	Minimum: 0 Maximum: 65535
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
receive	Expected data received from server Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period.	string	Required
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBUdpMonitorProfile	LBMonitorProfileType	Required
rise_count	Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state.	integer	Minimum: 1 Maximum: 2147483647 Default: "3"
send	Data to send The data to be sent to the monitored server.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout.	integer	Minimum: 1 Maximum: 2147483647 Default: "5"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBVariableAssignmentAction (schema)

Action to create variable and assign value to it

This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LBVariableCondition, etc.

Name	Description	Type	Notes
type	Must be set to the value LBVariableAssignmentAction	LBRuleActionType	Required
variable_name	Name of the variable to be assigned Name of the variable to be assigned.	string	Required
variable_value	Value of variable Value of variable.	string	Required

LBVariableCondition (schema)

Condition to match IP header fields

This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.

Name	Description	Type	Notes
case_sensitive	A case sensitive flag for variable value comparing If true, case is significant when comparing variable value.	boolean	Default: "True"
inverse	A flag to indicate whether reverse the match result of this condition	boolean	Default: "False"
match_type	Match type of variable value	LbRuleMatchType	Default: "REGEX"
type	Must be set to the value LBVariableCondition	LBRuleConditionType	Required
variable_name	Name of the variable to be matched	string	Required
variable_value	Value of variable to be matched	string	Required

LBVariablePersistenceLearnAction (schema)

Action to learn the variable value

This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.

Name	Description	Type	Notes
persistence_profile_path	Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported.	string
type	Must be set to the value LBVariablePersistenceLearnAction	LBRuleActionType	Required
variable_hash_enabled	Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key.	boolean	Default: "False"
variable_name	Variable name The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide.	string	Required

LBVariablePersistenceOnAction (schema)

Action to persist the variable value

This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.

Name	Description	Type	Notes
persistence_profile_path	Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported.	string
type	Must be set to the value LBVariablePersistenceOnAction	LBRuleActionType	Required
variable_hash_enabled	Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key.	boolean	Default: "False"
variable_name	Variable name The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide.	string	Required

LBVirtualServer (schema)

Base class for each type of LBVirtualServer

All the types of LBVirtualServer extend from this abstract class. This
is present for extensibility.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
access_list_control	IP access list control to filter the connections Specifies the access list control to define how to filter the connections from clients.	LBAccessListControl
access_log_enabled	Access log enabled setting If access log is enabled, all HTTP requests sent to L7 virtual server are logged to the access log file. Both successful returns information responses(1xx), successful responses(2xx), redirection messages(3xx) and unsuccessful requests, backend server returns 4xx or 5xx, are logged to access log, if enabled. All L4 virtual server connections are also logged to the access log if enabled. The non-significant events such as successful requests are not logged if log_significant_event_only is set to true.	boolean	Default: "False"
application_profile_path	Application profile path The application profile defines the application protocol characteristics. It is used to influence how load balancing is performed. Currently, LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile, etc are supported.	string	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
client_ssl_profile_binding	Virtual server side SSL binding setting The setting is used when load balancer acts as an SSL server and terminating the client SSL connection.	LBClientSslProfileBinding
default_pool_member_ports	Default pool member ports when member port is not defined. Default pool member ports when member port is not defined.	array of PortElement	Maximum items: 14
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	whether the virtual server is enabled Flag to enable the load balancer virtual server.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ip_address	IP address of the LBVirtualServer Configures the IP address of the LBVirtualServer where it receives all client connections and distributes them among the backend servers.	IPAddress	Required
lb_persistence_profile_path	Persistence Profile used by LBVirtualServer Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is deactivated by default.	string
lb_service_path	Path to LBService object for LBVirtualServer virtual servers can be associated to LBService(which is similar to physical/virtual load balancer), LB virtual servers, pools and other entities could be defined independently, the LBService identifier list here would be used to maintain the relationship of LBService and other LB entities.	string
log_significant_event_only	Log only significant event in access log The property log_significant_event_only can take effect only when access_log_enabled is true. If log_significant_event_only is true, significant events are logged in access log. For L4 virtual server, significant event means unsuccessful(error or dropped) TCP/UDP connections. For L7 virtual server, significant event means unsuccessful connections or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx).	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
max_concurrent_connections	Maximum concurrent connection number To ensure one virtual server does not over consume resources, affecting other applications hosted on the same LBS, connections to a virtual server can be capped. If it is not specified, it means that connections are unlimited.	integer	Minimum: 1 Maximum: 2147483647
max_new_connection_rate	Maximum new connection rate in connections per second To ensure one virtual server does not over consume resources, connections to a member can be rate limited. If it is not specified, it means that connection rate is unlimited.	integer	Minimum: 1 Maximum: 2147483647
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pool_path	Default server pool path The server pool(LBPool) contains backend servers. Server pool consists of one or more servers, also referred to as pool members, that are similarly configured and are running the same application.	string
ports	Virtual server port number(s) or port range(s) Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range.	array of PortElement	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LBVirtualServer	string
rules	List of load balancer rules Load balancer rules allow customization of load balancing behavior using match/action rules. Currently, load balancer rules are supported for only layer 7 virtual servers with LBHttpProfile.	array of LBRule	Maximum items: 4000
server_ssl_profile_binding	Pool side SSL binding setting The setting is used when load balancer acts as an SSL client and establishing a connection to the backend server.	LBServerSslProfileBinding
sorry_pool_path	Sorry server pool path When load balancer can not select a backend server to serve the request in default pool or pool in rules, the request would be served by sorry server pool.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LBXForwardedForType (schema)

X-forwarded-for type

X-forwarded-for type.

Name	Description	Type	Notes
LBXForwardedForType	X-forwarded-for type X-forwarded-for type.	string	Enum: INSERT, REPLACE

Label (schema)

Label

Label that will be displayed for a UI element.

Name	Description	Type	Notes
condition	Expression for evaluating condition If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API.	string	Maximum length: 1024
hover	Show label only on hover If true, displays the label only on hover	boolean	Default: "False"
icons	Icons Icons to be applied at dashboard for the label	array of Icon	Minimum items: 0
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
text	Label text Text to be displayed at the label.	string	Required Maximum length: 255

LabelValueConfiguration (schema)

Label Value Dashboard Widget Configuration

Represents a Label-Value widget configuration

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
layout	Layout of properties inside widget Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied.	Layout
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
properties	Rows An array of label-value properties.	array of PropertyItem	Required
resource_type	Must be set to the value LabelValueConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
sub_type	Sub-type of the LabelValueConfiguration A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. For HORIZONTALLY_ALIGNED sub_type, the value is placed right hand side of the label.	string	Enum: VERTICALLY_ALIGNED, HORIZONTALLY_ALIGNED
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

LatencyMeasurement (schema)

Settings to configure latency measurement

Name	Description	Type	Notes
enabled	Flag to turn on or off the latency measurement	boolean	Required
full_network_path_latency	Full network path latency Boolean indicating whether to enable full network path latency. If set to false then latency through guest OS is not measured.	boolean	Default: "False"
sampling_rate	Number of packets to be sampled Indicates the rate of sampling packets. Defaults to 1 and ignored if latency measurement is off.	int	Minimum: 0 Maximum: 64000 Default: "1"

Layout (schema)

Layout of a container or widget

Represents layout of a container or widget

Name	Description	Type	Notes
properties		LayoutProperties
type	Type of layout of a container or widget Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. If AUTO is chosen then container or widgets display area will be automatically calculated depending upon the required width.	string	Enum: HORIZONTAL, VERTICAL, GRID, AUTO Default: "HORIZONTAL"

LayoutProperties (schema)

Layout properties of a container or widget

Properties of the layout of a container or widget

Name	Description	Type	Notes
num_columns	Number of columns of grid Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only.	int
num_rows	Number of rows of grid Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only.	int

LbHttpRequestHeader (schema)

Name	Description	Type	Notes
header_name	Name of HTTP request header	string	Required
header_value	Value of HTTP request header	string	Required

LbLogLevel (schema)

the log level of load balancer service

Name	Description	Type	Notes
LbLogLevel	the log level of load balancer service	string	Enum: DEBUG, INFO, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY

LbRuleMatchType (schema)

Match type for LbRule conditions

LbRuleMatchType is used to determine how a specified string value is used
to match a specified LbRuleCondition field.
STARTS_WITH: If the LbRuleCondition field starts with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
EQUALS: If the LbRuleCondition field is same as the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
CONTAINS: If the LbRuleCondition field contains the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
REGEX: If the LbRuleCondition field matches specified regular expression,
the condition matches. The regular expressions in load balancer rules use
the features common to both Java regular expressions and Perl Compatible
Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions.
If named capturing groups are used in the regular expression, when a
match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}).
For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured
in variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article.
Please note, when regular expressions are used in JSON(JavaScript Object
Notation) string, every backslash character (\) needs to be escaped by one
additional backslash character.

Name	Description	Type	Notes
LbRuleMatchType	Match type for LbRule conditions LbRuleMatchType is used to determine how a specified string value is used to match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition field starts with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. ENDS_WITH: If the LbRuleCondition field ends with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. EQUALS: If the LbRuleCondition field is same as the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. CONTAINS: If the LbRuleCondition field contains the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. REGEX: If the LbRuleCondition field matches specified regular expression, the condition matches. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the restrictions. If named capturing groups are used in the regular expression, when a match succeeds, the substrings of the subject string that match named capturing groups are stored (captured) in variables with specific names which can be used in the fields of LbRuleAction which support variables. Named capturing group are defined in the format (?<name>subpattern), such as (?<year>\d{4}). For example, in the regular expression: "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for subject string "/news/2017/06/xyz.html", the substring "2017" is captured in variable year, "06" is captured in variable month, and "xyz.html" is captured in variable article. These variables can be used in LbRuleAction fields which support variables in form of $name, such as $year, $month, $article. Please note, when regular expressions are used in JSON(JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character.	string	Enum: STARTS_WITH, ENDS_WITH, EQUALS, CONTAINS, REGEX

LbServiceSize (schema)

the size of load balancer service

The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or
DLB. The first four sizes are realized on Edge node as a centralized load
balancer. DLB is realized on each ESXi hypervisor as a distributed load
balancer. DLB is supported for k8s cluster IPs managed by vSphere with
Kubernetes. DLB is NOT supported for any other workload types.

Name	Description	Type	Notes
LbServiceSize	the size of load balancer service The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or DLB. The first four sizes are realized on Edge node as a centralized load balancer. DLB is realized on each ESXi hypervisor as a distributed load balancer. DLB is supported for k8s cluster IPs managed by vSphere with Kubernetes. DLB is NOT supported for any other workload types.	string	Enum: SMALL, MEDIUM, LARGE, XLARGE, DLB

LbSslSessionReusedType (schema)

Type of SSL session reused

Name	Description	Type	Notes
LbSslSessionReusedType	Type of SSL session reused	string	Enum: IGNORE, REUSED, NEW

LdapIdentitySource (schema)

An LDAP identity source

This is the base type for all identity sources that use LDAP for authentication and group membership. This is an abstract type. Concrete child types:
ActiveDirectoryIdentitySource
OpenLdapIdentitySource

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alternative_domain_names	Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.	array of string
base_dn	DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use.	string	Required
id	Unique identifier of this resource	string	Sortable
ldap_servers	LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.	array of IdentitySourceLdapServer	Maximum items: 3
resource_type	Must be set to the value LdapIdentitySource	string	Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

LdapIdentitySourceListResult (schema)

List results containing LDAP identity sources

The results of listing LDAP identity sources.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results		array of LdapIdentitySource (Abstract type: pass one of the following concrete types) ActiveDirectoryIdentitySource OpenLdapIdentitySource
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

LdapIdentitySourceProbeResults (schema)

Results from probing all LDAP servers

Results from probing all LDAP servers in an LDAP identity source configuration.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
results	Probe results Probe results for all probed LDAP servers.	array of IdentitySourceLdapServerProbeResult

LdapIdentitySourceSearchRequestParameters (schema)

Arguments for searching users and groups

To search for a user or group in an LDAP identity source,
provide a filter_value. The directory will be searched for
users and groups that match the search string.

User searches:

For Active Directory sources, the directory will be searched
for users whose commonName (CN) property contains the given
string and for users whose samAccountName property contains
the given string. For OpenLDAP sources, the directory will
be searched for users whose commonName (CN) property contains
the given string and for users whose uid property contains
the given string.

Group searches:

For both Active Directory and OpenLDAP sources, the directory
will be searched for groups whose commonName (CN) property
contains the the given string.

The LDAP server may impose a limit on the number of returned
entries.

Name	Description	Type	Notes
filter_value	Search filter value A string to use when searching for users and groups in the LDAP identity source.	string	Required

LdapIdentitySourceSearchResultItem (schema)

Name	Description	Type	Notes
common_name	Common Name (CN) of entry The Common Name (CN) of the entry, if available.	string
dn	DN of the entry Distinguished name (DN) of the entry.	string
principal_name	The principal name of the user or group, if available For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by "@" and the domain of the directory. For groups, this will be the group's common name, followed by "@" and the domain of the directory.	string
type	Type of the entry Describes the type of the entry	string	Enum: USER, GROUP

LdapIdentitySourceSearchResultList (schema)

A list of LDAP search results

A list of LDAP entries returned from a search of an LDAP identity source.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
results		array of LdapIdentitySourceSearchResultItem

LdapProbeError (schema)

Error detail from probe

Detail about one error encountered during a probe.

Name	Description	Type	Notes
error_type	Error type The cause of the error. BASE_DN_NOT_FOUND: The configured base DN does not exist on the LDAP server or is not readable. BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to require a bind DN and password. Please add these to your LDAP server configuration. BIND_DN_INVALID: The bind DN or username provided is not valid on the LDAP server. Check that the bind DN is correct. This error may also indicate that the base DN in your configuration is incorrect. CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for the LDAP server does not match the hostname in the server's certificate subject or alternative subject names. Be sure that the hostname you configure in NSX Manager matches one of those names. CERTIFICATE_MISMATCH_ERROR: The certificate presented by the LDAP server did not match the certificate in the configuration on the NSX Manager. CONNECTION_REFUSED: The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct ip/hostname. CONNECTION_TIMEOUT: The connection timed out when contacting the LDAP server. Check the hostname/ip and any firewalls between the NSX Manager and the LDAP server. GENERAL_ERROR: An undetermined error occurred. INVALID_CONFIGURED_CERTIFICATE: The certificate configured for this LDAP server is invalid and could not be decoded. Check that the PEM-formatted certificate you provided is correct. INVALID_CREDENTIALS: The username and/or password are incorrect. SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure connection with the LDAP server. Check that the LDAP server's certificate is correct, and that it is using an SSL/TLS cipher suite that is compatible with the NSX Manager. This error can also occur if the hostname you have configured for the LDAP server does not match any of the hostnames in the Subject Alternative Name records in the server certificate. STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection to use TLS. Ensure that the LDAP server supports TLS and if not, use LDAP or LDAPS as the protocol. UNKNOWN_HOST: The hostname of the LDAP server could not be resolved. NO_ROUTE_TO_HOST: There is no network route to the host. BIND_EXCEPTION: A socket to the remote host could not be opened. PORT_UNREACHABLE: The LDAP port is not open on the remote host. BASE_DN_NOT_WITHIN_DOMAIN: For Active Directory, the base DN is not a subtree of the Domain Component tree corresponding to the LDAP domain. For example, if the domain is "example.com", the baseDN should be "dc=example, dc=com" or a subtree like "ou=Users,dc=example,dc=com". LDAP_SERVER_DISABLED: The LDAP server is marked as disabled in the NSX configuration and will not be used.	string	Enum: BASE_DN_NOT_FOUND, BIND_DN_AND_PASSWORD_REQUIRED, BIND_DN_INVALID, CERTIFICATE_HOSTNAME_MISMATCH_ERROR, CERTIFICATE_MISMATCH_ERROR, CONNECTION_REFUSED, CONNECTION_TIMEOUT, GENERAL_ERROR, INVALID_CONFIGURED_CERTIFICATE, INVALID_CREDENTIALS, SSL_HANDSHAKE_ERROR, STARTTLS_FAILED, UNKNOWN_HOST, NO_ROUTE_TO_HOST, BIND_EXCEPTION, PORT_UNREACHABLE, BASE_DN_NOT_WITHIN_DOMAIN, LDAP_SERVER_DISABLED

Legend (schema)

Legend for the widget

Represents legend that describes the entities of the widget.

Name	Description	Type	Notes
alignment	Alignment of the legend Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side.	string	Enum: HORIZONTAL, VERTICAL Default: "VERTICAL"
display_count	Show count of entities in the legend If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend.	boolean	Default: "True"
display_mode	Display mode for legends. Display mode for legends.	string	Enum: SHOW_ALL_LEGENDS, SHOW_MIN_NO_OF_LEGENDS, SHOW_OTHER_GROUP_WITH_LEGENDS Default: "SHOW_ALL_LEGENDS"
filterable	Show checkbox along with legends if value is set to true Show checkbox along with legends if value is set to true. Widget filtering capability can be enable based on legend checkbox selection. for 'display_mode' SHOW_OTHER_GROUP_WITH_LEGENDS filterable property is not supported.	boolean	Default: "False"
min_legends_display_count	A minimum number of legends to be displayed. A minimum number of legends to be displayed upfront. if 'display_mode' is set to SHOW_MIN_NO_OF_LEGENDS then this property value will be used to display number of legends upfront in the UI.	int	Minimum: 1 Maximum: 12 Default: "3"
other_group_legend_label	A label for showing other category in legends. A translated label for showing other category label in legends.	string	Default: "WIDGET_LABEL_OTHER_LEGEND_LABEL"
position	Placement of legend Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget.	string	Enum: TOP, BOTTOM, LEFT, RIGHT, TOP_RIGHT Default: "RIGHT"
type	Type of the legend Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget.	string	Enum: CIRCLE Default: "CIRCLE"
unit	Show unit of entities in the legend Show unit of entities in the legend.	string

LegendWidgetConfiguration (schema)

Legend widget Configuration

Represents configuration for Legend widget. For this widget the data source is not applicable. This widget can be use to add the Legend inside the dashboard container.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
layout	A layout for legend widget. Defines the layout for the legend widget	Legend	Required
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value LegendWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
source_widget_id	Id of source widget for this legend widget Id of source widget, if any. Id should be a valid id of an existing widget. This property can be used to identify the source of the data for this legend widget.	string	Required Maximum length: 255
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

Limit (schema)

Limit Definition

This represents an instance of the definition of a limit. Limit defines constraints that can be enforced on tenants.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
quota		Quota (Abstract type: pass one of the following concrete types) IpBlockQuota
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Limit	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LineChartPlotConfiguration (schema)

A line chart plotting configuration

A line chart plotting configuration.

Name	Description	Type	Notes
allow_maximize	Allow maximize capability for this widget Allow maximize capability for this widget	boolean
condition	Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration.	string	Maximum length: 1024
fill_gradient_area	Fill the line chart area with a gradient series color. Fill the line chart area with a gradient series color.	boolean
num_of_series_to_display	A number of series to be displayed upfront. Specifies the number of series to be displayed in a line chart. If no value is provided all the series will be displayed.	int	Minimum: 1 Maximum: 16
show_curved_lines	Show curved lines for series Used for displaying the curved lines for a series in a line chart. By default, straight line is used to for a series in a line chart.	boolean	Default: "True"
show_data_in_tooltip	Show data in tooltip. Show the data in tooltip.	boolean	Default: "False"
show_data_points	Show the Data point highlighting in line chart Controls the visiblity of the data points on the line chart. If value is set to false data points wont be high- lighted on the lines.	boolean	Default: "True"
show_grid_lines	Show grid lines Controls the visiblity of the grid lines in line chart.	boolean	Default: "True"
show_grouped_tooltip	Derives to show the grouped tooltip Controls the visiblity of the grouped tooltip in a line chart across all series.	boolean	Default: "False"
show_min_max_on_series	Show min and max value on line series Controls the visiblity of the min and max value across line series in line chart.	boolean	Default: "False"
show_unit_in_tooltip	Show data unit in tooltip. Show the data unit in tooltip.	boolean	Default: "False"
sort_data_in_grouped_tooltip	Sort the data in grouped tooltip Sort the data in grouped tooltip.	boolean	Default: "False"
sort_series	Perform sorting on series using the latest data point Specifies whether the series should be sorted by the latest data point.	boolean	Default: "False"

ListByNodeIdParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType
transport_node_id	TransportNode Id	string

ListByOptionalTransportNodeParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Transport node	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ListCertParameter (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
details	whether to expand the pem data and show all its details	boolean	Default: "False"
fmt		CertificateFormatParameter
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
node_id	Node ID of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular node ID.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
type	Type of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service.	string	Enum: cluster_api_certificate, api_certificate

ListLocalNodeUsersRequestParameters (schema)

NodeUserPropertiesListResult get request parameters

Name	Description	Type	Notes
filter	Show all local user accounts with filter account_type Show all local user accounts with filter account_type	string	Enum: all, guest, service
internal	Flag to specify showing all local node user (including internal users) and detailed property When flag internal is set to true, response will include all node user (including internal users) and detailed property. When flag internal is set to false, response will only include user managed accounts.	boolean	Default: "False"

ListRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ListResult (schema)

Base class for list results from collections

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ListResultQueryParameters (schema)

Parameters that affect how list results are processed

Name	Description	Type	Notes
fields	Fields to include in query results Comma-separated field names to include in query result	string

ListWithDataSourceParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

LiveTraceConfig (schema)

Livetrace configuration

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
actions	Livetrace actions Configuration of actions on the filtered packets.	PolicyLiveTraceActionConfig	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
filter	Packet filter Filter for flows of interest.	LiveTraceFilterData (Abstract type: pass one of the following concrete types) FieldsFilterData PlainFilterData
id	Unique identifier of this resource	string	Sortable
ipsec_vpn_config	IPSec VPN configuration for starting livetrace on IPSec tunnel interface IPSec VPN configuration for starting livetrace on IPSec tunnel interface	PolicyLiveTraceIpsecVpnConfig
is_transient	Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LiveTraceConfig	string
src_port_path	Policy path of logical port Policy path of logical port to start a livetrace session.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Timeout in seconds for livetrace session The duration for observing live traffic on the specified source logical port.	integer	Minimum: 5 Maximum: 600 Default: "10"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

LiveTraceFilterData (schema)

This is an abstract type. Concrete child types:
FieldsFilterData
PlainFilterData

Name	Description	Type	Notes
resource_type	Filter type	string	Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData"

LiveTracePacketGranularActionConfig (schema)

Configuration of livetrace packet granular action

Name	Description	Type	Notes
dest_ipsec_vpn_config	IPSec VPN configuration for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same IPSec VPN config specified for the reverse direction.	PolicyLiveTraceIpsecVpnConfig
dest_port_path	Policy path of logical port Policy path of logical port for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same port specified for the reverse direction.	string
reverse_filter	Packet filter Filter for flows of interest at the reverse direction. It takes effect only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same filter specified for the reverse direction.	LiveTraceFilterData (Abstract type: pass one of the following concrete types) FieldsFilterData PlainFilterData
sampling	Sampling parameter for the action Sampling parameter for the action. Trace action, packet capture action, and datapath statistics action only support first-N sampling. Count action will sample all packets that match the filter criteria, so there is no need to provide sampling for count action.	LiveTraceSamplingConfig
trace_type	Type of trace	string	Required Enum: UNI_DIRECTIONAL, BI_DIRECTIONAL

LiveTraceSamplingConfig (schema)

Sampling parameter for a livetrace action

Name	Description	Type	Notes
match_number	Parameter for first-N sampling. First N packets are sampled. The upper limits of sampling number for livetrace actions are listed as below: - trace action: 50 - packet capture action: 500 - datapath statistics action: 65535	integer	Minimum: 1 Maximum: 65535
sampling_interval	Parameter for interval based sampling A packet is sampled for every given time interval in ms.	integer	Minimum: 1 Maximum: 30000
sampling_rate	Parameter for packet number based sampling 1 out of N packets is sampled on average.	integer	Minimum: 1 Maximum: 65535

LoadBalancerVPCEndpoint (schema)

Load Balancer configuration

Load Balancer for VPC

Name	Description	Type	Notes
enabled	Flag to enable load balancer for VPC. Flag to indicate whether support for load balancing is needed. Setting this flag to true causes allocation of private IPs from the private block associated with this VPC tobe used by the load balancer.	boolean	Default: "False"

LocalEgress (schema)

Local Egress

Local Egress is used on both server and client sites so that the gateway
is used for N-S traffic and overhead on L2VPN tunnel is reduced.

Name	Description	Type	Notes
optimized_ips	Gateway IP for Local Egress Gateway IP for Local Egress. Local egress is enabled only when this list is not empty.	array of IPAddress	Minimum items: 1 Maximum items: 1

LocalEgressRoutingEntry (schema)

Local egress routing policy

Name	Description	Type	Notes
nexthop_address	Next hop address Next hop address for proximity routing.	string	Required
prefix_list_paths	Policy path to prefix lists The destination address of traffic matching a prefix-list is forwarded to the nexthop_address. Traffic matching a prefix list with Action DENY will be dropped. Individual prefix-lists specified could have different actions.	array of string	Required Maximum items: 1

LocalSiteConfiguration (schema)

Local site information

Local site with federation id and epoch.

Name	Description	Type	Notes
epoch	Epoch	integer	Required
id	Federation id	string	Required
site	Site	FederationSite	Required

LocaleServices (schema)

Locale-services configuration

Site specific configuration of Tier0 in multi-site scenario

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_profile_path	Policy path of BFD profile This profile is applied to all static route peers in this locale. BFD profile configured on static route peers takes precedence over global configuration. If this field is empty, a default profile is applied to all peers.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildTier1Interface
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_cluster_path	policy path of Edge cluster of type PolicyEdgeCluster. The reference to the edge cluster using the policy path of the edge cluster of type PolicyEdgeCluster. Auto assigned on Tier0 if the associated enforcement point has only one edge cluster. For Tier1 ACTIVE-ACTIVE, edge cluster can not be removed and Edge Cluster will be defaulted to edge cluster from connected Tier0.	string
ha_vip_configs	Array of HA VIP Config. This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed.	array of Tier0HaVipConfig
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
preferred_edge_paths	Edge node path Policy paths to edge nodes. For Tier1 gateway, the field is used to statically assign the ordered list of up to two edge nodes for stateful services. To enable auto allocation of nodes from the specified edge cluster the field must be left unset. The auto allocation of nodes is supported only for the Tier1 gateway. For Tier0 gateway specified edge is used as a preferred edge node when failover mode is set to PREEMPTIVE, not applicable otherwise.	array of string	Maximum items: 2
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value LocaleServices	string
route_redistribution_config	Route Redistribution configuration Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on.	Tier0RouteRedistributionConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
route_redistribution_types	Enable redistribution of different types of routes on Tier-0 Enable redistribution of different types of routes on Tier-0. This property is only valid for locale-service under Tier-0. This property is deprecated, please use "route_redistribution_config" property to configure redistribution rules.	array of Tier0RouteRedistributionTypes	Deprecated

LocaleServicesListResult (schema)

Paged collection of LocaleServices

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	LocaleServices results	array of LocaleServices	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

LoggingServiceProperties (schema)

Service properties

Name	Description	Type	Notes
logging_level	Service logging level	string	Required Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
modified_package_logging_levels	Modified package logging levels	string
package_logging_level	Package logging levels	array of PackageLoggingLevels

LogicalPortOperationalStatus (schema)

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_port_id	The id of the logical port	string	Required Readonly
status	The Operational status of the logical port	string	Required Enum: UP, DOWN, UNKNOWN

LogicalPortStatistics (schema)

Name	Description	Type	Notes
distributed_dhcp_server_packets		DistributedDhcpServerPackets	Readonly
dropped_by_firewall_packets		DfwDropCounters	Readonly
dropped_by_security_packets		PacketsDroppedBySecurity	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_port_id	The id of the logical port	string	Required Readonly
mac_learning		MacLearningCounters	Readonly
rx_bytes		DataCounter	Readonly
rx_packets		DataCounter	Readonly
tx_bytes		DataCounter	Readonly
tx_packets		DataCounter	Readonly

LogicalRouterPortCounters (schema)

Logical router port statistics

Provides the statistics for a logical router port since the time it was created. The statistics
will be reset on edge reboot or edge dataplane restart. It includes the following counters for
the port:

- Incoming packet count.
- Outgoing packet count.
- Dropped packet count.
- Error/Failure reason for the dropped packet.

Name	Description	Type
blocked_packets	Packets blocked The total number of packets blocked on the port. This could be due to either port is operatively down or blocked. The port can be blocked due to admin-down, backplane port is in standby SR (internal operational state is down) etc. It also includes drops when a tunnel port receives packet with local VTEP which is not the assigned one. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
dad_dropped_packets	DAD packets dropped The total number of packets dropped because source IP is not assigned to the logical port. For IPv6 address, it could be due to DAD (Duplicate Address Detection) status of the IP is not in ASSIGNED state. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
destination_unsupported_dropped_packets	Destination unsupported packets dropped The total number of packets dropped because the destination address in the packet - broadcast, multicast, loopback or reserved address - is not supported on the port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
dropped_packets	Packets dropped The total number of packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
firewall_dropped_packets	Firewall packets dropped The total number of packets dropped due to firewall rules or firewall state mismatch (For example, the expected sequence number in TCP window was not received). The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
frag_needed_dropped_packets	Fragmentation needed packets dropped The total number of packets dropped because they could not be fragmented when their size was larger than the port MTU due to DF bit set in them. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_dropped_packets	IPSec packets dropped The total number of IPSec packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
ipsec_no_sa_dropped_packets	IPSec no security association packets dropped The total number of IPSec packets dropped due to missing security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_no_vti_dropped_packets	IPSec no VTI packets dropped The total number of IPSec packets dropped due to missing Virtual tunnel interface (VTI) in the security association. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_pol_block_dropped_packets	IPSec policy block packets dropped The total number of IPSec packets dropped due to a discard policy configured for the traffic. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipsec_pol_err_dropped_packets	IPSec policy error packets dropped The total number of IPSec packets dropped due to policy lookup failure for the packets in the security policy database. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
ipv6_dropped_packets	IPv6 packets dropped The total number of IPv6 packets dropped on the port since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
kni_dropped_packets	Kernel NIC interface packets dropped The total number of packets that the DPDK kernel NIC interface failed to send to the linux kernel. For example BGP packets, Load balancer etc. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
l4port_unsupported_dropped_packets	L4 port unsupported packets dropped The total number of packets dropped for having an unknown/unsupported L4 port (TCP or UDP) and destination IP which is owned by the logical router ports including the loopback port. For example, if we receive a UDP packet whose port does not map to the expected port of BFD, AppHA, IPSec or DHCP, then we drop it. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
malformed_dropped_packets	Malformed packets dropped The total number of malformed packets dropped on the port due to IP checksum error by IP checksum verification or the physical NIC (vmxnet3 for VM or other NIC for BM) marks the IP checksum error. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_arp_dropped_packets	No ARP packets dropped The total number of packets dropped due to incomplete ARP resolution of the next-hop. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_linked_dropped_packets	No linked packets dropped The total number of packets dropped because the port did not have a linked peer port. For example, the logical router port is not connected to a segment port. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_mem_dropped_packets	No memory packets dropped The total number of packets dropped due to insufficient memory. One such example is the mBuf pool memory. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_receiver_dropped_packets	No receiver packets dropped The total number of packets dropped due to absence of the receiver. This could happen when the protocol is not supported by the logical router, or the corresponding tunnel does not exist. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
no_route_dropped_packets	No route packets dropped The total number of packets dropped because no route exists for the IP destination of the packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
non_ip_dropped_packets	Non IP packets dropped The total number of non-IP packets dropped because only IP packets are allowed on the port. For example spanning tree BPDU packets. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
proto_unsupported_dropped_packets	Protocol unsupported packets dropped The total number of packets dropped because the known protocols such as ARP, ICMP, DHCP cannot be decoded/fully supported. Also, when the ether-type is MPLS but the IP version is not 4 nor 6. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
redirect_dropped_packets	Redirect packets dropped The total number of packets dropped due to redirection of packet to Kernel NIC Interface(KNI) failed. This could be due to either the redirected interface is a non-KNI interface or we could not fetch the mapping KNI interface for the UUID of the redirected interface. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
rpf_check_dropped_packets	Reverse-path forwarding check packets dropped The total number of packets dropped due to RPF check failure. It is applicable to both unicast and multicast. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer
service_insert_dropped_packets	Service insert packets dropped Total number of service insertion packets dropped.	integer
total_bytes	Bytes transferred The total number of bytes transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
total_packets	Packets transferred The total number of packets transferred since the time the logical router port was created. This will be reset on edge reboot or edge dataplane restart.	integer
ttl_exceeded_dropped_packets	Time to live exceeded packets dropped The total number of packets dropped due to exceeded TTL. The counts are from the time the logical router port was created and will be reset on edge reboot or edge dataplane restart.	integer

LogicalRouterPortStatistics (schema)

Logical router port statistics

Provides the statistics of a logical router port across all transport nodes. It includes the following
information:

- Logical router port ID.
- For each transport node, it includes the number of incoming, outgoing and dropped packet counters. It
also provides details of errors and failures causing the drops since the time the interface was created.
The logical router port statistics from a given transport node will be reset on edge reboot or edge
dataplane restart of that node.
- For each transport node, it includes subcluster IP and transport node ID.

Name	Description	Type	Notes
logical_router_port_id	The ID of the logical router port	string	Required
per_node_statistics	Per node statistics Lists the subcluster ID, transport node ID, incoming, outgoing and dropped packet counters for each transport node since the time the logical router port was created. The packet counters will be reset on edge reboot or edge dataplane restart.	array of LogicalRouterPortStatisticsPerNode	Readonly

LogicalRouterPortStatisticsPerNode (schema)

Logical router port statistics for a transport node.

Provides the following information about a logical router port in a given transport node:

- The subcluster ID of the logical port.
- Transport node ID.
- Incoming packet counters on the logical router port in a given transport node. It includes
the total number of packets received, dropped, and the number of errors and failures causing the
drops. The counters are from the time the logical router port was created. The packet counters will be
reset on edge reboot or edge dataplane restart.
- Outgoing packet counters on the logical router port in a given transport node. It includes
the total number of packets sent, dropped, and the number of errors and failures causing the drops.
The counters are from the time the logical router port was created. The packet counters will be reset
on edge reboot or edge dataplane restart.
- Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP
is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet,
could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP
resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface,
TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol
or L4 port.
- Some of the IPSec packet drop reasons include the missing security association or VTI interface. It
also includes packets dropped due to policy lookup error or block policy.
- Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
rx	Packets in statistics Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly
sub_cluster_id	The ID of the Pairwise subcluster in Active-Active service router cluster The subcluster ID of logical router port. Active-Active service router cluster forms pariwise sub cluster of nodes and syncs states among them.	string	Readonly
transport_node_id	The ID of the TransportNode	string	Required Readonly
tx	Packets out statistics Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly

LogicalRouterPortStatisticsSummary (schema)

Summary of logical router port statistics

Provides the aggregated statistics of a logical router port across all transport nodes
on a specific enforcement point since the time the logical router port was created. The
logical router port statistics from a given transport node will be reset on edge reboot
or edge dataplane restart of that node. It includes the following information:

- Logical router port ID.
- Aggregated incoming packet counters on the logical router port across all
transport nodes. It includes the total number of packets received, dropped, and
the number of errors and failures causing the drops. The counters are from the
time the logical router port was created. The logical router port statistics from a
given transport node will be reset on edge reboot or edge dataplane restart of
that node.
- Aggregated outgoing packet counters on the logical router port across all
transport nodes. It includes the total number of packets sent, dropped, and
the number of errors and failures causing the drops. The counters are from the
time the logical router port was created. The logical router port statistics from a
given transport node will be reset on edge reboot or edge dataplane restart of
that node.
- Some of the packet drop reasons include, the DAD (Duplicate Address Detection)
status of the IP is not in ASSIGNED state, firewall rules, failed to fragment
the packet, receive malformed packet, could not find route to destination,
absence of the receiver, insufficient memory, incomplete ARP resolution of the
next-hop, RPF check failure, failed to redirect packet to KNI interface, TTL
exceeded, port does not have a linked peer port and and unsupported - destination,
protocol or L4 port.
- Some of the IPSec packet drop reasons include the missing security association or
VTI interface. It also includes packets dropped due to policy lookup error or block
policy.
- Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_router_port_id	The ID of the logical router port	string	Required
rx	Packets in statistics Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly
tx	Packets out statistics Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly

LogicalRouterState (schema)

Realization State of Logical Router.

This holds the state of Logical Router. If there are errors in realizing LR outside of MP, it gives details of the components and specific errors.

Name	Description	Type	Notes
details	Array of configuration state of various sub systems	array of ConfigurationStateElement	Readonly
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
pending_change_list	List of pending changes Request identifier of the API which modified the entity.	array of string	Readonly
state	Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated.	string	Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, VC_VCP_ACTION_PENDING, VC_VCP_ACTION_FAILED, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING

LogicalRouterStatus (schema)

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
locale_operation_mode	Location mode for logical router Egress mode for the logical router at given mode	string	Readonly Enum: PRIMARY_LOCATION, SECONDARY_LOCATION
logical_router_id	The id of the logical router	string	Required
per_node_status	Per Node Status	array of LogicalRouterStatusPerNode	Readonly

LogicalRouterStatusPerNode (schema)

Name	Description	Type	Notes
edge_path	edge transport node path. Only populated by Policy APIs	string
high_availability_status	A service router's HA status on an edge node	string	Required Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN, ADMIN_DOWN
is_default_sub_cluster	Is edge transport node in default sub cluster. True if edge transport node is a member of default sub cluster	boolean	Default: "False"
service_group_ha_status	Service High Availability status Service High availability status of service group linked with sub cluster.	string	Enum: UNKNOWN, ACTIVE, STANDBY
service_router_id	id of the service router where the router status is retrieved.	string
sub_cluster_id	Sub cluster id for the node. This field is populated for sateful active-active mode. Runtime state is only synced among nodes in the same sub cluster.	string
traffic_group_id	Traffic Group ID of the edge node This field is populated only for VMC on AWS. It is the ID of the traffic group associated with the edge node.	string
transport_node_id	id of the transport node where the router status is retrieved.	string	Required

LogicalSwitchStatistics (schema)

Name	Description	Type	Notes
distributed_dhcp_server_packets		DistributedDhcpServerPackets	Readonly
dropped_by_firewall_packets		DfwDropCounters	Readonly
dropped_by_security_packets		PacketsDroppedBySecurity	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_switch_id	The id of the logical Switch	string	Required Readonly
mac_learning		MacLearningCounters	Readonly
nsxt_fp	ENS/FC module for DP packet processing	FpCounters	Readonly
nsxt_swsec	Switch Security provides stateless L2 and L3 security by checking, traffic to the logical switch and dropping unauthorized packets sent, from VMs	SwsecCounters	Readonly
nsxt_vdl2	Overlay Layer-2 module responsible for workload connectivity	Vdl2Counters	Readonly
nsxt_vdrb	Virtual Distributed Routing (VDR) routes packets on every ESX	VdrbCounters	Readonly
nsxt_vsip	VSIP provides Distributed Firewall capability	VsipCounters	Readonly
nsxt_vswitch	Virtual Switch is responsible for providing switching functionality	VswitchCounters	Readonly
rx_bytes		DataCounter	Readonly
rx_packets		DataCounter	Readonly
tx_bytes		DataCounter	Readonly
tx_packets		DataCounter	Readonly

LoginCredential (schema)

Base type for various login credential types

Name	Description	Type	Notes
credential_type	Login credential, for example username-password-thumbprint, certificate or session based, etc Supported credential types are 'SamlTokenLoginCredential'. Please note 'UsernamePasswordLoginCredential' and 'SessionLoginCredential' are deprecated. VerifiableAsymmetricLoginCredential is used for internal purpose only.	string	Required

MACAddress (schema)

MAC Address

A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case,
separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB.

Name	Description	Type	Notes
MACAddress	MAC Address A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB.	string	Format: mac-address

MACAddressExpression (schema)

MAC address expression node

Represents MAC address expressions in the form of an array, to support
addition of MAC addresses in a group.
Avoid creating groups with multiple MACAddressExpression.
In future releases, group will be restricted to contain
a single MACAddressExpression. To group MAC addresses,
use nested groups instead of multiple MACAddressExpression.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mac_addresses	Array of MAC addresses This array can consist of one or more MAC addresses. Max limit of 4000 MAC addresses applies across all the expressions.	array of MACAddress	Required Minimum items: 1 Maximum items: 4000
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MACAddressExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

MACAddressList (schema)

MAC Address members.

List of MAC Addresses.

Name	Description	Type	Notes
mac_addresses	Array of MAC addresses The array contains MAC addresses.	array of MACAddress	Required Minimum items: 1 Maximum items: 4000

MacAddressCsvListResult (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
results		array of MacTableCsvRecord

MacAddressType (schema)

The type of the MAC address

Name	Description	Type	Notes
MacAddressType	The type of the MAC address	string	Enum: STATIC, LEARNED

MacDiscoveryProfile (schema)

Mac Discovery Profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
mac_change_enabled	Is rule enabled or not Allowing source MAC address change	boolean	Default: "False"
mac_learning_aging_time	Aging time in seconds for learned MAC address Indicates how long learned MAC address remain.	int	Readonly Default: "600"
mac_learning_enabled	Is MAC learning enabled or not Allowing source MAC address learning	boolean	Required
mac_limit	Maximum number of MAC addresses learnt The maximum number of mac addresses that can be learnt on this port when mac learning is enabled.	int	Minimum: 0 Maximum: 4096 Default: "4096"
mac_limit_policy	Mac Limit Policy The policy after MAC Limit is exceeded	string	Enum: ALLOW, DROP Default: "ALLOW"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_overlay_mac_limit	The maximum number of MAC addresses learned on an overlay Logical Switch The maximum number of mac addresses learnt on an overlay logical switch, irrespective of whether mac learning is enabled on the segment ports. When this limit is reached, traffic for mac addresses that are not learnt will be flooded.	int	Minimum: 2048 Maximum: 8192 Default: "2048"
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MacDiscoveryProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
unknown_unicast_flooding_enabled	Is unknown unicast flooding rule enabled or not Allowing flooding for unlearned MAC for ingress traffic	boolean

MacDiscoveryProfileListRequestParameters (schema)

Mac Discovery Profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

MacDiscoveryProfileListResult (schema)

Paged collection of Mac Discovery Profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Mac Discovery profile list results	array of MacDiscoveryProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

MacLearningCounters (schema)

Name	Description	Type
mac_not_learned_packets_allowed	Number of dispatched packets with unknown source MAC address. The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW.	integer
mac_not_learned_packets_dropped	Number of dropped packets with unknown source MAC address. The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP.	integer
macs_learned	Number of MACs learned	integer

MacTableCsvRecord (schema)

Name	Description	Type	Notes
mac_address	The MAC address	string	Required
rtep_group_id	Remote tunnel endpoint(RTEP) group id RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address.	integer
vtep_group_id	Virtual tunnel endpoint(VTEP) group id VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address.	integer
vtep_ip	The virtual tunnel endpoint IPv4 address	IPAddress
vtep_ipv6	The virtual tunnel endpoint IPv6 address	IPv6Address
vtep_mac_address	The virtual tunnel endpoint MAC address	string

MacTableEntry (schema)

Name	Description	Type	Notes
mac_address	The MAC address	string	Required
rtep_group_id	Remote tunnel endpoint(RTEP) group id RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address.	integer
vtep_group_id	Virtual tunnel endpoint(VTEP) group id VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address.	integer
vtep_ip	The virtual tunnel endpoint IPv4 address	IPAddress
vtep_ipv6	The virtual tunnel endpoint IPv6 address	IPv6Address
vtep_mac_address	The virtual tunnel endpoint MAC address	string

MalwarePreventionProfile (schema)

Malware Prevention Profile

MalwarePrevention Profile which contains the criteria to include Malware Prevention signatures.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
detection_type	Detection Types Represents how the Malware Prevention detection works.	string	Required Enum: SIGNATURE_BASED, SIGNATURE_AND_SANDBOXING_BASED
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
file_type	File Type Represents different type of files extensions supported in Malware Prevention.	array of FileType	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MalwarePreventionProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

MalwarePreventionSignature (schema)

Malware Prevention Signature

Malware Prevention Signature .

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
file_type	File Type File type of Signature.	string
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MalwarePreventionSignature	string
signature_id	Signature ID Represents the Signature's id.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ManagedResource (schema)

Base type for resources that are managed by API clients

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	The type of this resource.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

ManagementConfig (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
publish_fqdns	True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability.	boolean	Required

MandatoryAccessControlProperties (schema)

Information about mandatory access control

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
enabled	Enabled can be True/False	boolean
status	current status of Mandatory Access Control	string	Readonly Enum: ENABLED, DISABLED, ENABLED_PENDING_REBOOT

MetadataProxyConfig (schema)

Metadata Proxy Configuration

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crypto_protocols	Metadata proxy supported cryptographic protocols The cryptographic protocols listed here are supported by the metadata proxy. TLSv1.1 and TLSv1.2 are supported by default	array of MetadataProxyCryptoProtocols
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_cluster_path	Poilcy path to Edge Cluster Edge clusters configured on MP are auto-discovered by Policy and create corresponding read-only intent objects.	string	Required
enable_standby_relocation	Flag to enable standby relocation Only auto-placed metadata proxies are considered for relocation. Must be FALSE, when the preferred_edge_paths property is configured.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
preferred_edge_paths	Preferred Edge Paths Edge nodes should be members of edge cluster configured in edge_cluster_path.	array of string	Maximum items: 2
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MetadataProxyConfig	string
secret	Secret Secret word or phrase to access metadata server.	secure_string
server_address	Server Address This field is a URL. Example formats - http://1.2.3.4:3888/path, http://text-md-proxy:5001/. Port number should be between 3000-9000.	string	Required
server_certificates	Policy paths to Certificate Authority (CA) certificates Valid certificates should be configured. The validity of certificates is not checked. Certificates are managed through /infra/certificates API on Policy.	array of string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

MetadataProxyCryptoProtocols (schema)

Metadata proxy supported cryptographic protocol

Name	Description	Type	Notes
MetadataProxyCryptoProtocols	Metadata proxy supported cryptographic protocol	string	Enum: TLS_V1, TLS_V1_1, TLS_V1_2 Default: "TLS_V1_2"

MetadataProxyRuntimeRequestParameters (schema)

Request Parameters for Metadata Proxy Runtime Information

Request parameters that represents a segment path and enforcement_point_path.

Name	Description	Type
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string
segment_path	String Path of the segment which is associated with this metadata proxy	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

MetadataProxyStatisticsPerSegment (schema)

Name	Description	Type	Notes
error_responses_from_nova_server	error responses from nova server	integer	Required
requests_from_clients	requests from clients	integer	Required
requests_to_nova_server	requests to nova server	integer	Required
responses_to_clients	responses to clients	integer	Required
segment_path	Policy path of the attached segment	string	Required
succeeded_responses_from_nova_server	succeeded responses from nova server	integer	Required

MitreAttack (schema)

Mitre Attack

Contain Mitre attack details like tacticName, tacticUrl, techniqueName and techniqueUrl.

Name	Description	Type
tactic_name	Tactic Name Represents tactic name of attack.	string
tactic_url	Tactic Url Represents tactic url of attack.	string
technique_name	Technique Name Represents technique name of attack.	string
technique_url	Technique Url Represents technique url of attack.	string

MonitoringError (schema)

Represents an error that occurred while gathering information

Monitoring information is gathered from multiple sub-systems/components, using
REST or RPC calls internally. It is quite possible for a component or sub-system
fail, in which case it is captured as an error and reported.

Name	Description	Type
error_code	NSX error code if available	integer
error_message	Error mesage	string
params	Parameters for construcing error details	array of object

MonitoringInfo (schema)

Provides details of all flows in federation

Provides monitoring information for all flows in federation from the
given site where the API is invoked. For example - monitoring information
from Global Manager doesn't provide details of Local Manager to Local Manager
flows. Similary, LocalManager will not provide Global Manager ACTIVE to
Global Manager STANDBY flow details.

Name	Description	Type	Notes
errors	All errors occurred while gathering monitoring info	array of MonitoringError
flow_info	Monitoring information of flows in federation	array of FlowInfo

MonitoringProfileBindingMap (schema)

Base Monitoring Profile Binding Map

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value MonitoringProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

MonitoringServiceProperties (schema)

Monitoring service properties

Name	Description	Type	Notes
logging_level	Service logging level	string	Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO"

MultiWidgetConfiguration (schema)

Multi-Widget

Combines two or more widgetconfigurations into a multi-widget

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value MultiWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
widgets	Widgets Array of widgets that are part of the multi-widget.	array of WidgetItem	Required Minimum items: 1 Maximum items: 2
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

NAPILogLevelValue (schema)

Log Level Value

Name	Description	Type	Notes
log_level	Log Level	string	Required Enum: critical, error, warn, info, debug, off

NDRAAdvertisedRoute (schema)

Name	Description	Type	Notes
route_lifetime	Lifetime of advertised route Lifetime of advertised route in seconds.	integer	Minimum: 0 Maximum: 65520 Default: "1800"
route_preference	Route preference NDRA Route preference. Indicates preference of the router associated with a prefix over others, when multiple identical prefixes (for different routers) have been received.	NDRAPreference	Default: "MEDIUM"
subnet	Advertised route subnet Advertised route subnet	IPv6CIDRBlock	Required

NDRAPreference (schema)

NDRA Router and route preference

For an NDRA router, indicates preference of this router over other default routers.
For an NDRA route, indicates preference of the router associated with this prefix
over others, when multiple identical prefixes (for different routers) have
been received.
Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not
to be used and is treated as MEDIUM.

Name	Description	Type	Notes
NDRAPreference	NDRA Router and route preference For an NDRA router, indicates preference of this router over other default routers. For an NDRA route, indicates preference of the router associated with this prefix over others, when multiple identical prefixes (for different routers) have been received. Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not to be used and is treated as MEDIUM.	string	Enum: LOW, MEDIUM, HIGH, RESERVED

NSXRelease (schema)

Name	Description	Type	Notes
downloaded	Hint whether this bundle is downloaded or not.	boolean	Readonly
readiness_checked	Hint whether readiness is checked for the current system for this version	boolean	Readonly
release_date	Release date Release date	string	Readonly
release_notes	Release notes. Release notes of the release.	string	Readonly
type	Version type The purpose of the release.	string	Readonly Enum: PATCH_UPDATE, MAINTENANCE_UPDATE, SECURITY_PATCH, HOT_PATCH
version	Version available on VMware download site. Version available on VMware download site.	string	Readonly

NSXReleaseRequest (schema)

Name	Description	Type	Notes
source	Source where notification is generated Source where notification is generated	string	Readonly

NSXReleases (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of NSX Releases available.	array of NSXRelease	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NSXTConnectionInfo (schema)

NSX-T Connection Info

Credential info to connect to an NSX-T type of enforcement point.

Name	Description	Type	Notes
enforcement_point_address	Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"	string	Required
password	Password Password.	secure_string
resource_type	Must be set to the value NSXTConnectionInfo	string	Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
thumbprint	Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. Only used during onboarding and not updated during follow-up certificate changes.	string
username	Username Username.	string
edge_cluster_ids	Edge Cluster IDs Edge Cluster UUIDs on enforcement point. Edge cluster information is required for creating logical L2, L3 constructs on enforcement point. Max 1 edge cluster ID. This is a deprecated property. The edge cluster id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1/edge-clusters/edge-cluster-id. The value passed through this property will be ignored.	array of string	Deprecated Maximum items: 1
transport_zone_ids	Transport Zone IDs Transport Zone UUIDs on enforcement point. Transport zone information is required for creating logical L2, L3 constructs on enforcement point. Max 1 transport zone ID. This is a deprecated property. The transport zone id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones and GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones/transport-zone-id. The value passed through this property will be ignored.	array of string	Deprecated Maximum items: 1

NSXVConnectionInfo (schema)

NSX-V Connection Info

Credential info to connect to an NSX-V type of enforcement point.

Name	Description	Type	Notes
enforcement_point_address	Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi"	string	Required
password	Password Password.	secure_string	Required
resource_type	Must be set to the value NSXVConnectionInfo	string	Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo
thumbprint	Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. Only used during onboarding and not updated during follow-up certificate changes.	string	Required
username	Username Username.	secure_string	Required

NamespaceMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name	Description	Type	Notes
display_name	The display name of the member on the enforcement point	string	Required Readonly
id	The ID of the member on the enforcement point	string	Required Readonly
pods		array of PolicyGroupMemberDetails	Required

NatServiceEntry (schema)

Nat Service Entry

Gives information about protocol, source ports, destination ports and translated ports.

Name	Description	Type	Notes
destination_ports	Port number or port range Gives the match destination ports.	PortElement
protocol	Protocol protocol supports TCP, UDP and ICMP v4	string	Enum: TCP, UDP, ICMP
source_ports	Port number or port range Gives the match source ports.	PortElement
translated_ports	Port number or port range Gives the translated ports.	PortElement

NdSnoopingConfig (schema)

ND Snooping Configuration

Contains Neighbor Discovery Protocol (ND) snooping related configuration.

Name	Description	Type	Notes
nd_snooping_enabled	Is ND snooping enabled or not Enable this method will snoop the NS (Neighbor Solicitation) and NA (Neighbor Advertisement) messages in the ND (Neighbor Discovery Protocol) family of messages which are transmitted by a VM. From the NS messages, we will learn about the source which sent this NS message. From the NA message, we will learn the resolved address in the message which the VM is a recipient of. Addresses snooped by this method are subject to TOFU (Trust on First Use) policies as enforced by the system.	boolean	Default: "False"
nd_snooping_limit	Maximum number of ND (Neighbor Discovery Protocol) bindings Maximum number of ND (Neighbor Discovery Protocol) snooped IPv6 addresses	int	Minimum: 2 Maximum: 15 Default: "3"

NdpHeader (schema)

Neighbor discovery protocol header

Name	Description	Type	Notes
dst_ip	The destination IP address The IP address of the destination of the solicitation. It MUST NOT be a multicast address.	IPv6Address
msg_type	NDP message type This field specifies the type of the Neighbor discover message being sent. NEIGHBOR_SOLICITATION - Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. NEIGHBOR_ADVERTISEMENT - Neighbor Advertisement message in response to a Neighbor Solicitation message.	string	Enum: NEIGHBOR_SOLICITATION, NEIGHBOR_ADVERTISEMENT Default: "NEIGHBOR_SOLICITATION"

NestedExpression (schema)

NestedExpression

Nested expressions is a list of condition expressions that must follow the
below criteria:
0. Only allowed expressions in a NestedExpression are Condition and
ConjunctionOperator.
1. A non-empty expression list, must be of odd size. In a list, with
indices starting from 0, all condition expressions must be at even indices,
separated by the conjunction expressions AND at odd indices.
2. There may be at most 5 condition expressions inside a list.
3. NestedExpressions are homogeneous in nature, i.e, all expressions inside
a nested expression must have the same member type.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
expressions	Expression Expression.	array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GeoLocationExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression	Required Minimum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value NestedExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

NestedServiceServiceEntry (schema)

A ServiceEntry that represents nesting service

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nested_service_path	path of nested service	string	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value NestedServiceServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

NetworkInfo (schema)

Name	Description	Type	Notes
dst_ip	The destination IP address or subnet The destination IP can be an IP address or a subnet.	IPElement
src_ip	The source IP address or subnet The source IP can be an IP address or a subnet.	IPElement

NetworkInterfaceRequestParameters (schema)

Node network interface request parameters

Request parameters to filter REST API for list network interface.

Name	Description	Type	Notes
admin_status	Admin status of the interface Defines admin status of the interface.	string	Enum: UP, DOWN
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

NetworkPolicyImportRequest (schema)

List of K8s Network Policies to be imported

This contains a list of K8s Network Policy IDs to be imported as
DFW SecurityPolicy.

Name	Description	Type	Notes
network_policy_ids	Set of K8s Network policy identifiers A set of network policy UUIDs that has to be imported to NSX SecurityPolicy	array of string	Required Maximum items: 5000
sequence_number_lower	The sequence number at which the drop policy is placed This is an optional field. If specified, the "drop" action policy will be placed at this position. If unspecified, the drop policy will be created after its corresponding allow policy. The default-drop policies' sequence_number = last existing policy sequence_number + 2. If you specify the sequence numbers explicitly, you must specify both sequence_number_upper and sequence_number_lower at the same time. The sequence_number_lower must be greater than sequence_number_upper.	int
sequence_number_upper	The sequence number at which the allow policy is placed This is an optional field. If specified, the "allow" action policy will be placed at this position. If unspecified, the import API should find the lowest existing copy-span security policy applied to the original container cluster, and put the imported policies behind it. The allow policies' sequence_number=last existing copy-span policy sequence_number + 1	int

NetworkPolicyImportRequestParameters (schema)

Import Request Parameters

Request parameters while importing the network policies

Name	Description	Type	Notes
on_error	Action to take when error occurs	string	Enum: ABORT, CONTINUE Default: "ABORT"

NetworkPolicyImportResponse (schema)

Summary response of the import action

The response contains the count of network policies imported.
If there are any failures, then the error response is also included

Name	Description	Type
errors	List of errors, if any specific to networkpolicy Contains a list of errors against each of the network policy id that failed during import.	array of ImportErrorMessage
errors_general	List of general errors contains a list of errors agains general errors	array of ImportErrorMessage
request_count	The total number of network policies in the import request This is the count of the network policies that were contained in the import request	int
success_count	The count of successfully imported policies The count of the successfully imported network policies.	int

NewRole (schema)

New Role

Name	Description	Type	Notes
new_role_description	New role description	string
new_role_id	New role id	string	Required Pattern: "^[_a-z0-9-]+$"
new_role_name	New role name	string	Required

NoRestRequestParameters (schema)

Parameter definition for requests that do not allow parameters.

Name	Description	Type	Notes
NoRestRequestParameters	Parameter definition for requests that do not allow parameters.	object

NodeAsyncReplicatorServiceProperties (schema)

Node service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	Service properties	LoggingServiceProperties

NodeAuthProviderVidmProperties (schema)

Node AAA provider vIDM properties

Name	Description	Type	Notes
client_id	vIDM client id	string	Required
client_secret	vIDM client secret	string
host_name	Fully Qualified Domain Name(FQDN) of vIDM	string	Required
lb_enable	Load Balancer enable flag	boolean
node_host_name	host name of the node redirected to host name to use when creating the redirect URL for clients to follow after authenticating to vIDM	string	Required
thumbprint	vIDM certificate thumbprint Hexadecimal SHA256 hash of the vIDM server's X.509 certificate	string	Required
vidm_enable	vIDM enable flag	boolean

NodeAuthProviderVidmStatus (schema)

Node AAA provider vIDM status

Name	Description	Type	Notes
runtime_state	AAA provider vIDM status	string	Required
vidm_enable	vIDM enable flag	boolean	Required

NodeAuthServiceProperties (schema)

Node AUTH service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	AUTH Service properties	AuthServiceProperties

NodeFileSystemProperties (schema)

File system properties

Name	Description	Type	Notes
file_system	File system id	string	Readonly
mount	File system mount	string	Readonly
total	File system size in kilobytes	integer	Readonly
type	File system type	string	Readonly
used	Amount of file system used in kilobytes	integer	Readonly

NodeGlobalManagerServiceProperties (schema)

Node service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	Service properties	LoggingServiceProperties

NodeGrubProperties (schema)

Node GRUB properties

Name	Description	Type	Notes
timeout	GRUB menu timeout value in seconds	integer	Minimum: 0 Maximum: 2147483647
users	List of node GRUB user properties	array of NodeGrubUserProperties

NodeGrubUserProperties (schema)

Node GRUB user properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
password	Password for the GRUB user	string
username	Username of the GRUB user	string

NodeHealth (schema)

Node Health information

Name	Description	Type	Notes
components_health	Comoponents health details	string
healthy	Flag indicating that node is healthy or not	boolean

NodeHttpServiceProperties (schema)

Node HTTP service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	HTTP Service properties	HttpServiceProperties

NodeIdServicesMap (schema)

Name	Description	Type	Notes
node_id	NodeId	string	Required Maximum length: 255
service_types	List of ServiceTypes.	array of ServiceType	Required

NodeInfo (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
component_version	Component version of the node	string	Required Readonly
display_name	Name of the node	string	Required Readonly
id	UUID of node Identifier of the node	string	Required Readonly
type	Node type	string	Required Readonly

NodeInfoListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which nodes will be filtered	string
component_version	Component version based on which nodes will be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

NodeInfoListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of Nodes	array of NodeInfo	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeInstallUpgradeServiceProperties (schema)

Node install-upgrade service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	install-upgrade Service properties	InstallUpgradeServiceProperties

NodeInterfaceAlias (schema)

Node network interface alias

Name	Description	Type	Notes
broadcast_address	Interface broadcast address	IPAddress	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
ip6_address	Interface IPv6 CIDR addresses	array of IPv6CIDRBlock
ip_address	Interface IP address	IPAddress	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
ip_configuration	Interface configuration	string	Enum: dhcp, static, not configured, autoconf
netmask	Interface netmask	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
physical_address	Interface MAC address	MACAddress

NodeInterfaceProperties (schema)

Node network interface properties

Name	Description	Type	Notes
admin_status	Interface administration status	string	Enum: UP, DOWN
backing_nsx_managed	Indicates whether backing of VIRTUAL network interface is managed by NSX	boolean
connected_switch	Connected switch	string
connected_switch_type	Type of switch Type of switch associated with the interface.	string	Readonly Enum: VSS, DVS, N-VDS
device	Device name Device name.	string	Readonly
dpu_alias	Data processing unit device alias Specifies the Data processing unit dpu alias(device alias) if the interface is backed by a DPU.	string	Readonly
dpu_backed	Flag to indicate DPU backed interface If interface is backed by data processing unit (DPU) and state of DPU is MANAGED, then this property is true.	boolean	Readonly
dpu_id	Data processing unit ID Data processing unit ID if the interface is backed by a DPU.	string	Readonly
driver	Driver name Driver name.	string	Readonly
ens_capable	Interface capability for Enhanced Networking Stack	boolean
ens_enabled	Indicates whether interface is enabled for Enhanced Networking Stack	boolean
ens_interrupt_capable	Interface capability for Enhanced Networking Stack interrupt This boolean property describes if network interface is capable for Enhanced Networking Stack interrupt	boolean
ens_interrupt_enabled	Indicates whether interface is enabled for Enhanced Networking Stack interrupt This boolean property describes if network interface is enabled for Enhanced Networking Stack interrupt	boolean
host_managed	Indicates whether interface is managed by the host	boolean
interface_alias	IP Alias	array of NodeInterfaceAlias
interface_id	Interface ID	string
interface_type	Interface Type	string	Enum: PHYSICAL, VIRTUAL, BOND, TEAMING
interface_uuid	UUID of the interface	string	Readonly
key	Device key Device key.	string	Readonly
link_status	Interface administration status	string	Enum: UP, DOWN
lport_attachment_id	LPort Attachment Id assigned to VIRTUAL network interface of a node	string
mtu	Interface MTU	integer
pci	PCI device PCI device.	string	Readonly
source	Source of status data	DataSourceType
speed	Speed Interface speed in Mbps.	number	Readonly
state	Virtual tunnel end point state This property shows the current state of virtual tunnel end point (VTEP). If not in NORMAL state, then overlay workloads using this TEP will face network outage. In those cases, check if TEP has valid IP or any other underlay connectivity issues, and enable TEP HA to failover workloads to other healthy TEPs. Note that MAINTENANCE state is triggered by user and TEP will be disabled.	string	Enum: INVALID_STATE, INIT, NORMAL, IP_WAITING, BFD_DOWN, MAINTENANCE

NodeInterfacePropertiesListResult (schema)

Node network interface properties list results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node interface property results	array of NodeInterfaceProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeInterfaceStatisticsProperties (schema)

Node network interface statistics

Provides statistics of the specified network interface on a transport node
since the time the system has been UP. The statistics will be reset on transport
node restart. It includes the following information:

- Incoming packet count.
- Outgoing packet count.
- Dropped packet count.
- Error/Failure reason for the dropped packet.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
interface_id	Interface ID	string
rx_bytes	Bytes in The total number of bytes received on the interface since the uptime. This will be reset on transport node restart.	integer
rx_drop_no_match	Rx drop no match The total number of packets dropped on the edge transport node interface since the uptime due to one of the below reasons. - MAC lookup failure. - If logical service interface receives a packet which is not destined for the service. This will be reset on edge reboot or edge dataplane restart.	integer
rx_dropped	Total packets dropped since the uptime	integer
rx_errors	Rx errors The total number of erroneous incoming packets received on the interface since the uptime. This will be reset on transport node restart.	integer
rx_frame	Total framing error packets since the uptime Total framing error packets since the uptime. Available only for Host Transport Node.	integer
rx_misses	Rx misses The Total number of incoming packets dropped on the edge transport node interface since the uptime.For DPDK interface this could be due to Rx buffer overflow or busy Fast Path(FP) core. This will be reset on edge reboot or edge dataplane restart.	integer
rx_nombufs	Rx no mBufs The total number of incoming packets dropped on the edge transport node interface since the uptime due to Rx mBuf allocation failure. This will be reset on edge reboot or edge dataplane restart.	integer
rx_packets	Packets in The total number of incoming packets on the interface since the uptime. This will be reset on transport node restart.	integer
source	Source of status data.	DataSourceType
tx_bytes	Tx Bytes The total number of bytes transmitted from the interface since the uptime. This will be reset on transport node restart.	integer
tx_carrier	Total packets for carrier losses detected on transmit Total packets for carrier losses detected on transmit. Available only for Host Transport Node.	integer
tx_colls	Total packets for collisions detected on transmit Total packets for collisions detected on transmit. Available only for Host Transport Node.	integer
tx_dropped	Total packets dropped on transmit since the uptime	integer
tx_drops	Tx drops The total number of outgoing packets dropped on the DPDK interface of the edge transport node due to Tx buffer overflow since the uptime. The vmxnet3 backend or physical NIC is not able to process all the packets that edge is attempting to send out. This will be reset on edge reboot or edge dataplane restart.	integer
tx_errors	Tx errors The total number of erroneous packets failed to be transmitted since the uptime. This will be reset on transport node restart.	integer
tx_packets	Packets out The total number of outgoing packets transmitted from the interface since the uptime. This will be reset on transport node restart.	integer

NodeLogProperties (schema)

Node log properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
last_modified_time	Last modified time expressed in milliseconds since epoch	EpochMsTimestamp	Readonly
log_name	Name of log file	string	Readonly
log_size	Size of log file in bytes	integer	Readonly

NodeLogPropertiesListResult (schema)

Node log property query results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node log property results	array of NodeLogProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeMonitoringServiceProperties (schema)

Node Monitoring service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	Monitoring Service properties	MonitoringServiceProperties

NodeMotdProperties (schema)

Node message of the day properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
motd	Message of the day to display when users login to node using the NSX CLI	string or null

NodeNameServersProperties (schema)

Node network name servers properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
name_servers	Name servers	array of string	Required Maximum items: 3

NodeNetworkInterfaceProperties (schema)

Node network interface properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
admin_status	Interface administration status	string	Readonly Enum: up, down
bond_cur_active_slave	Bond's currently active slave device	string	Readonly
bond_lacp_rate	Bond's rate at which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode	string	Readonly
bond_mode	Bond mode	string	Enum: ACTIVE_BACKUP, 802_3AD, ROUND_ROBIN, BROADCAST, XOR, TLB, ALB
bond_primary	Bond's primary device name in active-backup bond mode	string
bond_primary_slave	Bond's primary device name in active-backup bond mode	string	Readonly
bond_slaves	Bond's slave devices	array of string
bond_xmit_hash_policy	Bond's transmit hash policy for balance-xor and 802.3ad modes	string	Readonly Enum: layer2, layer2+3, layer3+4, encap2+3, encap3+4
broadcast_address	Interface broadcast address	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
default_gateway	Interface's default gateway	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$"
interface_id	Interface ID	string	Required Readonly
ip6_addresses	Interface IPv6 addresses	array of IPv6AddressProperties
ip_addresses	Interface IP addresses	array of IPv4AddressProperties	Maximum items: 1
ip_configuration	Interface configuration	string	Required Enum: dhcp, static, not configured
is_kni	Interface is a KNI	boolean	Readonly
link_status	Interface administration status	string	Readonly Enum: up, down
mtu	Interface MTU	integer
physical_address	Interface MAC address	string	Readonly Pattern: "^[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}$"
plane	Interface plane	string	Enum: mgmt, debug, none
vlan	VLAN Id	integer	Readonly Minimum: 1 Maximum: 4094

NodeNetworkInterfacePropertiesListResult (schema)

Node network interface properties list results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node network interface property results	array of NodeNetworkInterfaceProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeNetworkProperties (schema)

Network configuration properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly

NodeNtpServiceProperties (schema)

Node NTP service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	NTP Service properties	NtpServiceProperties

NodePhonehomeCoordinatorServiceProperties (schema)

Node Phonehome Coordinator service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	Phonehome Coordinator Service properties	PhonehomeCoordinatorServiceProperties

NodeProcessProperties (schema)

Node process properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cpu_time	CPU time (user and system) consumed by process in milliseconds	integer	Readonly
mem_resident	Resident set size of process in bytes	integer	Readonly
mem_used	Virtual memory used by process in bytes	integer	Readonly
pid	Process id	integer	Readonly
ppid	Parent process id	integer	Readonly
process_name	Process name	string	Readonly
start_time	Process start time expressed in milliseconds since epoch	EpochMsTimestamp	Readonly
uptime	Milliseconds since process started	integer	Readonly

NodeProcessPropertiesListResult (schema)

Node process property query results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node process property results	array of NodeProcessProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeProperties (schema)

Node properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cli_coredump_config	NSX CLI core dump files config	CoreDumpConfig	Readonly
cli_history_size	NSX CLI command history limit, set to 0 to configure no history size limit	integer	Minimum: 0
cli_output_datetime	NSX CLI display datetime stamp in command output	boolean
cli_output_deprecate_warn	NSX CLI display deprecate warning in command output	boolean
cli_timeout	NSX CLI inactivity timeout, set to 0 to configure no timeout	integer	Minimum: 0
export_type	Export restrictions in effect, if any	string	Readonly Enum: RESTRICTED, UNRESTRICTED
fully_qualified_domain_name	Fully qualified domain name	string	Readonly
hostname	Host name or fully qualified domain name of node	SystemHostname
kernel_version	Kernel version	string	Readonly
motd	Message of the day to display when users login to node using the NSX CLI	string or null
node_type	Node type	string	Readonly Enum: NSX Manager, NSX Global Manager, NSX Edge, NSX Autonomous Edge, NSX Cloud Service Manager, NSX Public Cloud Gateway, NSX Malware Prevention Service VM
node_uuid	Node Unique Identifier	string	Readonly Maximum length: 36
node_version	Node version	string	Readonly
product_version	Product version	string	Readonly
system_datetime	System date time in UTC	DatetimeUTC
system_time	Current time expressed in milliseconds since epoch	EpochMsTimestamp	Readonly
timezone	Timezone	string

NodeProtonServiceProperties (schema)

Node service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	Service properties	LoggingServiceProperties

NodeRouteProperties (schema)

Node network route properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
destination	Destination covered by route	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$\|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"
from_address	From address	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$\|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"
gateway	Address of next hop	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$\|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"
interface_id	Network interface id of route	string
ipv6	IPv6 flag	boolean
metric	Metric value of route Default metric value for IPv4 is 0, whereas for IPv6 default value is 1024	string
netmask	Netmask or prefix length of destination covered by route For IPv4 this field expects valid IPv4 netmask address, whereas in case of IPv6 it expects valid prefix length	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$\|^[\d]{1,3}$"
proto	Routing protocol identifier of route	string	Enum: unspec, redirect, kernel, boot, static, gated, ra, mrt, zebra, bird, dnrouted, xorp, ntk, dhcp Default: "boot"
route_id	Unique identifier for the route	string	Readonly
route_type	Route type	string	Required Enum: default, static, blackhole, prohibit, throw, unreachable
scope	Scope of destinations covered by route	string
src	Source address to prefer when sending to destinations of route	string	Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$\|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}\|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))$"

NodeRoutePropertiesListResult (schema)

Node network route properties list results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node route property results	array of NodeRouteProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeSearchDomainsProperties (schema)

Node network search domains properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
search_domains	Search domains	array of string	Required

NodeServiceProperties (schema)

Node service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required

NodeServicePropertiesListResult (schema)

Node service property query results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node service property results	array of NodeServiceProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeServiceStatusProperties (schema)

Node service status properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
health	Service health in addition to runtime_state	string	Readonly Enum: STABLE, DEGRADED
monitor_pid	Service monitor process id	integer	Readonly
monitor_runtime_state	Service monitor runtime state	string	Readonly Enum: running, stopped
pids	Service process ids	array of integer	Readonly
reason	Reason for service degradation	string	Readonly
runtime_state	Service runtime state	string	Readonly Enum: running, stopped

NodeSnmpServiceProperties (schema)

Node SNMP service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	SNMP Service properties	SnmpServiceProperties	Required

NodeSnmpV3EngineID (schema)

SNMP V3 Engine Id

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
v3_engine_id	SNMP v3 engine id	string	Required

NodeSshServiceProperties (schema)

Node SSH service properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
service_name	Service name	string	Required
service_properties	SSH Service properties	SshServiceProperties

NodeSummary (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
component_version	Component version	string	Required Readonly
node_count	Count of nodes Number of nodes of the type and at the component version	int	Required Readonly
type	Node type	string	Required Readonly
upgrade_unit_subtype	UpgradeUnit sub type	string	Readonly Enum: RESOURCE, ACTION

NodeSummaryList (schema)

Name	Description	Type	Notes
results	List of Node Summary	array of NodeSummary	Required

NodeSyslogExporterProperties (schema)

Node syslog exporter properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
exporter_name	Syslog exporter name	string	Required
facilities	Facilities to export	array of SyslogFacility
level	Logging level to export	string	Required Enum: EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG
msgids	MSGIDs to export	array of string
port	Port to export to, defaults to 514 for TCP, TLS, UDP protocols or 9000 for LI, LI-TLS protocols	integer	Minimum: 1 Maximum: 65535
protocol	Export protocol	string	Required Enum: TCP, TLS, UDP, LI, LI-TLS
server	IP address or hostname of server to export to	HostnameOrIPv46Address	Required
structured_data	Structured data to export	array of string
tls_ca_pem	CA certificate PEM of TLS server to export to	string
tls_cert_pem	Certificate PEM of the rsyslog client	string
tls_client_ca_pem	CA certificate PEM of the rsyslog client	string
tls_key_pem	Private key PEM of the rsyslog client	string

NodeSyslogExporterPropertiesListResult (schema)

Node syslog exporter list results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Node syslog exporter results	array of NodeSyslogExporterProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeTime (schema)

Node system time in UTC

Name	Description	Type	Notes
system_datetime	Datetime string in UTC	DatetimeUTC	Required

NodeType (schema)

Node Type

Name	Description	Type	Notes
NodeType	Node Type	string

NodeUserPasswordProperty (schema)

Name	Description	Type	Notes
password	The new password for user	string	Required

NodeUserProperties (schema)

Node user properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
account_type	Node local user account type	string	Readonly Enum: administrator, audit, guest, root, service, system
full_name	Full name for the user	string
group_id	Primary group id for the user	integer	Readonly Minimum: 0 Maximum: 2147483647
home_dir	The absolute path of user home directory	string	Readonly
last_password_change	Number of days since password was last changed	integer	Readonly Minimum: 0 Maximum: 2147483647
login_shell	The absolute path of login shell	string	Readonly
old_password	Old password for the user (required on PUT if password specified)	string
password	Password for the user (optionally specified on PUT, unspecified on GET)	string
password_change_frequency	Number of days password is valid before it must be changed Number of days password is valid before it must be changed. This can be set to 0 to indicate no password change is required or a positive integer up to 9999. By default local user passwords must be changed every 90 days.	integer	Minimum: 0 Maximum: 9999 Default: "90"
password_change_warning	Number of days before user receives warning message of password expiration	integer	Minimum: 0 Maximum: 9999 Default: "7"
password_reset_required	Boolean value that states if a password reset is required	boolean
status	User status Status of the user. This value can be ACTIVE indicating authentication attempts will be successful if the correct credentials are specified. The value can also be PASSWORD_EXPIRED indicating authentication attempts will fail because the user's password has expired and must be changed. Or, this value can be NOT_ACTIVATED indicating the user's password has not yet been set and must be set before the user can authenticate.	string	Readonly Enum: ACTIVE, PASSWORD_EXPIRED, NOT_ACTIVATED
userid	Numeric id for the user	integer	Readonly Minimum: 0 Maximum: 2147483647
username	User login name (must be "root" if userid is 0)	string	Minimum length: 1 Maximum length: 32 Pattern: "^[a-zA-Z][a-zA-Z0-9-_.\-]*$"

NodeUserPropertiesListResult (schema)

Node users list results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of node users	array of NodeUserProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

NodeUserSettings (schema)

Name	Description	Type	Notes
audit_password	Node audit user password Password for the node audit user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid.	secure_string
audit_username	CLI "audit" username The default username is "audit". To configure username, you must provide this property together with audit_password. Username must contain ASCII characters only.	string	Pattern: "^[\x00-\x7F]+$"
cli_password	Node cli password Password for the node cli user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid.	secure_string
cli_username	CLI "admin" username To configure username, you must provide this property together with cli_password. Username must contain ASCII characters only.	string	Pattern: "^[\x00-\x7F]+$" Default: "admin"
root_password	Node root user password Password for the node root user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid.	secure_string

NodeVersion (schema)

Name	Description	Type	Notes
node_version	Node version	string	Readonly
product_version	Product version	string	Readonly

NorthSouthFirewall (schema)

North South firewall configuration

User can configure North-South firewall and it will be applicable to all the VPCs under that project.

Name	Description	Type	Notes
enabled	Flag that indicates whether north-south firewall (Gateway Firewall) is enabled. This flag indicates whether north-south firewall (Gateway Firewall) is enabled. If set to false, then gateway firewall policies will not be enforced on the VPCs associated with this configuration.	boolean	Default: "False"

NsxNodeStatusProperties (schema)

Node status properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
bootup_error	Autonomous edge bootup error	string	Readonly
cpu_cores	Number of CPU cores on the system	integer	Readonly
cpu_usage	CPU usage of DPDK and non-DPDK core groups Highest and average usage of DPDK and non-DPDK core of Edge Node.	CpuUsage	Readonly
edge_mem_usage	Memory usage of edge node Point in time usage of system, datapath, swap and cache memory in edge node. Valid only for Edge transport node.	EdgeTransportNodeMemoryUsage	Readonly
file_systems	File systems configured on the system	array of NodeFileSystemProperties	Readonly
form_factor	Form factor size of Manager and Global Manager nodes	string	Readonly Enum: EXTRA_SMALL, SMALL, MEDIUM, LARGE, EXTRA_LARGE, UNKNOWN(RESIZED)
load_average	One, five, and fifteen minute load averages for the system	array of number	Readonly
mem_available	Amount of available RAM in the system, in kilobytes. The amount of reclaimable buffer/cache memory in use is taken into consideration here to provide a better idea of how much memory is really available in the system	integer	Readonly
mem_buffer	Amount of RAM on the system used for temporary disk block storage, in kilobytes	integer	Readonly
mem_cache	Amount of RAM on the system that can be flushed out to disk, in kilobytes	integer	Readonly
mem_free	Amount of unused RAM in the system, in kilobytes	integer	Readonly
mem_slab	Amount of RAM allocated to the kernel slab allocator, in kilobytes	integer	Readonly
mem_slab_reclaimable	Amount of RAM allocated to the kernel slab allocator that is not currently in use, in kilobytes	integer	Readonly
mem_total	Amount of RAM allocated to the system, in kilobytes	integer	Readonly
mem_used	Amount of RAM in use on the system, in kilobytes. (This is mem_total - mem_available)	integer	Readonly
swap_total	Amount of disk available for swap, in kilobytes	integer	Readonly
swap_used	Amount of swap disk in use, in kilobytes	integer	Readonly
system_time	Current time expressed in milliseconds since epoch	EpochMsTimestamp	Readonly
uptime	Milliseconds since system start	integer	Readonly
cpu_sockets	Number of CPU sockets on the system	integer	Deprecated Readonly
dfw_heap_memory_usage		array of DfwHeapMemoryUsage	Deprecated Readonly
disk_space_total	Amount of disk space available on the system, in kilobytes Amount of disk space available on the system, in kilobytes.	integer	Deprecated Readonly
disk_space_used	Amount of disk space in use on the system, in kilobytes	integer	Deprecated Readonly
dpdk_cpu_cores	Number of DPDK CPU cores on the system Number of DPDK cores on Edge Node which are used for packet IO processing.	integer	Deprecated Readonly
dpus	Data processing units on the system	array of DpuStatusProperties	Deprecated Readonly
hostname	Host name of the system	string	Deprecated Readonly
non_dpdk_cpu_cores	Number of non-DPDK CPU cores on the system Number of non-DPDK cores on Edge Node.	integer	Deprecated Readonly
remote_logging_server_configured	Remote Logging Server Configured Indicates if remote logging server is configured.	boolean	Deprecated Readonly
source	Source of status data.	DataSourceType	Deprecated Readonly

NsxRole (schema)

Role

Name	Description	Type	Notes
role	Role ID This field represents the identifier of the role. With the introduction of custom roles, this field is no longer an enum.	string	Required
permissions	Permissions Please use the /user-info/permissions api to get the permission that the user has on each feature.	array of string	Deprecated Enum: read-api, read-write-api, crud, read, execute, none

NsxTDNSForwarderStatistics (schema)

Statistics counters of the DNS forwarder

The current statistics counters of the DNS forwarder including cache usages
and query numbers per forwarders, on an NSX-T type of enforcement point.

Name	Description	Type	Notes
cached_entries	The total number of cached entries	integer	Readonly
conditional_forwarder_statistics	The statistics of conditional forwarder zones	array of NsxTDNSForwarderZoneStatistics	Readonly Minimum items: 0 Maximum items: 5
configured_cache_size	The configured cache size, in kb	integer	Readonly
default_forwarder_statistics	The statistics of default forwarder zone	NsxTDNSForwarderZoneStatistics	Readonly
enforcement_point_path	Enforcement point path Policy path referencing the enforcement point from where the statistics are fetched.	string	Readonly
queries_answered_locally	The total number of queries answered from local cache	integer	Readonly
queries_forwarded	The total number of forwarded DNS queries	integer	Readonly
resource_type	Must be set to the value NsxTDNSForwarderStatistics	string	Required Enum: NsxTDNSForwarderStatistics
timestamp	Time stamp of the current statistics, in ms	EpochMsTimestamp	Readonly
total_queries	The total number of received DNS queries	integer	Readonly
used_cache_statistics	The statistics of used cache	array of NsxTPerNodeUsedCacheStatistics	Readonly Minimum items: 0 Maximum items: 2

NsxTDNSForwarderStatus (schema)

The current runtime status of DNS forwarder

The current runtime status of the DNS forwarder.

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path referencing the enforcement point from where the status is fetched.	string	Readonly
extra_message	Extra message, if available	string	Readonly
resource_type	Must be set to the value NsxTDNSForwarderStatus	string	Required Enum: NsxTDNSForwarderStatus
status	UP means the DNS forwarder is working correctly on the active transport node and the stand-by transport node (if present). Failover will occur if either node goes down. DOWN means the DNS forwarder is down on both active transport node and standby node (if present). The DNS forwarder does not function in this situation. Error means there is some error on one or both transport node, or no status was reported from one or both transport nodes. The DNS forwarder may be working (or not working). NO_BACKUP means DNS forwarder is working in only one transport node, either because it is down on the standby node, or no standby is configured. An forwarder outage will occur if the active node goes down.	string	Readonly Enum: UP, DOWN, ERROR, NO_BACKUP, UNKNOWN
timestamp	Time stamp of the current status, in ms	EpochMsTimestamp	Readonly

NsxTDNSForwarderZoneStatistics (schema)

Statistics counters of the DNS forwarder zone

Statistics counters of the DNS forwarder zone.

Name	Description	Type	Notes
domain_names	Domain names configured for the forwarder Domain names configured for the forwarder. Empty if this is the default forwarder.	array of string	Readonly Minimum items: 0 Maximum items: 100
upstream_statistics	Statistics per upstream server.	array of NsxTUpstreamServerStatistics	Readonly Minimum items: 0 Maximum items: 3

NsxTDnsAnswer (schema)

Answer of dns nslookup

Name	Description	Type	Notes
authoritative_answers	Authoritative answers	array of NsxTDnsQueryAnswer	Minimum items: 1 Maximum items: 256
dns_server	Dns server information Dns server ip address and port, format is "ip address#port".	string	Required
edge_node_id	Edge node id ID of the edge node that performed the query.	string	Required
enforcement_point_path	Enforcement point path Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched.	string	Readonly
non_authoritative_answers	Non authoritative answers	array of NsxTDnsQueryAnswer	Minimum items: 1 Maximum items: 256
raw_answer	Raw message returned from the dns forwarder It can be NXDOMAIN or error message which is not consisted of authoritative_answer or non_authoritative_answer.	string
resource_type	Must be set to the value NsxTDnsAnswer	string	Required Enum: NsxTDnsAnswer

NsxTDnsQueryAnswer (schema)

Answer of nslookup

Name	Description	Type	Notes
address	Matched ip address Resolved IP address matched with the nslookup address provided as a request parameter.	string
name	Matched name Matched name of the given address.	string

NsxTPerNodeUsedCacheStatistics (schema)

Per node used cache query statistics counters

Query statistics counters of used cache from node

Name	Description	Type	Notes
cached_entries	The total number of cached entries	integer	Readonly
node_id	UUID of active/standby transport node	string	Readonly
used_cache_size	The memory size used in cache, in kb	integer	Readonly

NsxTUpstreamServerStatistics (schema)

Upstream server query statistics counters

Query statistics counters to an upstream server including successfully
forwarded queries and failed queries.

Name	Description	Type	Notes
queries_failed	Queries failed to forward.	integer	Readonly
queries_succeeded	Queries forwarded successfully	integer	Readonly
upstream_server	Upstream server ip	IPAddress	Readonly

NsxtNodeType (schema)

Valid NSX node type

Name	Description	Type	Notes
NsxtNodeType	Valid NSX node type	string	Enum: NSX_ESX, NSX_ESX_SN_HOST, NSX_KVM, NSX_BAREMETAL_SERVER, NSX_EDGE, NSX_PUBLIC_CLOUD_GATEWAY, NSX_MANAGER, NSX_POLICY_MANAGER, NSX_CONTROLLER, GLOBAL_MANAGER, LOCAL_MANAGER

NtpServiceProperties (schema)

NTP Service properties

Name	Description	Type	Notes
servers	NTP servers	array of HostnameOrIPv46Address	Required
start_on_boot	Start NTP service when system boots	boolean	Default: "True"

OdsDynamicRunbookInstance (schema)

Dynamic Runbook Instance

Instance of Dynamic Online Diagnostic System Runbook.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_all_appliances	Knob of installing Dynamic Runbook on all appliance nodes The knob of installing Dynamic Runbook on all appliance nodes.	boolean	Default: "False"
applied_to_group_paths	Path(s) of group(s) to which the Dynamic Runbook is installed The policy path set of groups to which the Dynamic Runbook is installed.	array of string
applied_to_nodes	Identifiers of appliances and transport nodes to which the Dynamic Runbook is installed Identifiers of appliances and transport nodes to which the Dynamic Runbook is installed.	array of string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OdsDynamicRunbookInstance	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OdsRunbookInvocation (schema)

Runbook invocation

Policy entity for the invocation of an Online Diagnostic System Runbook.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
arguments	Arguments for runbook invocation List of key value pairs as the arguments for an execution of an Online Diagnostic System Runbook.	array of UnboundedKeyValuePair
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if intent is transient This field indicates if intent is transient and will be cleaned up by the system if set to true	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OdsRunbookInvocation	string
runbook_name	Name of runbook object The property is read-only, used for querying result.	string	Readonly
runbook_path	Path of runbook object The policy path of runbook object.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_node	Identifier of an appliance node or transport node Identifier of an appliance node or transport node where the execution of an Online Diagnostic System Runbook happens.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OdsRunbookInvocationArtifactBatchRequest (schema)

Batched request for collecting artifacts of runbook invocations.

Batched request for collecting artifacts of Online Diagnostic System invocations.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
invocation_paths	List of invocation path for artifact collection This array can consist of one or more policy paths. Only policy paths of Ods invocations are allowed.	array of string	Required Minimum items: 1 Maximum items: 500
is_transient	Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity.	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OdsRunbookInvocationArtifactBatchRequest	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OidcEndPoint (schema)

OpenID Connect end-point

OpenID Connect end-point specifying where to fetch the JWKS document used to
validate JWT tokens for TokenBasedPrincipalIdentities.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authorization_endpoint	Authorization endpoint The URL of the OpenID provider's authorization endpoint.	string	Readonly
certificate_pem	PEM encoding of the OIDC certificate PEM encoding of the OIDC server's SSL certificate.	string	Readonly
claim_map	Map from ID token claims to NSX roles Configuration for mapping claims in OIDC ID tokens to NSX roles.	array of ClaimMap
claims_supported	Claims supported The list of claims that the OpenID provider supports.	array of string	Readonly
client_id	OIDC Client ID The client ID for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one" or "csp".	string
client_secret	OIDC Client Secret The client secret for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one".	secure_string
csp_config	CSP-specific configuration Extra configuration specific to CSP endpoints. This property is ignored unless the oidc_type is "csp".	CspConfig
description	Description of this resource	string	Maximum length: 1024 Sortable
disallowed_roles	Roles claimed in the JWT token listed in this field will not be passed to Proton. The auth-server will check every role claimed in the JWT token if it is listed in this field. Those claimed roles that have a match will not be passed in the headers to the application servicing the REST API.	array of string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
end_session_endpoint_uri	OpenID session logout URI URI of the OpenID session logout end-point.	string	Readonly Maximum length: 255
id	Unique identifier of this resource	string	Sortable
issuer	JWT token issuer Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri.	string	Readonly
jwks_uri	URI of JWKS document The URI where the JWKS document is located that has the key used to validate the JWT signature.	string	Readonly
managed_by_vcf	Managed by VCF If true, this OIDC endpoint is managed by VCF and cannot be edited.	boolean	Readonly
name	Unique name for this OpenID Connect end-point A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint.	string
oidc_type	OIDC Type Type used to distinguish the OIDC end-points by IDP.	string	Enum: vcenter, ws_one, csp Maximum length: 255 Default: "vcenter"
oidc_uri	OpenID Connect URI URI of the OpenID Connect end-point.	string	Required Maximum length: 255
resource_type	Must be set to the value OidcEndPoint	string
restrict_scim_search	SCIM search restriction indicator If set to true, then it is only possible to perform a SCIM search against the OIDC provider used to authenticate. If OIDC was not used to authenticate (for example, if authenticated as a local user), then this restriction does not apply.	boolean	Default: "False"
scim_endpoints	SCIM endpoints The SCIM (System for Cross-domain Identity Management) endpoint URLs to use when enumerating users and groups. All endpoints will be queried to obtain user and group information.	array of string	Readonly
serviced_domains	List of domains serviced by this OIDC provider When a login to NSX using a principal name of the form user@domain is attempted, the list of OIDC providers will be scanned to find one with a matching domain. If a match is found, that OIDC provider is used to authenticate the user. Each domain must be unique across all OIDC providers. If a duplicate domain is provided when adding or updating and OIDC provider, the request will be rejected.	array of string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
thumbprint	Thumbprint Thumbprint in SHA-256 format used to verify the server certificate at the URI.	string	Maximum length: 255
token_endpoint	Token endpoint The URL of the OpenID provider's token endpoint.	string	Readonly
userinfo_endpoint	Userinfo endpoint The URL of the OpenID provider's userinfo endpoint.	string	Readonly
override_roles	Roles used instead of token roles When specified this role or roles are used instead of the nsx-role in the JWT	array of string	Deprecated

OidcEndPointHealthStatus (schema)

OIDC End Point Health Status

The health status of the OIDC End Point

Name	Description	Type	Notes
errors	Problems with OIDC endpoint health Details about errors encountered while checking the health of the OIDC endpoint.	array of OidcHealthCheckError
result	Overall result Overall result of the health check. If the check was completely successful, the status will be SUCCESS. If one or more problems were found, the status will be FAILURE and the errors property will contain more information about the failure(s).	string	Readonly Enum: SUCCESS, FAILURE

OidcEndPointListRequestParameters (schema)

OIDC endpoint list request parameters

Parameters for filtering lists of OIDC endpoints

Name	Description	Type	Notes
oidc_type	Type of OIDC endpoint to return Selects the type of OIDC endpoint to return in list results.	string	Enum: vcenter, ws_one, csp

OidcEndPointListResult (schema)

OidcEndPoint query result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	OidcEndPoint list.	array of OidcEndPoint	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

OidcHealthCheckError (schema)

Error detail about OIDC health issue

Details about an error encountered while checking OIDC End Point health status.

Name	Description	Type	Notes
error_detail	Additional error details Additional details about the cause of the error, if any could be determined.	string
error_type	The type of error encountered A problem discovered when checking the health of the OIDC End Point. DISCOVERY_URI_FETCH_FAIL: The OIDC discovery endpoint could not be retrieved. TOKEN_RETRIEVE_FAIL: NSX was unable to retrieve a token from the OIDC End Point. Authentication to NSX using OIDC will not be possible. SCIM_SEARCH_FAIL: NSX was unable to perform a user/group search of the SCIM (System for Cross-domain Identity Management) endpoint. User and group searches will not function correctly. GENERAL_ERROR: Some general error occurred while verifying the OIDC endpoint.	string	Enum: JWKS_URI_FETCH_FAIL, TOKEN_RETRIEVE_FAIL, SCIM_SEARCH_FAIL

OidcRefreshParameter (schema)

Name	Description	Type	Notes
refresh	Refresh meta-data Whether to fetch and update the OIDC meta-data.	boolean	Default: "False"

OnboardingAttribute (schema)

Config Onboarding Attributes

Generic config onboarding attributes in form attribute name and its
corresponding values.

Name	Description	Type	Notes
name	Attribute name	string	Required Readonly
value	Attribute value	string	Readonly
value_type	Attribute Type	string	Readonly Enum: STRING, INTEGER, BOOLEAN Default: "STRING"

OnboardingCompatibilityStatus (schema)

Onboarding Compatibility Status

Name	Description	Type	Notes
OnboardingCompatibilityStatus	Onboarding Compatibility Status	string	Enum: COMPATIBLE, INCOMPATIBLE

OnboardingConflictStatus (schema)

Onboarding Conflict Status

Name	Description	Type	Notes
OnboardingConflictStatus	Onboarding Conflict Status	string	Enum: NO_CONFLICTS, CONFLICT_DETECTED

OnboardingFeatureInfo (schema)

Onboarding Feature Information

Feature information currently under process or refered to.

Name	Description	Type	Notes
name	Feature Name	string	Readonly
path	Resource Path	string	Readonly
resource_type	Resource Type	string	Readonly

OnboardingStage (schema)

Config onboarding stage

Represents intermediate on-boarding stages on global manager or
corresponding site manager.

Name	Description	Type	Notes
OnboardingStage	Config onboarding stage Represents intermediate on-boarding stages on global manager or corresponding site manager.	string	Enum: LM_MIGRATION, LM_SYNCHRONIZATION, GM_PERSISTENCE, GM_TRANSFORMATION, GM_PROCESSING_DONE, GM_ROLLBACK, GM_ROLLBACK_DONE

OnboardingStatus (schema)

Onboarding Status

Name	Description	Type	Notes
OnboardingStatus	Onboarding Status	string	Enum: ALLOWED, BLOCKED_FEATURE_CHECK, BLOCKED_CONFIG_CONFLICT_CHECK, BLOCKED_SITE_RESTORE_PENDING, BLOCKED_FULLSYNC_PENDING, BLOCKED_USER_REJECT, BLOCKED_SITE_NOT_REACHABLE, CONTINUE_RESOLUTION_NEEDED, IN_PROGRESS, FAILED_GM_ROLLBACK_IN_PROGRESS, SUCCESS

OpenLdapIdentitySource (schema)

An OpenLDAP identity source service

An identity source service that runs OpenLDAP. The service allows selected user accounts defined in OpenLDAP to log into and access NSX-T.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alternative_domain_names	Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes.	array of string
base_dn	DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use.	string	Required
id	Unique identifier of this resource	string	Sortable
ldap_servers	LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported.	array of IdentitySourceLdapServer	Maximum items: 3
resource_type	Must be set to the value OpenLdapIdentitySource	string	Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

OperationVerticalConfig (schema)

Operation Vertical Config

The details of deactivated operation verticals

Name	Description	Type	Notes
latency_stat_disabled	A flag to indicate whether the latency stat feature is deactivated. When this flag is set to true, the latency stat feature is deactivated. It is due to the SmartNIC backed DVS existing in Policy Manager. The latency has special GENEVE option to carry Latency information. But the hardware doesn't support it.	boolean	Readonly
live_trace_disabled	A flag to indicate whether the live trace feature is deactivated. When this flag is set to true, the live trace feature is deactivated. It is due to the SmartNIC backed DVS existing in Policy Manager. The live trace has a special Geneve option in the header. But the hardware doesn't support it.	boolean	Readonly

OpsGlobalConfig (schema)

Global Operations configuration

Global Operations configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
in_band_network_telementry	The details of INT global configurations Specify the In-band network telemetry (INT) configuration config in a NSX domain. Set(resp. Unset) this configuration to activate(resp. deactivate) traceflow on VLAN logical network.	DscpIndicator (Abstract type: pass one of the following concrete types) DscpBit DscpValue
is_inherited	This field indicates whether this is a copy version of GM/NSX+ or not if True, meaning that this is a copy version of GM if False, meaning that this is a local version on LM	boolean
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
operation_collectors	Operation global collector config The operation collector is defined to receive stats from hosts. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode.	array of GlobalCollectorConfig (Abstract type: pass one of the following concrete types) VrniGlobalCollector VrniStreamingGlobalCollector WaveFrontGlobalCollector
operation_feature_disabled	The details of deactivated operation verticals Specify the deactivated operation verticals. The True status indicates the certain operation vertical is not supported. And the detail reason is exposed on the corresponding API side.	OperationVerticalConfig
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OpsGlobalConfig	string
site_infos	Collection of Site information Information related to sites applicable for given config.	array of SiteInfo	Maximum items: 16
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Org (schema)

Policy Org

Org is created by infra provider.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Org	string
short_id	Identifier to use when displaying org context in logs Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set.	string	Maximum length: 8
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OrgRoot (schema)

OrgRoot

OrgRoot space related policy multi tenancy.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OrgRoot	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
connectivity_strategy	Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelisting with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added.	string	Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE

OsInfo (schema)

OS information

OS details include OS name and version for the bare metal server.

Name	Description	Type	Notes
os_name	OS name OS name of the bare metal server.	string	Readonly
os_version	OS version OS version of the bare metal server.	string	Readonly

OspfAreaConfig (schema)

OSPF Area config

Contains OSPF Area configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
area_id	OSPF area id OSPF area-id either in decimal or dotted format.	string	Required
area_type	OSPF area type Configures OSPF area with defined area type. If area_type field not specified, default is NSSA.	string	Enum: NORMAL, NSSA Default: "NORMAL"
authentication	OSPF area authentication configuration Activates/deactivates authentication for an OSPF area.	OspfAuthenticationConfig
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OspfAreaConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OspfAuthenticationConfig (schema)

OSPF Authentication Configuration

Enables OSPF authentication with specified mode and password.

Name	Description	Type	Notes
key_id	Authentication secret key id Authentication secret key id is mandatory for type md5 with min value of 1 and max value 255.	integer	Minimum: 1 Maximum: 255
mode	Authentication mode If mode is MD5 or PASSWORD, Authentication secret key is mandatory if mode is NONE, then authentication is deactivated.	string	Enum: NONE, PASSWORD, MD5 Default: "NONE"
secret_key	Authentication secret key Authentication secret is mandatory for type password and md5 with min length of 1 and max length 8.	secure_string

OspfRoutingConfig (schema)

OSPF routing config

Contains OSPF routing configurations.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
default_originate	Flag to activate/deactivate advertisement of default route Flag to activate/deactivate advertisement of default route into OSPF domain. The default route should be present in the edge only then it redistributes the same into OSPF domain only if this flag is set to TRUE.	boolean	Default: "False"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
ecmp	Flag to enable ECMP Flag to enable ECMP.	boolean	Default: "True"
enabled	Flag to enable OSPF routing protocol Flag to enable OSPF routing protocol. Disabling will stop feature and OSPF peering.	boolean	Default: "False"
graceful_restart_mode	OSPF Graceful Restart Mode Configuration Configuration field to hold OSPF Restart mode .	string	Enum: DISABLE, HELPER_ONLY Default: "HELPER_ONLY"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OspfRoutingConfig	string
summary_addresses	List of OSPF summary address configuration to summarize external routes List of summary address configruation to summarize or filter external routes based on the setting of advertise flag in each OspfSummaryAddressConfig	array of OspfSummaryAddressConfig	Maximum items: 1000
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OspfSummaryAddressConfig (schema)

OSPF Summary Address Configuration

OSPF summary address configuration to summarize external routes

Name	Description	Type	Notes
advertise	Flag to activate/deactivate summarization of external routes Used to filter the advertisement of external routes into the OSPF domain. Setting this field to "TRUE" will enable the summarization of external routes that are covered by ip_prefix configuration. Setting this field to "FALSE" will filter the advertisement of external routes that are covered by ip_prefix configuration.	boolean	Default: "True"
prefix	OSPF Summary address in CIDR format	string	Required Format: ip-cidr-block

OtherCidrsMsg (schema)

Quota For CIDRs

Definition for limits defined on cidrs that are not /32

Name	Description	Type	Notes
mask	Largest CIDR mask The largest size mask that is allowed. A value of "" for this field denotes no restriction on mask.	string
total_count	Total CIDRs allowed The total number of subnets that can be carved from IP blocks defined in the quota. The size of these subnts should be less than or equal to the mask and not equal to 32. CIDR mask in the format /. For example /28 A value of -1 for this field denotes no restriction on the number of subnets.	int

OverriddenResource (schema)

Represents overridden resource information for federated entity.

Represents which federated global resources have been overrriden on
a specific Site.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
intent_path	Policy resource path of the overridden resource Policy resource path of the overridden resource.	string	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value OverriddenResource	string
site_path	Site path Site path to the specific site that has overridden the global resource.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

OverriddenResourceListResult (schema)

Paged Collection of OverriddenResource

Paged Collection of OverriddenResource.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	OverriddenResource list results OverriddenResource list results.	array of OverriddenResource	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

OverrideDeleteRequestParameters (schema)

Override delete request parameters

Name	Description	Type	Notes
force	Force delete the resource even if it is being used somewhere If true, deleting the resource succeeds even if it is being referred as a resource reference.	boolean	Default: "False"
override	Delete the locally overridden global object If true, the overridden object can be deleted locally. This will restore the global resource as the intended configuration for this site.	boolean	Default: "False"

OverrideListRequestParameters (schema)

Override list request parameters

Parameter to filter overridden resource list by intent path or site path or both.

Name	Description	Type	Notes
intent_path	Global resource path	string
site_path	Site path	string

OverrideRequestParameters (schema)

Override request parameters

Name	Description	Type	Notes
override	Locally override the global object If true, the global resource can be over written locally. This means that there will be a local only resource in place of the global resource that can reflect local specific settings and values. The global object will continue to exist but will not be used for any configuration until this local object is removed. When the object is overridden the Global resource continues to exist unmodified, while the overridden object is created with all of the user specified values. The Global resource may be updated in the background, however, the overridden object may only be updated by the user. Once the user removes the overridden copy, the Global resource will then resume being used in the configuration.	boolean	Default: "False"

Oversubscription (schema)

Name	Description	Type	Notes
Oversubscription		string	Enum: BYPASSED, DROPPED, INHERIT_GLOBAL, DEFAULT_TO_LM

PIServiceType (schema)

Service type supported for Principal Identities

Name	Description	Type	Notes
PIServiceType	Service type supported for Principal Identities	string	Enum: LOCAL_MANAGER, GLOBAL_MANAGER

PackageLoggingLevels (schema)

Name	Description	Type	Notes
logging_level	Logging levels per package	string	Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE
package_name	Package name	string

PacketAddressClassifier (schema) (Deprecated)

Address classifications for a packet

A packet is classified to have an address binding, if its address
configuration matches with all user specified properties.

Name	Description	Type
ip_address	A single IP address or a subnet, e.g. x.x.x.x or x.x.x.x/y	IPElement
mac_address	A single MAC address	MACAddress
vlan		VlanID

PacketData (schema)

This is an abstract type. Concrete child types:
BinaryPacketData
FieldsPacketData

Name	Description	Type	Notes
frame_size	Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size.	integer	Minimum: 60 Maximum: 1000 Default: "128"
resource_type	Packet configuration	string	Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData"
routed	Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. However, this flag will not be effective when injecting the traceflow packet to a VLAN backed port. This is because the gateway in this case is a physical gateway that is outside the scope of NSX. Therefore, users need to manually populate the gateway MAC address. If the user still sets this flag in this case, a validation error will be thrown. The scenario where a user injects a packet with a VLAN tag into a parent port is referred to as the traceflow container case. Please note that the value of `routed` depends on the connected network of the child segment rather than the connected network of segment of the parent port in this case. Here is the explanation: The parent port in this context is the port on a segment which is referred to by a SegmentConnectionBindingMap. The bound segment of the SegmentConnectionBindingMap is the child segment. The user-crafted traceflow packet will be directly forwarded to the corresponding child segment of the parent port without interacting with any layer 2 forwarding/layer 3 routing in this scenario. The crafted packet will follow the forwarding/routing polices of the child segment's connected network. For example, if a user injects a crafted packet to port_p, and the segment (seg_p) of port_p is referred to by the binding map m1, where m1 is bound to segment seg_c, and the destination port (port_d) of the packet is the VM vNIC connected to seg_p. Although port_p and port_d are on the same segment, the 'routed' value should be set to true if the user expects the crafted packet to be correctly delivered to the destination. This is because the child segments seg_c and seg_d are on different segments and require router interaction to communicate.	boolean
transport_type	Transport type of the traceflow packet This type takes effect only for IP packet.	string	Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST"

PacketTypeAndCounter (schema)

Name	Description	Type	Notes
counter	The number of packets.	integer	Required
packet_type	The type of the packets	string	Required

PacketsDroppedBySecurity (schema)

Name	Description	Type
bpdu_filter_dropped	The number of packets dropped by "BPDU filter".	integer
dhcp_client_dropped_ipv4	The number of IPv4 packets dropped by "DHCP client block".	integer
dhcp_client_dropped_ipv6	The number of IPv6 packets dropped by "DHCP client block".	integer
dhcp_server_dropped_ipv4	The number of IPv4 packets dropped by "DHCP server block".	integer
dhcp_server_dropped_ipv6	The number of IPv6 packets dropped by "DHCP server block".	integer
spoof_guard_dropped	The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP.	array of PacketTypeAndCounter

ParallelRedundancyProt (schema)

Parallel Redundancy Protocol settings

Name	Description	Type	Notes
enabled	Flag to turn on or off the protocol	boolean	Required

PartialPatchConfig (schema)

Contains configuration for Partial patch.

Basic Concept: Partial Patch is a specialized feature in NSX that allows you to update only a specific part of an
object's properties, instead of updating the entire object. This is particularly useful for making incremental
changes to an object.
Enabling Partial Patch: By default, Partial Patch is disabled. You need to explicitly enable this feature to use it.
When enabled, you can update a subset of an object's fields, merging your new data with the existing object's data.
Usage in API Operations: When Partial Patch is disabled, complete object data is required for both PUT and PATCH
operations in /policy APIs. Once enabled, you can provide only the necessary subset of data for these operations.
Important Considerations:In a partial patch, array properties are entirely replaced, not merged. If a PATCH operation
targets a non-existing object, NSX will create a new object after performing all required validations. Be aware of
fields that depend on each other (like username and password, or IP address and thumbprint). In such cases, either
all or none of these inter-dependent fields should be provided in a Partial Patch request. Partial Patch does not
support certain objects, such as 'Infra'. Objects like Labels, Security Policies, and Services have specific
attributes that are treated differently in PATCH requests. This special handling won't change with Partial Patch.
For example, in Security Policies, adding 'rules' through PATCH merges them with existing rules, while a PUT
operation replaces them entirely. Partial Patch won't work if the new value for a property is of a different
polymorphic type than the existing value.

Name	Description	Type	Notes
enable_partial_patch	This object will contain the partial patch configuration. boolean value used to activate/deactivate partial patch	boolean	Required

PasswordAuthenticationScheme (schema)

Name	Description	Type	Notes
identity_file	SSH private key file name	string
password	Password to authenticate with	string
scheme_name	Authentication scheme name	string	Required Enum: password, key
username	User name to authenticate with	string	Required Pattern: "^.+$"

PasswordComplexityProperties (schema)

Configurable properties of password complexity requirement for the NSX node

Configurable properties of password complexity requirement for the NSX node.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_retry_prompt	Prompt user at most N times before returning with error.	integer	Readonly Default: "3"
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
digits	Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N digits. N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
hash_algorithm	Hash algorithm Sets hash/cryptographic algorithm type for new passwords.	string	Enum: sha512, sha256 Default: "sha512"
lower_chars	Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having lower case characters in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N lower case characters. N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
max_repeats	Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
max_sequence	Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
maximum_password_length	Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters.	integer	Minimum: 8 Maximum: 128 Default: "128"
minimum_password_length	Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with `minimum_password_length` less than current default value, then upgraded appliance will reset the configured setting back to recommended default; which can be explicitly modified back to original value or any other integer greater than or equal to supported minimum value. VMware recommends to set strong passwords for systems and appliances, further suggests to maintain strong `minimum_password_length` value. NSX resets this value to default and recommends to maintain upgraded default value or above for password complexity requirement. If any existing user passwords are set with length of less than newly configured `minimum_password_length`, then its recommended to reset the user passwords as per newly configured password complexity compliance. If existing `minimum_password_length` is greater than or equal to default value, which shall be retained as it is in newly upgraded appliance. By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed.	integer	Minimum: 8 Maximum: 128 Default: "12"
minimum_unique_chars	Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0.	integer	Minimum: 0 Maximum: 128 Default: "0"
password_remembrance	Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0.	integer	Minimum: 0 Default: "0"
special_chars	Number of special characters in password Number of special characters (!@#$&..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password. N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length* value upto N special case characters. N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"
upper_chars	Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current minimum_password_length value upto N upper case characters. N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password.	integer	Minimum: -128 Maximum: 128 Default: "-1"

PatchResources (schema)

Patch Resources

Patch Resources is an action to create/patch resources in response to an event.

Name	Description	Type	Notes
body	Body Patch body representing a Hierarchical Patch payload. The resources included in the body are patched replacing the injections' keys with their actual values.	object	Required
injections	Injections Injections holding keys (variables) and their corresponding values.	array of Injection	Minimum items: 1
resource_type	Must be set to the value PatchResources	string	Required Enum: PatchResources, SetFields

PathExpression (schema)

Path expression node

Represents policy path expressions in the form of an array, to support addition of objects like groups, segments and policy logical ports in a group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
paths	Array of policy paths This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed.	array of string	Required Minimum items: 1
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PathExpression	string	Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression, GeoLocationExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PeerCertificateChain (schema)

A peer's certificate chain

The certificate chain presented by a remote TLS service.

Name	Description	Type	Notes
details	List of X509Certificates.	array of X509Certificate	Readonly
pem_encoded	PEM encoded certificate data.	string	Required

PemFile (schema)

Name	Description	Type	Notes
file	file data	multipart_file	Required

PendingChangesInfoNsxT (schema)

NSX-T Pending Change Info

Information about recent changes, if any, that are not reflected in the Enforced Realized Status.

Name	Description	Type	Notes
pending_changes_flag	Pending Changes Flag Flag describing whether there are any pending changes that are not reflected in the status.	boolean	Readonly

PerNodeDnsFailedQueries (schema)

The list of failed DNS queries per transport node

The list of the failed DNS queries with entry count and timestamp.
The entry count is for per active/standby transport node.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
node_id	Uuid of active/standby transport node The Uuid of active/standby transport node.	string	Required Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of failed DNS queries The list of failed DNS queries.	array of DnsFailedQuery	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
timestamp	Timestamp of the request Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.	string	Required Readonly

PerStepRestoreStatus (schema)

Restore step status

Name	Description	Type	Notes
description	A description of the restore status	string	Required Readonly
value	Per step restore status value	string	Required Readonly Enum: INITIAL, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, FAILED, SUCCESS

PhonehomeCoordinatorServiceProperties (schema)

Phonehome Coordinator service properties

Name	Description	Type	Notes
logging_level	Service logging level	string	Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO"

PlainFilterData (schema)

Name	Description	Type	Notes
basic_filter	Basic RCF rule for packet filter	string
extend_filter	Extended RCF rule for packet filter	string
resource_type	Must be set to the value PlainFilterData	string	Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData"

PointDefinition (schema)

Definition of a point of graph

Defines the point of a graph.

Name	Description	Type	Notes
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string
field	Expression for points of the graph An expression that represents the points of the graph	string	Required
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
tooltip	Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the point of a graph.	array of Tooltip	Minimum items: 0
x_value	Variable chosen for X value of the point of the graph Represents the variable for the X value of points that are plotted on the graph.	string	Required
y_value	Variable chosen for Y value of the point of the graph Represents the variable for the Y value of points that are plotted on the graph.	string	Required

Policy (schema)

Contains ordered list of Rules

Ordered list of Rules. This object is created by default along with the Domain.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Policy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyAdvertisedNetwork (schema)

Name	Description	Type	Notes
network	Advertised Network Advertised network address.	string	Required Readonly
rule_filter_type	Advertised rule filter type Advertised rule filter type	string	Readonly
status	Advertisement status of network advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config	string	Readonly

PolicyAdvertisedNetworkInCsvFormat (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
results		array of AdvertisedNetworkCsvRecord	Readonly

PolicyAdvertisedNetworksListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of advertised networks List of networks which advertised to connected gateway	array of PolicyAdvertisedNetwork	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyAlarmResource (schema)

Alarm base class of realized policy object

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
error_details	Detailed information about errors from an API call made to the enforcement point, if any.	PolicyApiError
id	Unique identifier of this resource	string	Sortable
message	error message to describe the issue	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyAlarmResource	string
source_reference	path of the object on which alarm is created	string
source_site_id	source site(LM) id. This field will refer to the source site on which the alarm is generated. This field is populated by GM, when it receives corresponding notification from LM.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyAlarmResourceListRequestParameters (schema)

PolicyAlarmResource list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyAlarmResourceListResult (schema)

PolicyAlarmResource list result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of PolicyAlarmResources List of alarm resources	array of PolicyAlarmResource
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyAllocatedService (schema)

Name	Description	Type	Notes
allocation_details	Key-Value map of additional specific properties of services Additional properties of a service, say the sub_pool_size and sub_pool_type for a LoadBalancer.	array of KeyValuePair
high_availability_status	HA Status of the service context node Represents the active or the standby state of the service.	string	Readonly Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN
service_reference	Contains policy resource reference object	PolicyResourceReference	Required Readonly

PolicyApiError (schema)

Detailed information about an API Error

Name	Description	Type
details	Further details about the error	string
error_code	A numeric error code	integer
error_data	Additional data about the error	object
error_message	A description of the error	string
module_name	The module name where the error occurred	string
related_errors	Other errors related to this error	array of PolicyRelatedApiError

PolicyArpProxyEntry (schema)

Name	Description	Type	Notes
arp_proxy_ip	Array of ARP proxy service address ARP proxy information for a service with ip.	array of IPAddress	Readonly
service_id	Service type id Identifier of connected service on port.	string	Readonly

PolicyArpProxyTableCsvListResult (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
results		array of InterfaceArpProxyCsvEntry

PolicyArpProxyTableListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paginated list of Gateway interface ARP proxy tables	array of InterfaceArpProxy	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyAttributes (schema)

Policy Attributes data holder

Name	Description	Type	Notes
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: SYSTEM, CUSTOM Default: "SYSTEM"
custom_url_partial_match	true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url	boolean
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
isALGType	Is the value ALG type Describes whether the APP_ID value is ALG type or not.	boolean
key	Key for attribute Policy Attribute Key - Denotes the type of attribute we are adding to the context profile or the L7 access profile. The keys has to be one of the enums defined for this field.	string	Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

PolicyBasedIPSecVpnSession (schema)

Policy based VPN session

A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authentication_mode	Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.	string	Enum: PSK, CERTIFICATE Default: "PSK"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
compliance_suite	Compliance suite Compliance suite.	string	Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE
connection_initiation_mode	Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.	string	Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dpd_profile_path	Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.	string
enabled	Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ike_profile_path	Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile.	string
local_endpoint_path	Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
peer_address	IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	IPAddress
peer_id	Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	string
psk	Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters.	secure_string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyBasedIPSecVpnSession	IPSecVpnSessionResourceType	Required
rules	Rules	array of IPSecVpnRule	Required Minimum items: 1
site_overrides	SiteOverride list A collection of site specific attributes specificed only on GM	array of SiteOverride	Maximum items: 128
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_mss_clamping	TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value.	TcpMaximumSegmentSizeClamping
tunnel_profile_path	IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyBasedL3VpnSession (schema) (Deprecated)

Policy based L3Vpn Session

A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is
referenced in a policy whose action is set as tunnel.

Name	Description	Type	Notes
resource_type	Must be set to the value PolicyBasedL3VpnSession	L3VpnSessionResourceType	Required
rules	L3Vpn Rules L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action are supported.	array of L3VpnRule

PolicyBgpNeighborStatus (schema)

Name	Description	Type	Notes
address_families	Address families of BGP neighbor Address families of BGP neighbor	array of BgpAddressFamily	Readonly
announced_capabilities	BGP capabilities sent to BGP neighbor.	array of string	Readonly
connection_drop_count	Count of connection drop	integer	Readonly
connection_state	Current state of the BGP session.	string	Readonly Enum: INVALID, IDLE, CONNECT, ACTIVE, OPEN_SENT, OPEN_CONFIRM, ESTABLISHED, UNKNOWN
edge_path	Transport node policy path	string
established_connection_count	Count of connections established	integer	Readonly
graceful_restart_mode	Graceful restart mode Current state of graceful restart of BGP neighbor. Possible values are - 1. GR_AND_HELPER - Graceful restart with Helper 2. HELPER_ONLY - Helper only 3. DISABLE - Disabled	string	Readonly
hold_time	Time in ms to wait for HELLO from BGP peer. If a HELLO packet is not seen from BGP Peer withing hold_time then BGP neighbor will be marked as down.	integer	Readonly
keep_alive_interval	Time in ms to wait for HELLO packet from BGP peer	integer	Readonly
last_update_timestamp	Timestamp indicating last update time of data Timestamp when the data was last updated, unset if data source has never updated the data.	EpochMsTimestamp	Readonly
local_port	TCP port number of Local BGP connection	integer	Readonly Minimum: 1 Maximum: 65535
messages_received	Count of messages received from the neighbor	integer	Readonly
messages_sent	Count of messages sent to the neighbor	integer	Readonly
negotiated_capability	BGP capabilities negotiated with BGP neighbor.	array of string	Readonly
neighbor_address	The IP of the BGP neighbor	IPAddress	Readonly
neighbor_edge_node	Inter-Sr neighbor edge node policy path	string	Readonly
neighbor_router_id	Router ID of the BGP neighbor.	string	Readonly
remote_as_number	AS number of the BGP neighbor	string	Readonly
remote_port	TCP port number of remote BGP Connection	integer	Readonly Minimum: 1 Maximum: 65535
remote_site	Remote site Remote site details.	ResourceReference	Readonly
source_address	The Ip address of logical port	IPAddress	Readonly
tier0_path	Policy path to Tier0	string	Required Readonly
time_since_established	Time(in seconds) since connection was established.	integer	Readonly
total_in_prefix_count	Count of in prefixes Sum of in prefixes counts across all address families.	integer	Readonly
total_out_prefix_count	Count of out prefixes Sum of out prefixes counts across all address families.	integer	Readonly
type	BGP neighbor type BGP neighbor type	string	Readonly Enum: INTER_SR, USER

PolicyBgpNeighborsStatusListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Status of BGP neighbors of the Tier0	array of PolicyBgpNeighborStatus	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyComplianceStatus (schema)

Name	Description	Type	Notes
last_updated_time	Timestamp of last update	EpochMsTimestamp	Readonly
non_compliant_configs	List of non compliant configuration and impacted services	array of PolicyNonCompliantConfig	Readonly

PolicyConfigResource (schema)

Represents an object on the desired state

Represents an object on the desired state.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyConfigResource	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyContainerGroupMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name	Description	Type	Notes
cluster		array of ClusterMemberDetails	Required

PolicyContainerGroupMembersListResult (schema)

Group members list result

Paginated collection of pods belonging to a Group.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of pods that belong to the given Group	array of PolicyContainerGroupMemberDetails	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyContextProfile (schema)

Policy Context Profile entity

An entity that encapsulates attributes and sub-attributes of various
network services (eg. L7 services, domain name, encryption algorithm)
The entity will be consumed in firewall rules and can be added in new
tuple called profile in firewall rules. To get a list of supported
attributes and sub-attributes fire the following REST API
GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Array of Policy Context Profile attributes Property containing attributes/sub-attributes for Policy Context Profile.	array of PolicyAttributes	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyContextProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyContextProfileListRequestParameters (schema)

Policy Context Profile list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyContextProfileListResult (schema)

List result of PolicyContextProfiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of PolicyContextProfiles	array of PolicyContextProfile	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyCustomAttributes (schema)

Policy Custom Attributes data holder

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attribute_source	Source of attribute value i.e whether system defined or custom value	string	Enum: CUSTOM, SYSTEM Default: "CUSTOM"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
datatype	Datatype for attribute	string	Required Enum: STRING
description	Description for attribute value	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key	Key for attribute Policy Custom Attribute Key	string	Required Enum: DOMAIN_NAME, CUSTOM_URL
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
metadata	Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For Custom URL key , it specified url type for url value. This is generic array and can hold multiple meta information about key/values in future	array of ContextProfileAttributesMetadata
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyCustomAttributes	string
sub_attributes	Reference to sub attributes for the attribute	array of PolicySubAttributes
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
value	Value for attribute key Multiple attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

PolicyDHGroup (schema) (Deprecated)

Diffie-Hellman groups

Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.

Name	Description	Type	Notes
PolicyDHGroup	Diffie-Hellman groups Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group.	string	Deprecated Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16

PolicyDnsAnswerPerEnforcementPoint (schema)

NSLookup answer per enforcement point

DNS forwarder nslookup answer per enforcement point.

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched.	string	Readonly
resource_type	Resource type Resource type of the DNS forwarder nslookup answer.	string	Required Enum: NsxTDnsAnswer

PolicyDnsFailedQueries (schema)

The array of failed DNS queries for active and standby transport node

The array of the failed DNS queries with entry count and timestamp
on active and standby transport node.

Name	Description	Type	Notes
per_node_failed_queries	The array of failed DNS queries on active and standby transport node The array of failed DNS queries on active and standby transport node. If there is no standby node, the failed queries on standby node will not be present.	array of PolicyPerNodeDnsFailedQueries	Readonly
timestamp	Timestamp of the request Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.	string	Required Readonly

PolicyDnsFailedQueryRequestParameters (schema)

Dns failed query request parameter

Name	Description	Type	Notes
count	The count of the failed DNS queries How many failed DNS queries should be returned.	integer	Minimum: 1 Maximum: 1000 Default: "100"
enforcement_point_path	An enforcement point path, on which the action is to be performed An enforcement point path, on which the action is to be performed. If not specified, default enforcement point path, /infra/sites/default/enforcement-points/default will be considered.	string	Default: "/infra/sites/default/enforcement-points/default"

PolicyDnsForwarder (schema)

DNS Forwarder

Used to configure DNS Forwarder

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
cache_size	Cache size in KB Cache size in KB.	int	Minimum: 0 Maximum: 16777216 Default: "1024"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
conditional_forwarder_zone_paths	Path of conditional DNS zones Max of 5 DNS servers can be configured	array of string	Maximum items: 5
default_forwarder_zone_path	Path of the default DNS zone. This is the zone to which DNS requests are forwarded by default	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	DNS forwarder enabled flag The flag, which suggests whether the DNS forwarder is enabled or disabled. The default is True.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
listener_ip	IP on which the DNS Forwarder listens. This is the IP on which the DNS Forwarder listens.	IPv4Address	Required
log_level	Log level of the dns forwarder Set log_level to DISABLED will stop dumping fowarder log.	string	Enum: DEBUG, INFO, WARNING, ERROR, FATAL Default: "INFO"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyDnsForwarder	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyDnsForwarderZone (schema)

DNS Forwarder Zone

Used to configure zones on DNS Forwarder

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dns_domain_names	List of domain names List of domain names on which conditional forwarding is based. This field is required if the DNS Zone is being used for a conditional forwarder. This field will also be used for conditional reverse lookup. Example 1, if for one of the zones, one of the entries in the fqdn is example.com, all the DNS requests under the domain example.com will be served by the corresponding upstream DNS server. Example 2, if for one of the zones, one of the entries in the fqdn list is "13.12.30.in-addr.arpa", reverse lookup for 30.12.13.0/24 will go to the corresponding DNS server.	array of string
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyDnsForwarderZone	string
source_ip	Source IP used by DNS Forwarder zone The source IP used by the DNS Forwarder zone.	IPv4Address
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
upstream_servers	DNS servers to which the DNS request needs to be forwarded Max of 3 DNS servers can be configured	array of IPv4Address	Required Maximum items: 3

PolicyDnsForwarderZoneListRequestParameters (schema)

DNS Forwarder Zone list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyDnsForwarderZoneListResult (schema)

Paged Collection of DNS Forwarder Zones

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Dns Forwarder Zone list results	array of PolicyDnsForwarderZone	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyDraft (schema)

Policy draft

A draft which stores the system generated as well as user intended changes
in a hierarchical body format.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildInfra
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_auto_draft	Auto draft flag Flag to indicate whether draft is auto created. True indicates that the draft is an auto draft. False indicates that the draft is a manual draft.	boolean	Readonly Default: "False"
lock_comments	Policy draft lock/unlock comments Comments for a policy draft lock/unlock.	string
lock_modified_by	User who locked a policy draft ID of the user who last modified the lock for a policy draft.	string	Readonly
lock_modified_time	Policy draft locked/unlocked time Policy draft locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a policy draft Indicates whether a draft should be locked. If the draft is locked by an user, then no other user would be able to modify or publish this draft. Once the user releases the lock, other users can then modify or publish this draft.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
ref_draft_path	Path of an existing draft for reference When specified, a manual draft will be created w.r.t. the specified draft. If not specified, manual draft will be created w.r.t. the current published configuration. For an auto draft, this will always be null.	string
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyDraft	string
system_area	Configuration changes tracked by the system Configuration changes against the current configuration, tracked by the system. The value is stored in a hierarchical body format.	Infra	Readonly
system_area_store_id	ID of the data store where system_area has stored In case of a large draft, wherein the size of system_area is so big that it can not be stored into one draft object, the data is then gets stored into multiple chunks in a draft data store. This value represents the ID of that data store.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
user_area	User defined configuration changes These are user defined configuration changes, which are applicable only in case of manual drafts. During the publish of a draft, system_area changes gets applied first, and then these changes. The value must be in a hierarchical body format.	Infra
user_area_store_id	ID of the data store where user_area has stored In case of a large draft, wherein the size of user_area is so big that it can not be stored into one draft object, the data is then gets stored into multiple chunks in a draft data store. This value represents the ID of that data store.	string	Readonly

PolicyDraftListRequestParameters (schema)

Policy draft list request parameters

Request parameters to be passed while listing policy drafts.

Name	Description	Type	Notes
auto_drafts	Fetch list of draft based on is_auto_draft flag If set to true, then only auto drafts will be get fetched. If set to false, then only manual drafts will be get fetched. If not set, then all drafts will be get fetched.	boolean
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyDraftListResult (schema)

Paged collection of policy drafts

This holds the list of policy drafts.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Policy drafts list results Paginated list of policy drafts.	array of PolicyDraft	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyDraftModifications (schema)

Policy draft modifications

Counts of modified, deleted and created security policies/rules derived from aggregated configuration

Name	Description	Type	Notes
created	Count of total created security policies/rules	integer	Readonly
deleted	Count of total deleted security policies/rules	integer	Readonly
modified	Count of total modified security policies/rules	integer	Readonly
modified_security_policies	Array of modified security policies paths. Paginated list of policy drafts.	array of string	Readonly

PolicyDraftPaginatedAggregatedConfigurationRequestParameters (schema)

Parameters to get the paginated aggregated configuration for a draft

Parameters to get the paginated aggregated configuration for a draft.

Name	Description	Type	Notes
request_id	Request identifier to track subsequent API calls If the initial call to get paginated aggregated configuration for a draft, returns a paginated response, then the response will contain a request_id. This identifier needs to be passed with subsequent API calls to get detailed aggregated configuration for the draft.	string
root_path	Path of the root object of subtree Policy path of the security policy. If specified with the subsequent API calls after initial call to get paginated aggregated configuration for a draft, the response will return the subtree of this security policy having all its children. If not specified, then the subsequent API calls will return all the security policies without their children, from pre-calculated aggregated configuration of a draft. This is not required for an initial call to get paginated aggregated configuration for a draft.	string

PolicyDraftPaginatedAggregatedConfigurationResult (schema)

Paginated result of aggregated configuration of a policy draft

Name	Description	Type	Notes
modifications	Total modification in aggregated configuration of a draft Total count of modified, deleted and created security policies/rules. List of modified security policies to be exposed to UI	PolicyDraftModifications
request_id	Request identifier to keep track of result Request identifier to keep track of calculated aggregated configuration a draft during subsequent API calls after initial API call. This identifier can be use to fetch the detailed aggregated configuration at security policy level. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination.	string	Readonly
result	Aggregated configuration of a draft Paginated aggregated configuration of a given draft. For an initial API call, if request_id is present in response, then this is a paginated aggregated configuration of a given draft. To get more granular aggregated configuration, request_id need to be passed to subsequent API calls. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination.	Infra	Readonly

PolicyEdgeCluster (schema)

Edge Cluster

Edge Cluster.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocation_rules	Allocation rules for auto placement Set of allocation rules to auto-allocate nodes for Tier0/Tier1 Gateways, and DHCP on edge cluster members.	array of AllocationRule
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyEdgeNode
deployment_type	Edge cluster deployment type This field is a readonly field which shows the deployment_type of members. It returns UNKNOWN if there are no members, and returns VIRTUAL_MACHINE\| PHYSICAL_MACHINE if all edge members are VIRTUAL_MACHINE\|PHYSICAL_MACHINE.	EdgeDeploymentType	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_cluster_profile	Path of edge cluster high availability profile. This field is optional and if not provided, default profile path will be considered.	string
id	Unique identifier of this resource	string	Sortable
inter_site_forwarding_enabled	Inter site forwarding is enabled if true Flag indicates that edge cluster has inter-site forwarding enabled and remote tunnel points is configured for all the members. This is required to deploy stretch gateways.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_node_type	Node type of the cluster members This field contains the info of type of transport nodes. Edge cluster is homogenous collection of transport nodes. Hence all transport nodes of the cluster must be of same type.	EdgeClusterNodeType	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
password_managed_by_vcf	VCF managed password flag Setting to true enables VCF password management for all edge nodes in the cluster.	boolean	Default: "False"
path	Absolute path of this object Absolute path of this object	string	Readonly
policy_edge_nodes	Policy Edge Cluster Member This field contains the list of edge cluster members. Using this field, multiple members can be add and remove.	array of PolicyEdgeClusterMember
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyEdgeCluster	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
nsx_id	Edge Cluster UUID on NSX-T Enforcement Point This field is deprecated.Refer policy edge cluster unique_id to get the policy edge cluster uuid.	string	Deprecated Readonly
rtep_ips	Remote tunnel endpoint IP addresses. This field is deprecated, Refer the /infra/sites//enforcement-points//edge-transport-nodes//state API for rtep ips.	array of IPAddress	Deprecated Readonly

PolicyEdgeClusterAllocationStatus (schema)

Allocation details of edge cluster

Allocation details of cluster and its members. Contains information of the
edge nodes present in cluster, active and standby services running on each node,
utilization details of configured sub-pools. These allocation details can
be monitored by customers to trigger migration of certain service contexts
to different edge nodes, to balance the utilization of edge node resources.

Name	Description	Type	Notes
edge_cluster_name	Display name of the edge cluster Display name of the edge cluster whose status is being reported.	string	Readonly
member_count	Count of edge nodes present in the cluster Represents the number of edge nodes in the cluster.	int	Readonly
members	Allocation Status of edge nodes Allocation details of edge nodes present in the cluster.	array of PolicyEdgeMemberAllocationStatus	Readonly

PolicyEdgeClusterInterSiteBgpSummary (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
edge_cluster_path	Edge node path Edge cluster path whose status is being reported.	string	Required Readonly
edge_nodes	Individual edge nodes status Status of all edge nodes within cluster.	array of PolicyEdgeNodeInterSiteBgpSummary	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyEdgeClusterInterSiteStatus (schema)

Name	Description	Type	Notes
edge_cluster_name	Edge cluster name Name of the edge cluster whose status is being reported.	string	Readonly
edge_cluster_path	Edge cluster path Policy path of the edge cluster whose status is being reported.	string	Required Readonly
last_update_timestamp	Last updated timestamp Timestamp when the edge cluster inter-site status was last updated.	EpochMsTimestamp	Required Readonly
member_status	Per edge node inter-site status Per edge node inter-site status.	array of PolicyEdgeClusterMemberInterSiteStatus	Readonly
overall_status	Overall IBGP status in the edge cluster Overall status of all edge nodes IBGP status in the edge cluster.	string	Readonly Enum: UP, DOWN, DEGRADED, UNKNOWN

PolicyEdgeClusterListRequestParameters (schema)

Policy Edge Cluster List Request Parameters

Policy Edge Cluster list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyEdgeClusterListResult (schema)

Paged Collection of Edge Cluster

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Edge Cluster List Result Edge Cluster list result.	array of PolicyEdgeCluster	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyEdgeClusterMember (schema)

Policy Edge Cluster Member

Policy edge cluster member represents policy edge node resource and associates
edge transport node to the edge cluster.

Name	Description	Type	Notes
edge_transport_node_path	Edge Transport Node Path Edge transport node path can't be changed once member is added to cluster. To replace edge transport node for existing member refer /policy/api/v1/infra/sites/default/enforcement-points/default/edge-clusters/ /action/replace-policy-edge-node api	string	Required
id	Id of PolicyEdgeNode This field is optional; if an id is not provided, then member_index will be considered an id of PolicyEdgeNode.In a hierarchical API,to consume the path of PolicyEdgeNode in the same payload In that case, id value is required.Build the path of the PolicyEdgeNode with the given id and consume the path. e.g., if edge_node_id=my-policy-edge-node-id, then the path will be /infra/sites/default/enforcement-points/nsx/edge-clusters/my-edge-cluster-id/edge-nodes/my-policy-edge-node-id	string
member_index	Member Index The system assigned index for the edge cluster member.	integer	Readonly
policy_edge_node_path	path of PolicyEdgeNode The PolicyEdgeNode path which is part of edge cluster member.	string	Readonly

PolicyEdgeClusterMemberInterSiteStatus (schema)

Name	Description	Type	Notes
edge_node_path	Edge node path Edge node details from where the status is being retrived.	ResourceReference	Required Readonly
established_bgp_sessions	Established inter-site IBGP sessions Total number of current established inter-site IBGP sessions.	integer	Readonly
neighbor_status	BGP neighbor status Inter-site BGP neighbor status.	array of PolicyBgpNeighborStatus	Readonly
status	Edge node IBGP status Edge node IBGP status	string	Readonly Enum: UP, DOWN, DEGRADED, UNKNOWN
total_bgp_sessions	Total inter-site IBGP sessions Total number of inter-site IBGP sessions.	integer	Readonly

PolicyEdgeClusterMemberStatus (schema)

Name	Description	Type	Notes
edge_transport_node_path	Edge Transport node path Edge node details from where the status is being retrieved.	string	Required Readonly
policy_edge_node_path	path of policy edge node Policy edge node backed by an Edge Transport node.	string	Required
status	Status of an edge node	string	Required Enum: UP, DOWN, ADMIN_DOWN, PARTIALLY_DISCONNECTED, UNKNOWN

PolicyEdgeClusterStatus (schema)

Name	Description	Type	Notes
edge_cluster_name	Display name of the edge cluster Display name of the edge cluster whose status is being reported.	string	Readonly
edge_cluster_status	Status of an edge node Edge node status	string	Required Enum: UP, DOWN, DEGRADED, UNKNOWN
last_update_timestamp	Last updated timestamp Timestamp when the cluster status was last updated	EpochMsTimestamp	Required Readonly
member_status	Per Edge Node Status	array of PolicyEdgeClusterMemberStatus	Readonly

PolicyEdgeClusterStatusRequestParameters (schema)

State request parameters for Tier0 gateway

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, realtime data is returned. NOTE: Query parameter "source=realtime" is the only supported source.	DataSourceType	Required

PolicyEdgeMemberAllocationStatus (schema)

Name	Description	Type	Notes
allocated_services	Services allocated on edge node List of services allocated on the edge node.	array of PolicyAllocatedService	Readonly
allocation_pools	Pool Allocation details Allocation details of pools defined on the edge node.	array of AllocationPool	Readonly
display_name	Identifier to use when displaying cluster member in logs or GUI Display name of edge cluster member. Defaults to ID if not set.	string	Readonly
edge_transport_node_path	Policy path of edge transport node Policy edge transport node path.	string	Readonly
member_index	System generated index for cluster member Path of the edge transport node whose status is being reported.	int	Readonly
policy_edge_node_path	path of policy edge node Policy edge node backed by an Edge Transport node.	string	Required

PolicyEdgeNode (schema)

Policy Edge Node

PolicyEdgeNode represents the member node of the policy edge cluster
and refers to the policy edge transport node. It should not be
mistaken for the edge transport node itself. Consuming services
can refer
edge_transport_node_uuid
edge_transport_node_path

property to get the unique id/path of the policy edge transport node referred
by the policy edge node.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_transport_node_path	Edge Transport Node Path Path of edge transport Node.	string
edge_transport_node_uuid	Edge Node UUID UUID of edge transport node.	string	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
member_index	Member Index The numerical value of the member index in the edge cluster that this object represents and to which the edge node connects.	integer	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyEdgeNode	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
nsx_id	Edge Node UUID on NSX-T Enforcement Point This field is deprecated.Consuming services can refer edge_transport_node_uuid edge_transport_node_path property to get the unique id/path of the policy edge transport node referred by the policy edge node.	string	Deprecated Readonly

PolicyEdgeNodeInterSiteBgpSummary (schema)

Name	Description	Type	Notes
edge_node_path	Edge node path Edge node path whose status is being reported.	string	Required Readonly
last_update_timestamp	Last updated timestamp Timestamp when the inter-site IBGP neighbors status was last updated.	EpochMsTimestamp	Required Readonly
neighbor_status	Inter-site IBGP neighbors status Status of all inter-site IBGP neighbors.	array of PolicyBgpNeighborStatus	Readonly

PolicyEdgeNodeListRequestParameters (schema)

Edge Node List Request Parameters

Edge Node list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyEdgeNodeListResult (schema)

Paged Collection of Edge Node

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Edge Node List Result Edge Node list result.	array of PolicyEdgeNode	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyExcludeList (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
members	ExcludeList member list List of the members in the exclude list	array of string	Required Maximum items: 100
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyExcludeList	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyExcludeListFilterRequestParams (schema)

Parameters for filtering the exclude list

Parameters for filtering the exclude list.

Name	Description	Type	Notes
deep_check	Check all parents Deep check all parents of requested intent object, if any of them is in exclude list. If found, makes requested object as excluded.	boolean	Default: "False"
enforcement_point_path	Path of the enforcement point Path of the enforcement point from where the result need to be fetched. If not provided, available enforcement point will be considered.	string
intent_path	Path of the intent object to be searched in the exclude list Path of the intent object to be searched in the exclude list.	string	Required

PolicyFineTuningResourceInfo (schema)

Contains the detail of resources with name and fields

It represent the resource with details of name and fields it owns.

Name	Description	Type	Notes
fields	List of all field of any resource	array of PolicyFineTuningResourceInfoDetail	Required
resource_name	Resource name It will represent resource with name and fields.	string	Required

PolicyFineTuningResourceInfoDetail (schema)

Contains the details resources with field type and name

Contains the details of resource field

Name	Description	Type	Notes
field_name	Resource name It will represent resource with name and fields.	string	Required
sub_type	List of all field of any resource	PolicyFineTuningResourceInfo	Required

PolicyFirewallCPUMemThresholdsProfileBindingMap (schema)

Policy DFW CPU Memory Thresholds Profile binding map

This entity will be used to establish association between CPU Memory
Thresholds Profile and Transport Node. Using this entity, user can specify
intent for applying Firewall CPU Memory Thresholds Profile to particular
transport nodes.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to	The list of targets where the profile is intended to get applied. The list of targets where the profile is intended to get applied. Valid targets are group paths.	array of string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallCPUMemThresholdsProfileBindingMap	string
sequence_number	Sequence number of this profile binding map Sequence number is used to resolve conflicts when two profiles get applied to a single node. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number.	integer	Required Minimum: 0 Maximum: 4294967295
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_nodes	References of transport nodes References of transport nodes on which the profile intended to be applied.	array of PolicyResourceReference
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallCPUMemThresholdsProfileBindingMapListRequestParameters (schema)

Policy Firewall CPU Memory Thresholds Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyFirewallCPUMemThresholdsProfileBindingMapListResult (schema)

Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Firewall CPU Memory Thresholds Profile Binding Map list results	array of PolicyFirewallCPUMemThresholdsProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyFirewallCpuMemThresholdsProfile (schema)

Firewall CPU and memory thresholds profile

A profile holding CPU and memory thresholds configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
cpu_threshold_percentage	CPU utilization thresholds percentage CPU utilization thresholds percentage to monitor and report for distributed firewall.	integer	Required Minimum: 10 Maximum: 100 Default: "90"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mem_threshold_percentage	Heap memory thresholds utilization percentage Heap memory thresholds percentage to monitor and report for distributed firewall.	integer	Required Minimum: 10 Maximum: 100 Default: "90"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallCpuMemThresholdsProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallCpuMemThresholdsProfileListResult (schema)

Paged Collection of PolicyFirewallCpuMemThresholdsProfile

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	PolicyFirewallCpuMemThresholdsProfile list results	array of PolicyFirewallCpuMemThresholdsProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyFirewallFloodProtectionProfileBindingMap (schema)

Policy DFW Flood Protection Profile binding map

This entity will be used to establish association between Firewall Flood
Protection profile and Group. Using this entity, user can specify intent
for applying Firewall Flood Protection profile to particular Group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallFloodProtectionProfileBindingMap	string
sequence_number	Sequence number of this profile binding map. Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number.	integer	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallFloodProtectionProfileBindingMapListRequestParameters (schema)

Policy Firewall Flood Protection Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyFirewallFloodProtectionProfileBindingMapListResult (schema)

Paged collection of Firewall Flood Protection Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Firewall Flood Protection Profile Binding Map list results	array of PolicyFirewallFloodProtectionProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyFirewallIpReputationConfig (schema)

IP Reputation entity

The type used to activate/deactivate IP reputation feed download.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
download_frequency_in_mins	Feed download frequency The frequency at which IP Reputation feed will be downloaded. This is a readonly field showing the current time interval in minutes. The current value is set 720 mins (12 hrs).	int	Readonly
download_status	Feed download status Indicates the download status of IP reputation feed.	string	Readonly Enum: IN_PROGRESS, COMPLETE, FAILED
enable_auto_download	IP reputation feed auto-download flag Property which indicates whether auto-download of IP Reputation feed is activated or deactivated.	boolean	Required
failure_reason	Reason for feed download failure If feed download fails for some reason like timeout or connectivity issues, then this property will hold the reason for the failure. For other status like IN_PROGRESS and COMPLETE, this field will be empty	string	Readonly
id	Unique identifier of this resource	string	Sortable
last_feed_download	Feed download time Timestamp of the most recent successful feed download.	EpochMsTimestamp	Readonly Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallIpReputationConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallScheduler (schema)

Policy Firewall Scheduler entity

An entity that encapsulates attributes to schedule firewall rules to
be active to allow or block traffic for a specific period of time.
Note that at least one property out of "days", "start_time",
"end_time", "start_date", "end_date" is required.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
days	Days of the week Days of week on which rules will be enforced. If property is omitted, then days of the week will not considered while calculating the firewall schedule. It should not be present when the recurring flag is false.	array of PolicyFirewallSchedulerDays
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
end_date	End date in MM/DD/YYYY End date on which schedule to end. Example, 12/22/2019.	string	Required
end_time	End time If recurring field is set false, then this field must be present. The schedule will be enforced till the end time of the specified end date. If recurring field is set true, then this field should not be present.	string
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
recurring	Firewall schedule recurring flag Flag to indicate whether firewall schedule recurs or not. The default value is true and it should be set to false when the firewall schedule does not recur and is a one time time interval.	boolean	Required Default: "True"
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallScheduler	string
start_date	Start date in MM/DD/YYYY Start date on which schedule to start. Example, 02/22/2019.	string	Required
start_time	Start time Time in 24 hour and minutes in multiple of 30. Example, 9:00. If recurring field is set false, then this field must be present. The schedule will start getting enforced from the start time of the specified start date. If recurring field is set true, then this field should not be present.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
time_interval	Recurring time interval The recurring time interval in a day during which the schedule will be applicable. It should not be present when the recurring flag is false.	array of PolicyTimeIntervalValue	Maximum items: 1
timezone	Host timezone Host Timezone to be used to enforce firewall rules.	string	Required Enum: UTC, LOCAL
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallSchedulerDays (schema)

Day on which scheduled firewall rule will be enforced

Name	Description	Type	Notes
PolicyFirewallSchedulerDays	Day on which scheduled firewall rule will be enforced	string	Enum: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY

PolicyFirewallSchedulerDeleteRequestParameters (schema)

Policy Firewall Scheduler delete request parameters

Name	Description	Type	Notes
force	Force delete the resource even if it is being used somewhere If true, deleting the resource succeeds even if it is being referred as a resource reference.	boolean	Default: "False"

PolicyFirewallSchedulerListRequestParameters (schema)

Policy Firewall Scheduler list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyFirewallSchedulerListResult (schema)

List result of PolicyFirewallSchedulers

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of PolicyFirewallSchedulers	array of PolicyFirewallScheduler	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyFirewallSessionTimerProfile (schema)

Policy Firewall Session timeout profile

A profile holding TCP, UDP and ICMP session timeout configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
icmp_error_reply	Timeout after ICMP error The timeout value for the connection after an ICMP error came back in response to an ICMP packet. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "10"
icmp_first_packet	First packet connection timeout The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "20"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallSessionTimerProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_closed	Timeout after RST The timeout value of connection in seconds after one endpoint sends an RST. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "20"
tcp_closing	Timeout after first TN The timeout value of connection in seconds after the first FIN has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "120"
tcp_established	Connection timeout The timeout value of connection in seconds once the connection has become fully established. The default value for Edges (i.e, Gateway,or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 120 Maximum: 4320000 Default: "43200"
tcp_finwait	Timeout after FINs exchanged The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "45"
tcp_first_packet	Connection timout after first packet The timeout value of connection in seconds after the first packet has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "120"
tcp_opening	Connection timout after second packet The timeout value of connection in seconds after a second packet has been transferred. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "30"
udp_first_packet	Connection timout after first packet The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "60"
udp_multiple	Timeout after hosts sent packet The timeout value of connection in seconds if both hosts have sent packets. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "60"
udp_single	Connection timeout for destination The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts.	integer	Required Minimum: 10 Maximum: 4320000 Default: "30"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallSessionTimerProfileBindingMap (schema)

Policy DFW Timer Session Profile binding map

This entity will be used to establish association between Firewall Timer session
profile and Group. Using this entity, user can specify intent for applying
Firewall Timer session profile to particular Group.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
firewall_session_timer_profile_path	Firewall Session Timer Profile Path PolicyPath of associated Firewall Timer Session Profile	string	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyFirewallSessionTimerProfileBindingMap	string
sequence_number	Sequence number of this profile binding map. Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number.	integer
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyFirewallSessionTimerProfileBindingMapListRequestParameters (schema)

Policy Firewall Session Timer Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyFirewallSessionTimerProfileBindingMapListResult (schema)

Paged collection of Firewall Session Timer Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Firewall Session Timer Profile Binding Map list results	array of PolicyFirewallSessionTimerProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyFirewallSessionTimerProfileListRequestParameters (schema)

Policy Firewall Session timeout profile list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyFirewallSessionTimerProfileListResult (schema)

Paged Collection of Policy Firewall Session timeout profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Policy Firewall Session timeout profile list results	array of PolicyFirewallSessionTimerProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyGroupIPMembersListResult (schema)

Group IP members list result

Paginated collection of IP members belonging to a Group.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of IP addresses that belong to the given Group	array of IPElement	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyGroupMemberDetails (schema)

Group member details

Details of the member belonging to a Group

Name	Description	Type	Notes
display_name	The display name of the member on the enforcement point	string	Required Readonly
id	The ID of the member on the enforcement point	string	Required Readonly
path	The path of the member, if relevant	string	Required Readonly

PolicyGroupMembersListResult (schema)

Group members list result

Paginated collection of members belonging to a Group.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of members that belong to the given Group	array of PolicyGroupMemberDetails	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyGroupServiceAssociationsRequestParameters (schema)

Associations list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
intent_path	Path of the entity Path of the entity for which associated services are to be fetched.	string	Required
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
service_type		string	Enum: firewall, ipfix
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyIKEDigestAlgorithm (schema) (Deprecated)

Digest Algorithms used in IKE negotiations

The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.

Name	Description	Type	Notes
PolicyIKEDigestAlgorithm	Digest Algorithms used in IKE negotiations The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.	string	Deprecated Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

PolicyIKEEncryptionAlgorithm (schema) (Deprecated)

Encryption algorithms used in IKE

IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption Standards.
AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to
provide both confidentiality and data origin authentication. AES_GCM composed
of two separate functions one for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys.
AES_GMAC_256 uses 256-bit keys.

Name	Description	Type	Notes
PolicyIKEEncryptionAlgorithm	Encryption algorithms used in IKE IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys. AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys.	string	Deprecated Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

PolicyIKEVersion (schema) (Deprecated)

IKE version

IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.

Name	Description	Type	Notes
PolicyIKEVersion	IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2.	string	Deprecated Enum: IKE_V1, IKE_V2, IKE_FLEX

PolicyIPAddressInfo (schema) (Deprecated)

IP address information

Used to specify the display name and value of the IPv4Address.

Name	Description	Type	Notes
address_value	Value of the IPv4Address Value of the IPv4Address.	IPv4Address	Required
display_name	Display name of the IPv4Address Display name used to help identify the IPv4Address.	string
next_hop	Next Hop of the IPv4Address Next hop used in auto-plumbing of static route. If a value is not provided, static route will not be auto-plumbed.	IPv4Address

PolicyIdfwEnforcementPointRequestParameters (schema)

Policy Idfw enforcement point Request Parameters

Request parameters that represents an enforcement point path. A request can be
parameterized with this path and will be evaluted as follows
> no enforcement point path specified: the request is evaluated on
available existing enforcement point. We support only 1 per policy manager.
> {enforcement_point_path}: the request is evaluated only on the given enforcement
point.
IDFW is currently not supported on Federation. Once it start supporting,
GM will have to send the enforcement point path while LM behavior stays
same.

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

PolicyIdfwGroupRequestParameters (schema)

Policy Idfw group request parameter

Request parameter that accepts Group path.

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string
group_path	String Path of the group Group path, forward slashes must be escaped using %2F.	string	Required

PolicyIdfwGroupVmDetailListResult (schema)

Identity Firewall user login/session data for a single Group

Identity Firewall user login/session data for a single Group.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
group_path	String Path of the group String Path of the group	string
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of user login/session data for a single VM	array of IdfwVmDetail
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyIdsEventDataRequest (schema)

Parameters to filter list of intrusions

Filtering parameters to get only a subset of intrusion events.

Name	Description	Type	Notes
filters	Filter conditions An array of filter conditions.	array of FilterRequest

PolicyIdsEventFlowData (schema)

IDS event flow data

IDS event flow data specific to each IDS
event. The data includes source ip, source
port, destination ip, destination port,
protocol, rule id, profile id, and the
action.

Name	Description	Type	Notes
action_type	IDS Event action The action pertaining to the detected intrusion. Possible values are ALERT, DROP, REJECT, and INVALID. ALERT - If there is a signature match on the packet, it is allowed to pass but a notification is sent to the user notifying an intrusion was detected. DROP - On a signature match, the packet is silently dropped. An alert is sent to the user that an intrusion was detected. REJECT - On a signature match, the packet is dropped and TCP RST or ICMP error messages (for non-TCP pkts) are sent to the endpoints. An alert is sent to the user that an intrusion was detected. INVALID - If the action doesn't belong to any of the above mentioned categories, it is marked as INVALID.	string	Readonly Enum: ALERT, DROP, REJECT, INVALID
attacker	IP address of the attacker IP address of the attacker VM on the intrusion flow.	string	Readonly
bytes_toclient	Bytes to client Bytes sent to client.	integer	Readonly
bytes_toserver	Bytes to server Bytes sent to server.	integer	Readonly
client_ip	IP address of the client VM IP address of the VM that initiated the communication.	string	Readonly
destination_ip	Attacker Destination IP. Destination IP address of attacker.	string	Readonly
destination_port	Attacker Destination port Destination port of attacker.	integer	Readonly
flow_destination_ip	IP address of the destination VM IP address of the destination VM on the intrusion flow.	string	Readonly
flow_destination_port	Destination port Port on the destination VM where the traffic was sent to.	integer	Readonly
flow_source_ip	IP address of the source VM IP address of the source VM on the intrusion flow.	string	Readonly
flow_source_port	Source port Port on the source VM where traffic was initiated.	integer	Readonly
gateway	Gateway where the intrusion was detected at Name of the gateway on which this intrusion was detected.	string	Readonly
gateway_tags	Tags associated with the gateway Tags associated with the gateway on which this intrusion was detected.	array of Tag	Readonly
host	Host where intrusion was seen Name of the host on which this intrusion was detected.	string	Readonly
local_vm_ip	IP address of the local VM IP address of VM on the host where IDS engine is running.	string	Readonly
profile_id	IDS profile id The IDS profile id that is associated with the IDS rule pertaining to the intrusion event detected.	string	Readonly
protocol	Traffic protocol pertaining to the intrusion Traffic protocol pertaining to the detected intrusion, could be TCP/UDP etc.	string	Readonly
rule_id	IDS Rule id of detected intrusion The IDS Rule id pertaining to the detected intrusion.	integer	Readonly
source_ip	Attacker Source IP Source IP address of attacker.	string	Readonly
source_port	Attacker Source port Source port of attacker.	integer	Readonly
target	IP address of the target VM IP address of the target VM on the intrusion flow.	string	Readonly
traffic_type	IDS event detection source The source where the intrusion was detected. Possible values are GATEWAY and HOST.	string	Readonly Enum: GATEWAY, HOST

PolicyIdsEventsBySignature (schema)

Detected intrusions grouped by signature

Intrusions that are detected, grouped by signature. It contains the signature id,
severity, name, the number of intrusions of that type and the first occurence.

Name	Description	Type	Notes
count	Number of times signature was seen Number of times this particular signature was detected.	integer	Readonly
first_occurence	First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds.	EpochMsTimestamp	Readonly
first_occurrence_site	IDS event first occurrence site The site at which the intrusion first occurred.	string	Readonly
is_ongoing	Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion.	boolean	Readonly
project_id	Project Identifier	string	Readonly
project_path	Project path	string	Readonly
resource_type	IDSEvent resource type IDSEvent resource type.	string	Required Readonly
severity	Severity of the signature Severity of the threat covered by the signature, can be Critical, High, Medium, or Low.	string	Readonly
signature_id	Signature ID Signature ID pertaining to the detected intrusion.	integer	Readonly
signature_name	Name of the signature Name of the signature pertaining to the detected intrusion.	string	Readonly
sites_occurred	IDS event occurrence sites The sites at which the intrusion occurred.	array of string	Readonly
traffic_type	IDS event detection source The source where the intrusion was detected. Possible values are GATEWAY and HOST.	string	Readonly Enum: GATEWAY, HOST

PolicyIdsEventsBySignatureResult (schema)

List of intrusions grouped by signature

List of all intrusions that are detected grouped by signature, it
contains minimal details about the intrusions.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of all intrusions detected List of all intrusions detected, grouped by signature. The details include signature id, name, severity, timestamp, and total number of attempts per signature.	array of PolicyIdsEventsBySignature	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyIdsEventsSummary (schema)

Intrusions with event and signature data

Intrusion event with all the event and signature details, each event
contains the signature id, name, severity, first and recent occurence,
users and VMs affected and other signature metadata.

Name	Description	Type	Notes
affected_ip_count	Count of workload IPs this signature was detected on Count of workload IPs on which a particular signature was detected.	integer	Readonly
affected_vm_count	Count of VMs this signature was detected on Count of VMs on which a particular signature was detected.	integer	Readonly
first_occurence	First occurence of the intrusion First occurence of the intrusion, in epoch milliseconds.	EpochMsTimestamp	Readonly
ids_flow_details	IDS event flow data details IDS event flow data specific to each IDS event. The data includes source ip, source port, destination ip, destination port, and protocol.	object	Readonly
is_ongoing	Flag indicating an ongoing intrusion Flag indicating an ongoing intrusion.	boolean	Readonly
is_rule_valid	Is the rule id valid Indicates if the rule id is valid or not.	boolean	Readonly
latest_occurence	Latest occurence of the intrusion Latest occurence of the intrusion, in epoch milliseconds.	EpochMsTimestamp	Readonly
pcap_id	PCAP ID ID of the packet-capture associated with an event.	string	Readonly
project_id	Project Identifier	string	Readonly
project_path	Project path	string	Readonly
resource_type	IDSEvent resource type IDSEvent resource type.	string	Required Readonly
rule_id	IDS Rule id of detected intrusion The IDS Rule id that detected this particular intrusion.	integer	Readonly
signature_id	Signature ID Signature ID pertaining to the detected intrusion.	integer	Readonly
signature_metadata	Metadata about the detected signature Metadata about the detected signature including name, id, severity, product affected, protocol etc.	object	Readonly
site_id	Site Identifier Site Identifier	string	Readonly
total_count	Number of occurrences of this signature Number of times this particular signature was detected.	integer	Readonly
user_details	List of users on the affected VMs List of users logged into VMs on which a particular signature was detected.	object	Readonly
vm_details	List of VMs this signature was seen List of VMs on which a particular signature was detected with the count.	object	Readonly

PolicyIdsIpList (schema)

List of affected IP addresses

List of all affected IP addresses pertaining to a specific signature for
intrusion events seen on edge.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of all affected IP addresses List of all affected IP addresses specific to a particular signature.	array of IPAddress	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyIdsListRequestQueryParameters (schema)

Query parameters passed to the List Policy IDS Metrics APIs

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path		EnforcementPointPathQueryParameter
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyIdsSummaryListResult (schema)

List of intrusions with their summary

List of all intrusions that are detected grouped by signature with
their summary.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of intrusions Paged collection of the detected intrusions.	array of PolicyIdsEventsSummary	Readonly Maximum items: 100
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyIdsUserList (schema)

List of affected Users

List of all affected users pertaining to a
specific signature.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of all affected users List of all affected users specific to a particular signature.	array of string	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyIdsUserStats (schema)

List of Users

List of Users logged into VMs where intrusions of a given signature
were detected.

Name	Description	Type	Notes
count	Number of unique users Number of unique users logged into VMs on which a particular signature was detected.	integer	Readonly
user_list	List of users List of users logged into VMs on which a particular signature was detected.	array of string	Readonly

PolicyIdsVmList (schema)

List of affected VMs

List of all affected VMs pertaining to a specific signature for
intrusion events seen on host.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of all affected VMs List of all affected VMs specific to a particular signature.	array of string	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyIdsVmStats (schema)

List of VMs where signature was detected

List of VMs on which a particular signature was detected with the count.

Name	Description	Type	Notes
count	Number of unique VMs Number of unique VMs on which a particular signature was detected.	integer	Readonly
vm_list	List of VM names List of VM names on which intrusions of that particular signature type were detected.	array of string	Readonly

PolicyIgmpProfile (schema)

IGMP Profile

IGMP profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
last_member_query_interval	Max Response Time Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the "leave latency" of the network. A reduced value results in reduced time to detect the loss of the last member of a group.	int	Minimum: 1 Maximum: 25 Default: "1"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
query_interval	Interval between general IGMP host-query messages Interval(seconds) between general IGMP host-query messages.	int	Minimum: 1 Maximum: 1800 Default: "30"
query_max_response_time	The maximum elapsed time between response The query response interval(seconds) is the maximum amount of time that can elapse between when the querier router sends a host-query message and when it receives a response from a host. Configuring this interval allows admins to adjust the burstiness of IGMP messages on the subnet; larger values make the traffic less bursty, as host responses are spread out over a larger interval. The number of seconds represented by the query_max_response_time must be less than the query_interval.	int	Minimum: 1 Maximum: 25 Default: "10"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyIgmpProfile	string
robustness_variable	The Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness Variable may be increased. IGMP is robust to (Robustness Variable-1) packet losses. The Robustness Variable must not be zero, and SHOULD NOT be one.	int	Minimum: 1 Maximum: 7 Default: "2"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyInsertParameters (schema)

Parameters to tell where security policy/rule needs to be placed

Parameters to let the admin specify a relative position of a security
policy or rule w.r.t to another one.

Name	Description	Type	Notes
anchor_path	The security policy/rule path if operation is 'insert_after' or 'insert_before'	string
operation	Operation	string	Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top"

PolicyInterVrfRoutingConfig (schema)

policy inter-vrf routing config

policy inter-vrf routing config.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bgp_route_leaking	Import / export BGP routes Import / export BGP routes.	array of BgpRouteLeaking	Maximum items: 2
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyInterVrfRoutingConfig	string
static_route_advertisement	Advertise subnet to target peers as static routes Advertise subnet to target peers as static routes. It cannot be enabled on parent tier0 in first release.	PolicyStaticRouteAdvertisement
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_path	Policy path to tier0/vrf belongs to the same parent tier0 Policy path to tier0/vrf belongs to the same parent tier0.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyInterfaceGroupStatistics (schema)

Gateway interface group statistics

Provides the following statistics about a Tier0 or Tier1 interface group on a specific enforcement
point:

- Individual Tier0 or Tier1 interface statistics which are part of the group. It includes
the number of incoming, outgoing and dropped packet counters per transport node since the time
the interfaces were created. The statistics will be reset on edge reboot or edge dataplane restart.
- Aggregated statistics of all interfaces which are part of the group. It includes the number
of incoming, outgoing and dropped packet counters since the time the interfaces were created. The
statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that
node.

Name	Description	Type	Notes
members	Gateway interface statistics Provides the per transport node statistics of all the Tier0 and Tier1 interfaces that are part of the interface group. It includes the total number of incoming and outgoing packet statistics since the time the interfaces were created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	array of LogicalRouterPortStatistics	Readonly
summary	Aggregate of interface group statistics Provides the aggregated incoming and outgoing packet statistics of all the interfaces that are part of the interface group since the time the interfaces were created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	AggregatedLogicalRouterPortCounters	Readonly

PolicyInterfaceOspfConfig (schema)

OSPF Interface configuration

OSPF Interface configuration.

Name	Description	Type	Notes
bfd_path	Policy path of BFD profile This filed is valid only if enable_bfd is set to TRUE. If enable_bfd flag is set to TRUE, this profile will be applied to all OSPF peers in this interface. If this field is empty, bfd_path will refer to Tier-0 global BFD profile.	string
dead_interval	OSPF dead interval in seconds Specifies the number of seconds that router must wait before it declares a OSPF neighbor router down because it has not received OSPF hello packet. OSPF dead interval should be minimum 3 times greater than the hello interval	int	Minimum: 3 Maximum: 65535 Default: "40"
enable_bfd	enable BFD for OSPF Enable/Disable OSPF to register for BFD event. Use FALSE to disable BFD.	boolean
enabled	enable/disable OSPF enable/disable OSPF on the interface. If enabled flag not specified, defailt is enable OSPF.	boolean	Default: "True"
hello_interval	OSPF hello interval in seconds Specifies the interval between the hello packets that OSPF sends on this interface. OSPF hello interval should be less than the dead interval	int	Minimum: 1 Maximum: 21845 Default: "10"
network_type	Configure OSPF networkt type Configure OSPF networkt type, default is BROADCAST network type	string	Enum: BROADCAST, P2P Default: "BROADCAST"
ospf_area	Attach Tier0 Interface to specified OSPF Area Attache Tier0 Interface to specified OSPF Area. all peers.	string	Required

PolicyInterfaceStatistics (schema)

Tier0 or Tier1 interface statistics on a specific enforcement point

Provides the interface statistics of a Tier0 or Tier1 interface from all transport nodes.
It includes the following information of an interface:

- Logical router port ID.
- For each transport node, it includes the number of incoming, outgoing and dropped packet
counters and, the number of errors and failures causing the drops since the time
the interface was created. The statistics will be reset on edge reboot or edge dataplane
restart.
- For each transport node, it includes subcluster IP and transport node ID of the
interface.

Name	Description	Type	Notes
logical_router_port_id	The ID of the logical router port	string	Required
per_node_statistics	Per node statistics Lists the subcluster ID, transport node ID, incoming, outgoing and dropped packet counters for each transport node since the time the logical router port was created. The packet counters will be reset on edge reboot or edge dataplane restart.	array of LogicalRouterPortStatisticsPerNode	Readonly

PolicyInterfaceStatisticsSummary (schema)

Tier0 or Tier1 interface statistics on a specific enforcement point

Provides the aggregated statistics of a Tier0 or Tier1 interface across all transport nodes on a
specific enforcement point since the time the interface was created. The statistics from a given
transport node will be reset on edge reboot or edge dataplane restart of that node. It includes
the following details:

- Logical router port ID.
- Aggregated incoming packet counters on the logical router port across all transport nodes.
It includes the total number of packets received, dropped, and the number of errors and failures
causing the drops. The counters are from the time the logical router port was created. The statistics
from a given transport node will be reset on edge reboot or edge dataplane restart of that node.
- Aggregated outgoing packet counters on the logical router port across all transport nodes.
It includes the total number of packets sent, dropped, and the number of errors and failures
causing the drops. The counters are from the time the logical router port was created. The statistics
from a given transport node will be reset on edge reboot or edge dataplane restart of that node.
- Some of the packet drop reasons include, the DAD (Duplicate Address Detection) status of the IP
is not in ASSIGNED state, firewall rules, failed to fragment the packet, receive malformed packet,
could not find route to destination, absence of the receiver, insufficient memory, incomplete ARP
resolution of the next-hop, RPF check failure, failed to redirect packet to KNI interface,
TTL exceeded, port does not have a linked peer port and and unsupported - destination, protocol
or L4 port.
- Some of the IPSec packet drop reasons include the missing security association or VTI interface. It
also includes packets dropped due to policy lookup error or block policy.
- Provides the total number of service-insertion, KNI, non-IP and IPv6 packets dropped.

Name	Description	Type	Notes
interface_policy_path	Policy path for the interface Policy path for the interface	string
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_router_port_id	The ID of the logical router port	string	Required
rx	Packets in statistics Provides the aggregated incoming packet counters on the logical router port. It includes the total number of packets received, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly
tx	Packets out statistics Provides the aggregated outcoming packet counters on the logical router port. It includes the total number of packets sent, dropped, and the number of errors and failures causing the drops. The counters are from the time the logical router port was created. The statistics from a given transport node will be reset on edge reboot or edge dataplane restart of that node.	LogicalRouterPortCounters	Readonly

PolicyIpReputationFeedQueryParameters (schema)

IP Reputation feed query parameters

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point The path of the enforcement point where the Feed id downloaded to. Forward slashes must be escaped using %2F. This is a mandatory field when called from Global Manager.	string
operation	action	string	Required Enum: enable_auto_download, disable_auto_download, download

PolicyL2TablesParameters (schema)

Layer-2 table request parameters

Name	Description	Type
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType
transport_node_id	TransportNode Id	string

PolicyLabel (schema)

Label to reference group of policy entities of same type.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
refs	Policy entity paths referred by the label instance Policy entity paths referred by the label instance	array of string
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyLabel	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
type	Policy intent entity type from PolicyResourceType Policy intent entity type from PolicyResourceType	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyLabelListRequestParameters (schema)

PolicyLabel list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyLabelListResult (schema)

Paged Collection of Domains

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Policy label list results	array of PolicyLabel	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyLatencyStatProfile (schema)

Latency Stat Profile

Latency stat service profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_group_path	Binding Policy group path The Policy group path to apply the latency profile.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pnic_latency_enabled	Pnic latency enablement flag Activate or Deactivate pnic latency.	boolean	Default: "False"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyLatencyStatProfile	string
sampling_interval	Latency sampling interval Event nth milliseconds packet is sampled. When a value less than 1000 is given, the realized sampling interval will be 1000 milliseconds.	integer	Minimum: 1 Maximum: 1000000
sampling_rate	Latency sampling rate Event nth packet is sampled.	integer	Minimum: 100 Maximum: 1000000
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyListL2TablesParameters (schema)

Layer-2 table list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType
transport_node_id	TransportNode Id	string

PolicyListRequestParameters (schema)

Policy list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyListResult (schema)

Paged Collection of security policies

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyLiveTraceActionConfig (schema)

Livetrace action configuration

Name	Description	Type
counter_config	Configuration of count action	LiveTracePacketGranularActionConfig
datapath_stats_config	Configuration of datapath statistics action Configuration of datapath statistics action, which can be enabled only when other actions are disabled.	LiveTracePacketGranularActionConfig
pktcap_config	Configuration of packet capture action	LiveTracePacketGranularActionConfig
trace_config	Configuration of trace action	LiveTracePacketGranularActionConfig

PolicyLiveTraceIpsecVpnConfig (schema)

IPSec VPN configuration for starting livetrace on IPSec tunnel interface

Information for deriving virtual tunnel interface (VTI) of Route-based IPSec VPN session.

Name	Description	Type	Notes
session_path	Policy path of VPN session Policy path of VPN session.	string	Required

PolicyMetadataProxyStatistics (schema)

Name	Description	Type	Notes
metadata_proxy_path	Policy path of metadata proxy configuration	string	Required
statistics	Metadata Proxy statistics per segment	array of MetadataProxyStatisticsPerSegment
timestamp	timestamp of the statistics	EpochMsTimestamp	Required

PolicyMetadataProxyStatus (schema)

Name	Description	Type	Notes
error_message	Error message, if available	string
proxy_status	UP means the metadata proxy is working fine on both transport-nodes(if configured); DOWN means the metadata proxy is is down on both transport-nodes(if configured), hence the metadata proxy will not repsond to any metadata request; Error means there is an error on transport-node(s) or no status is reported from transport-node(s). The metadata proxy may be working (or not working); NO_BACK means metadata proxy is working on one of the transport node while not in the other transport-node (if configured). If the metadata proxy on the working transport-node goes down, the metadata proxy will go down.	string	Required Enum: UP, DOWN, ERROR, NO_BACKUP
transport_nodes	ids of transport nodes where this metadata proxy is running Order of the transport nodes is insensitive because Metadata Proxy is running in Active-Active mode among target transport nodes.	array of string	Required

PolicyMonitoringConfig (schema)

PolicyMonitoringConfig.

This object refers to config on policy like product-version and properties.

Name	Description	Type	Notes
product_version	Product Version. Version and build number of NSX.	string	Required
properties	Properties. This field refers to all the properties defined for NSX.	object	Required

PolicyMulticastConfig (schema)

Multicast routing configuration

Multicast routing configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Activate/deactivate Multicast Configuration Activate/deactivate Multicast Configuration.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
igmp_profile_path	Policy path to IGMP profile Updates to IGMP profile applied on all Tier0 gateways consuming the configuration.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pim_profile_path	Policy path to PIM profile Updates to PIM profile applied on all Tier0 gateways consuming the configuration.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
replication_multicast_range	Replication multicast range Replication multicast range. Required when enabled.	string	Format: ipv4-cidr-block
resource_type	Must be set to the value PolicyMulticastConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyNATRuleCounters (schema)

NAT rule statistics

Provides the following statistics for the NAT rules:

- Current number of active traffic sessions matching the NAT rules.
- Total number of bytes processed on the NAT rules since the time the rules
were created.
- Total number of packets processed on the NAT rules since the time the rules
were created.

Name	Description	Type	Notes
active_sessions	Active sessions Provides the current number of active traffic sessions matching the NAT rules.	integer	Readonly
total_bytes	Total bytes Provides the total number of bytes processed on the NAT rules since the time the rules were created.	integer	Readonly
total_packets	Total packets Provides the total number of packets processed on the NAT rules since the time the rules were created.	integer	Readonly

PolicyNat (schema)

Contains list of NAT Rules

Represents NAT section. This object is created by default when corresponding
tier-0/tier-1 is created. Under tier-0/tier-1 there will be 4 different NATs(sections).
(INTERNAL, USER, DEFAULT and NAT64).

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nat_type	NAT section under tier-0/tier-1 Represents a NAT section under tier-0/tier-1.	string	Enum: INTERNAL, USER, DEFAULT, NAT64
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyNat	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyNatListRequestParameters (schema)

NAT list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyNatListResult (schema)

Paged Collection of NAT Types

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	NAT list results	array of PolicyNat	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyNatRule (schema)

Represents a NAT rule between source and destination at T0/T1 router

Represents a NAT rule between source and destination at T0/T1 router.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Represents action of NAT Rule SNAT, DNAT, REFLEXIVE Source NAT(SNAT) - translates a source IP address in an outbound packet so that the packet appears to originate from a different network. SNAT is only supported when the logical router is running in active-standby mode. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. DNAT is only supported when the logical router is running in active-standby mode. Reflexive NAT(REFLEXIVE) - IP-Range and CIDR are supported to define the "n". The number of original networks should be exactly the same as that of translated networks. The address translation is deterministic. Reflexive is supported on both Active/Standby and Active/Active LR. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported. NAT64 - translates an external IPv6 address to a internal IPv4 address.	string	Required Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT, NAT64
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_network	Represents the destination network This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. For VPC DNAT NATRule, destination network address should be IPv4 address allocated from External Block associated with VPC.	IPElementList
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Policy NAT Rule enabled flag The flag, which suggests whether the NAT rule is enabled or disabled. The default is True.	boolean	Default: "True"
firewall_match	Represents the firewall match flag It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned	string	Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS Default: "MATCH_INTERNAL_ADDRESS"
id	Unique identifier of this resource	string	Sortable
logging	Policy NAT Rule logging flag The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
policy_based_vpn_mode	Indicates NSX edge Nat behaviour for inbound VPN tra It indicates how the NSX edge applies Nat Policy for VPN traffic. It is supported only for Nat Rule action type DNAT and NO_DNAT. For all other NAT action, leave it unassigned. BYPASS - Default vpn mode. It indicates that Nat policy will be applied to the inbound traffic on Routed Based VPN tunnel, if the policy based VTI is in the "scope" for this rule. Default value will be set to BYPASS if MATCH - It indicates that this NAT rule will only match the Policy Based VPN traffic.	string	Enum: BYPASS, MATCH
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyNatRule	string
scope	Array of policy paths of labels, ProviderInterface, NetworkInterface Represents the array of policy paths of ProviderInterface or NetworkInterface or labels of type ProviderInterface or NetworkInterface or IPSecVpnSession on which the NAT rule should get enforced. The interfaces must belong to the same router for which the NAT Rule is created.	array of string
sequence_number	Sequence number of the Nat Rule The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023	int	Default: "0"
service	Represents the service on which the NAT rule will be applied It represents the path of Service on which the NAT rule will be applied. If not provided or if it is blank then Policy manager will consider it as ANY. Please note, if this is a DNAT, the destination_port of the service will be realized on NSX Manager as the translated_port. And if this is a SNAT, the destination_port will be ignored.	string
source_network	Represents the source network address This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT, NAT64 and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network.	IPElementList
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
translated_network	Represents the translated network address This supports single IP address or comma separated list of single IP addresses or CIDR. If user specify the CIDR, this value is actually used as an IP pool that includes both the subnet and broadcast addresses as valid for NAT translations. This does not support IP range or IP sets. Comma separated list of single IP addresses is not suported for DNAT and REFLEXIVE rules. For SNAT, DNAT, NAT64 and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. For VPC SNAT and Refelexive NATRule, translated network address should be IPv4 address allocated from External Block associated with VPC.	IPElementList
translated_ports	Port number or port range Please note, if there is service configured in this NAT rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored.	PortElement
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyNatRuleListRequestParameters (schema)

NAT Rule list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyNatRuleListResult (schema)

Paged Collection of NAT Rules

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	NAT Rules list results	array of PolicyNatRule	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyNatRuleStatistics (schema)

NAT rule statistics

Provides the following statistics for a NAT rule:

- Current number of active traffic sessions matching the NAT rule.
- Total number of bytes processed on the NAT rule since the time the rule
was created.
- Total number of packets processed on the NAT rule since the time the rule
was created.
- Any warning message about NAT rule statistics.

Name	Description	Type	Notes
active_sessions	Active sessions Provides the current number of active traffic sessions matching the NAT rules.	integer	Readonly
last_update_timestamp	Last update timestamp Timestamp when the data was last updated.	EpochMsTimestamp	Readonly
total_bytes	Total bytes Provides the total number of bytes processed on the NAT rules since the time the rules were created.	integer	Readonly
total_packets	Total packets Provides the total number of packets processed on the NAT rules since the time the rules were created.	integer	Readonly
warning_message	Warning Message The warning message about the NAT Rule Statistics.	string	Readonly

PolicyNatRuleStatisticsListRequestParameters (schema)

NAT Rule statistics list request parameters

Request parameter to get NAT rule statistics.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point Enforcement point path, forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyNatRuleStatisticsListResult (schema)

NAT rule statistics

Provides the following details for a NAT rule across all enforcement points:

- Current number of active traffic sessions matching the NAT rule.
- Total number of bytes processed on the NAT rule since the time the rule was
created.
- Total number of packets processed on the NAT rule since the time the rule was
created.
- Any warning message about NAT rule statistics.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of NAT rule statistics per enforcement point For every enforcement point, it lists the warning message of NAT rule statistics, the current number of active traffic sessions matching the NAT rule, and the total number of packets and bytes processed on the NAT rule since the time the rule was created.	array of PolicyNatRuleStatisticsPerEnforcementPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyNatRuleStatisticsPerEnforcementPoint (schema)

NAT rule statistics per enforcement point

Provides the following details for a NAT rule for a given enforcement point

- Current number of active traffic sessions matching the NAT rule.
- Total number of bytes processed on the NAT rule since the time the rule
was created.
- Total number of packets processed on the NAT rule since the time the rule
was created.
- Any warning message about NAT rule statistics.

Name	Description	Type	Notes
enforcement_point_path	Enforcement point Path Policy Path referencing the enforcement point from where the statistics are fetched.	string
rule_path	Path of NAT Rule Path of NAT Rule.	string
rule_statistics	NAT rule statistics Provides the current number of active traffic sessions matching the NAT rule, the total number of packets and bytes processed on the NAT rule since the time the rule was created.	array of PolicyNatRuleStatistics	Readonly

PolicyNatRuleStatisticsPerLogicalRouter (schema)

Aggregate of NAT rule statistics per logical router per enforcement point

Provides the following statistics of all NAT rules in a logical router for a given
enforcement point:

- Aggregated statistics of all NAT rules in a logical router. It includes the
current number of active traffic sessions matching the NAT rules and, the total number
of packets processed on the NAT rules since the time the rules were created.
- Lists per transport node statistics of all NAT rules in a logical router. It
includes the current number of active traffic sessions matching the NAT rules and,
the total number of packets processed on the NAT rules since the time the rules were
created.
- Transport node ID.

Name	Description	Type	Notes
enforcement_point_path	Enforcement point Path Policy Path referencing the enforcement point from where the statistics are fetched.	string
last_update_timestamp	Last update timestamp Timestamp when the data was last updated.	EpochMsTimestamp	Readonly
per_node_statistics	Aggregated NAT rule statistics per transport node Provides the statistics of all NAT rules in a transport node. It includes the current number of active traffic sessions matching the NAT rules and the total number of packets processed on the NAT rules since the time the rules were created.	array of PolicyNatRuleStatisticsPerTransportNode	Readonly
router_path	Router path Path of the router.	string
statistics	Rolled up statistics Provides the aggregated statistics of all NAT rules in a logical router. It includes the current number of active traffic sessions matching the NAT rules and the total number of packets processed on the NAT rules. The counts are from the time the rules were created.	PolicyNATRuleCounters	Readonly

PolicyNatRuleStatisticsPerLogicalRouterListResult (schema)

Aggregate of NAT rule statistics per logical router

Provides the following statistics for all NAT rules in a logical router across all
enforcement points since the time the rules were created:

- Aggregated statistics of all NAT rules in a logical router.
- Lists statistics of all NAT rules in a logical router for each transport node.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of aggregated NAT rule statistics per logical router per enforcement point For every enforcement point, it provides the aggregated statistics and per transport node statistics of all NAT rules in a logical router since the time the rules were created.	array of PolicyNatRuleStatisticsPerLogicalRouter	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyNatRuleStatisticsPerTransportNode (schema)

Aggregate of NAT rule statistics per transport node

Provides the following details of an edge transport node:

- Transport node ID.
- Current number of active traffic sessions in an edge transport node matching the
NAT rules.
- Total number of bytes processed on all NAT rules in an edge transport node since
the time the rules were created.
- Total number of packets processed on all NAT rules in an edge transport node since
the time the rules were created.

Name	Description	Type	Notes
active_sessions	Active sessions Provides the current number of active traffic sessions matching the NAT rules.	integer	Readonly
last_update_timestamp	Last update timestamp Timestamp when the data was last updated.	EpochMsTimestamp	Readonly
total_bytes	Total bytes Provides the total number of bytes processed on the NAT rules since the time the rules were created.	integer	Readonly
total_packets	Total packets Provides the total number of packets processed on the NAT rules since the time the rules were created.	integer	Readonly
transport_node_path	Node path Policy path of the Edge Node.	string	Readonly

PolicyNonCompliantConfig (schema)

Name	Description	Type	Notes
affected_resources	Resources/Services impacted by non compliant configuration Resources/Services impacted by non compliant configuration	array of PolicyResourceReference	Readonly
compliance_names	Names of compliance programs Names of the compliance programs according to which the affected resources are non-compliant.	array of string	Readonly
description	Detail description of non compliant configuration with suggestive action	string	Readonly
non_compliance_code	Code for non compliant configuration	integer	Readonly
reported_by	Id and name of non compliant resource/service	PolicyResourceReference	Readonly

PolicyNsLookupParameters (schema)

Name	Description	Type	Notes
address	IP address or FQDN for nslookup	string
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

PolicyPerNodeDnsFailedQueries (schema)

The list of failed DNS queries per transport node

The list of the failed DNS queries with entry count and timestamp.
The entry count is for per active/standby transport node.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
edge_node_path	Policy edge node path equivalent policy path for the edge node	string
node_id	Uuid of active/standby transport node The Uuid of active/standby transport node.	string	Required Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of failed DNS queries The list of failed DNS queries.	array of DnsFailedQuery	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
timestamp	Timestamp of the request Timestamp of the request, in YYYY-MM-DD HH:MM:SS.zzz format.	string	Required Readonly

PolicyPimProfile (schema)

PIM profile

PIM profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bsm_enabled	Activate/deactivate bootstrap messaging Configuration Activate/deactivate bootstrap messaging Configuration.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyPimProfile	string
rp_address_multicast_ranges	Static IPv4 multicast address and assciated multicast groups configuration Static IPv4 multicast address and assciated multicast groups configuration.	array of RpAddressMulticastRanges
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
rp_address	Static IPv4 multicast address configuration This field is deprecated and recommended to use rp_address_multicast_ranges	IPAddress	Deprecated

PolicyPoolUsage (schema)

IP usage statistics in a IpAddressPool.

Name	Description	Type	Notes
allocated_ip_allocations	Total number of allocated IPs in a IpAddressPool Total number of allocated IPs shown are from NSX manager. NSX manager uses default release delay of 2 mins. Till this delay passes, IPs will be shown as allocated (and counted in allocated ips). In this period of time there could be mismatch in requested_ip_allocations and allocated_ip_allocations.	integer	Readonly
available_ips	Total number of available IPs in a IpAddressPool	integer	Readonly
requested_ip_allocations	Total number of requested IP allocations in a IpAddressPool	integer	Readonly
total_ips	Total number of IPs in a IpAddressPool	integer	Readonly

PolicyRealizedResource (schema)

Abstract base class for all the realized policy objects

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alarms	Alarm info detail	array of PolicyAlarmResource
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
intent_reference	Desire state paths of this object	array of string
operational_status	String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive.	string
operational_status_error	String representation of operational status error It defines the root cause for operational status error.	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
publish_status	String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive.	string
publish_status_error	String representation of publish status error It defines the root cause for publish status error.	string
publish_status_error_code	Represents error code for publish status. It defines error code for publish status error.	int
publish_status_error_details	Details for publich status error. Error details for publish status.	array of ConfigurationStateElement
publish_time	Publish time of the intent This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time	EpochMsTimestamp	Readonly Sortable
realization_api	Realization API of this object on enforcement point	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
realization_specific_identifier	Realization id of this object	string
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyRealizedResource	string
runtime_error	String representation of runtime error It define the root cause for runtime error.	string
state	Realization state of this object	string	Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
time_taken_for_realization	Appoximate time taken in milliseconds for end to end realization. This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization	integer
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
runtime_status	String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive.	string	Deprecated

PolicyRelatedApiError (schema)

Detailed information about errors from API call to an enforcement point

Name	Description	Type
details	Further details about the error	string
error_code	A numeric error code	integer
error_data	Additional data about the error	object
error_message	A description of the error	string
module_name	The module name where the error occurred	string

PolicyRequestParameter (schema)

Represents optional API request parameter to be used in HAPI

Optional API Request Parameter to be used in HAPI.

Name	Description	Type	Notes
resource_type	The type of this request parameter.	string	Required

PolicyResource (schema)

Abstract base class for all the policy objects

Abstract base class for all the policy objects.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyResource	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyResourceReference (schema)

Policy resource reference

Policy resource reference.

Name	Description	Type	Notes
is_valid	Target validity Will be set to false if the referenced NSX resource has been deleted.	boolean	Readonly
owner_id	A unique identifier assigned by the system for the ownership of resource This is a UUID generated by the system for knowing who owns this resource. This is used in NSX+.	string	Readonly
path	Absolute path of this object Absolute path of this object.	string	Readonly
project_scope	Project scope of policy resource Project scope of policy resource	array of string	Readonly
target_display_name	Target display name Display name of the NSX resource.	string	Readonly Maximum length: 255
target_id	Target ID Identifier of the NSX resource.	string	Maximum length: 64
target_type	Target type Type of the NSX resource.	string	Maximum length: 255

PolicyResourceReferenceForEP (schema)

Policy resource reference for enforcement point

Name	Description	Type	Notes
is_valid	Target validity Will be set to false if the referenced NSX resource has been deleted.	boolean	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns a group This is a UUID generated by the system for knowing which site owns this group. This is used in NSX+.	string	Readonly
owner_id	A unique identifier assigned by the system for the ownership of resource This is a UUID generated by the system for knowing who owns this resource. This is used in NSX+.	string	Readonly
path	Absolute path of this object Absolute path of this object.	string	Readonly
project_scope	Project scope of policy resource Project scope of policy resource	array of string	Readonly
remote_path	Path of the object on the remote end. This is the path of the object on the local managers when queried on the NSX+ service, and path of the object on NSX+ service when queried from the local managers.	string	Readonly
target_display_name	Target display name Display name of the NSX resource.	string	Readonly Maximum length: 255
target_id	Target ID Identifier of the NSX resource.	string	Maximum length: 64
target_type	Target type Type of the NSX resource.	string	Maximum length: 255

PolicyResourceReferenceForEPListResult (schema)

Policy resource reference list for enforcement point

Paginated collection of policy resource references for enforcement point

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of policy resource references for enforcement point	array of PolicyResourceReferenceForEP	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyResourceReferenceListResult (schema)

Paged Collection of PolicyResourceReference

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Policy resource references list results	array of PolicyResourceReference	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyRouteAdvertisementRule (schema)

policy route advertisement rule

policy route advertisement rule.

Name	Description	Type	Notes
action	Action to advertise routes Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement	string	Required Enum: PERMIT, DENY Default: "PERMIT"
name	Display name for rule Display name for rule.	string
prefix_operator	Prefix operator to match subnets Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured.	string	Enum: GE, EQ Default: "GE"
route_advertisement_types	Enable different types of route advertisements Enable different types of route advertisements.	array of InterVrfRouteAdvertisementTypes
subnets	Network CIDRs Network CIDRs to be routed.	array of string

PolicyRuntimeAlarm (schema)

Alarm of PolicyRuntimeInfoPerEP

Alarm associated with the PolicyRuntimeInfoPerEP that exposes
potential errors when retrieving runtime information from the
enforcement point.

Name	Description	Type	Notes
error_details	Error Detailed Information Detailed information about errors from an API call made to the enforcement point, if any.	PolicyApiError	Readonly
error_id	Alarm Error Id Alarm error id.	string	Readonly
message	Error Message to Describe the Issue Error message describing the issue.	string	Readonly

PolicyRuntimeInfoPerEP (schema)

PolicyRuntimeInfoPerEP

Runtime Info Per Enforcement Point.

Name	Description	Type	Notes
alarm	Alarm Information Details Alarm information details.	PolicyRuntimeAlarm	Readonly
enforcement_point_path	Enforcement point Path Policy Path referencing the enforcement point where the info is fetched.	string	Readonly

PolicyRuntimeOnEpRequestParameters (schema)

Request Parameters for Policy Runtime on enforcement point

Request parameters that represents an enforcement point path.
A request on runtime information can be parameterized with this path and will be
evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- an enforcement point path is specified: the request is evaluated only on the given
enforcement point.

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

PolicyRuntimeRequestParameters (schema)

Request Parameters for Policy Runtime Information

Request parameters that represents an enforcement point path and data source.
A request on runtime information can be parameterized with this pair and will be
evaluted as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- an enforcement point path is specified: the request is evaluated only on the given
enforcement point.

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

PolicySIExcludeList (schema)

Service Insertion Exclusion List

List of entities where Service Insertion will not be enforced. Exclusion List can contain PolicyGroup(s) or SegmentPort(s) or Segment(s).

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
members	ExcludeList member list List of the members in the exclude list	array of string	Required Maximum items: 100
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicySIExcludeList	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicySIStatusConfiguration (schema)

Service Insertion Status

It represents status of Service Insertion for North-South and East-West context types.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
east_west_enabled	East-West status flag If set to true, service insertion for east-west traffic is enabled.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
north_south_enabled	North-South status flag If set to true, service insertion for north-south traffic is enabled.	boolean	Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicySIStatusConfiguration	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyServiceChain (schema)

Policy Service Chain

Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
failure_policy	Failure Policy Failure policy for the service defines the action to be taken i.e to allow or to block the traffic during failure scenarios.	string	Enum: ALLOW, BLOCK Default: "ALLOW"
forward_path_service_profiles	Forward path service profiles Forward path service profiles are applied to ingress traffic.	array of string	Required Maximum items: 4
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
path_selection_policy	Path Selection Policy Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - Preference to be given to local service insances. REMOTE - Preference to be given to the SVM co-located on the same host. ROUND_ROBIN - All active service paths are hit with equal probability.	string	Enum: ANY, LOCAL, REMOTE, ROUND_ROBIN Default: "LOCAL"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyServiceChain	string
reverse_path_service_profiles	Reverse path service profiles Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied.	array of string	Maximum items: 4
service_segment_path	Path to service segment Path to service segment using which the traffic needs to be redirected.	array of string	Required Minimum items: 1 Maximum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyServiceInstance (schema)

Represents an instance of partner Service and its configuration

Represents an instance of partner Service and its configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Deployment Template attributes List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance.	array of Attribute	Required Maximum items: 128
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
compute_id	Id of the compute resource. Id of the compute(ResourcePool) to which this service needs to be deployed.	string	Required
context_id	Id of the compute manager UUID of VCenter/Compute Manager as seen on NSX Manager, to which this service needs to be deployed.	string
deployment_mode	Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode.	string	Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY"
deployment_spec_name	Name of the Deployment Specification Form factor for the deployment of partner service.	string	Required
deployment_template_name	Name of the Deployment Template Template for the deployment of partnet service.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
failure_policy	Failure policy for the Service VM Failure policy for the Service VM. If this values is not provided, it will be defaulted to FAIL_CLOSE.	string	Enum: ALLOW, BLOCK Default: "BLOCK"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
partner_service_name	Name of Partner Service Unique name of Partner Service in the Marketplace	string	Required
path	Absolute path of this object Absolute path of this object	string	Readonly
primary_gateway_address	Gateway for primary management console Gateway address for primary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided.	IPElement
primary_interface_mgmt_ip	Management IP Address of primary interface of the Service Management IP Address of primary interface of the Service	IPElement	Required
primary_interface_network	Path of the segment to which primary interface of the Service VM needs to be connected Path of the segment to which primary interface of the Service VM needs to be connected	string
primary_portgroup_id	Id of the standard or ditsributed port group for primary management console Id of the standard or ditsributed port group for primary management console. Please note that only 1 of the 2 values from 1. primary_interface_network 2. primary_portgroup_id are allowed to be passed. Both can't be passed in the same request.	string
primary_subnet_mask	Subnet for primary management console IP Subnet for primary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided.	IPElement
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyServiceInstance	string
secondary_gateway_address	Gateway for secondary management console Gateway address for secondary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided.	IPElement
secondary_interface_mgmt_ip	Management IP Address of secondary interface of the Service Management IP Address of secondary interface of the Service	IPElement
secondary_interface_network	Path of segment to which secondary interface of the Service VM needs to be connected Path of segment to which secondary interface of the Service VM needs to be connected	string
secondary_portgroup_id	Id of the standard or ditsributed port group for secondary management console Id of the standard or ditsributed port group for secondary management console. Please note that only 1 of the 2 values from 1. secondary_interface_network 2. secondary_portgroup_id are allowed to be passed. Both can't be passed in the same request.	string
secondary_subnet_mask	Subnet for secondary management console IP Subnet for secondary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided.	IPElement
storage_id	Id of the storage Id of the storage(Datastore). VC moref of Datastore to which this service needs to be deployed.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_type	Transport Type Transport to be used while deploying Service-VM.	string	Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyServiceProfile (schema)

Policy Service Profile for a given Service

Service profile represents specialization of a vendor template. User may provide any of the vendor_template_name or vendor_template_key properties. But in case of multiple vendor templates with the same name, it is recommended to use the vendor_template_key. When both attributes are provided, name is ignored and only key is used to identify the template. If there are multiple templates with same name, and vendor_template_name is provided, realization will fail.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attributes	Service profile attributes List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to NSX. If a vendor template exposes configurable parameters, then their values are specified here.	array of Attribute	Maximum items: 128
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
redirection_action	Redirection action The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Redirection action is not applicable to guest introspection service.	string	Enum: PUNT, COPY
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyServiceProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vendor_template_key	Vendor Template Key The vendor template key property of actual vendor template. This should be used when multiple templates with same name exist.	string
vendor_template_name	Vendor template name Name of the vendor template for which this Service Profile is being created.	string

PolicyStaticRouteAdvertisement (schema)

policy static route advertisement

policy static route advertisement.

Name	Description	Type	Notes
advertisement_rules	Route advertisement rules Route advertisement rules.	array of PolicyRouteAdvertisementRule
in_filter_prefix_list	Paths of ordered Prefix list Paths of ordered Prefix list, it breaks after first match.	array of string	Maximum items: 5

PolicyStatisticsAggregateParameters (schema)

Request Parameters for Policy Statistics Aggregate

Request Parameter for aggregating Policy statistics on enforcement point.

Name	Description	Type	Notes
action	Action on statistics Action to take on statistics for an object.	string	Enum: aggregate
container_cluster_path	String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed.	string
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

PolicyStatisticsResetParameters (schema)

Request Parameters for Policy Statistics Reset

Request Parameter for resetting Policy statistics on enforcement point.

Name	Description	Type	Notes
action	Action on statistics Action to take on statistics for an object.	string	Required Enum: reset
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

PolicySubAttributes (schema)

Policy Sub Attributes data holder

Name	Description	Type	Notes
datatype	Datatype for sub attribute	string	Required Enum: STRING
key	Key for sub attribute	string	Required Enum: TLS_CIPHER_SUITE, TLS_VERSION, CIFS_SMB_VERSION
value	Value for sub attribute key Multiple sub attribute values can be specified as elements of array.	array of string	Required Minimum items: 1

PolicyTask (schema)

Task information

This object holds the information of the task.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
async_response_available	True if response for asynchronous request is available	boolean	Readonly
cancelable	True if this task can be canceled	boolean	Readonly
description	Description of the task	string	Readonly
end_time	The end time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
failure_msg	Reason of the task failure This property holds the reason of the task failure, if any.	string	Readonly
id	Identifier for this task	string	Readonly
message	A message describing the disposition of the task	string	Readonly
progress	Task progress if known, from 0 to 100	integer	Readonly Minimum: 0 Maximum: 100
request_method	HTTP request method	string	Readonly
request_uri	URI of the method invocation that spawned this task	string	Readonly
start_time	The start time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
status	Current status of the task	TaskStatus	Readonly
user	Name of the user who created this task	string	Readonly

PolicyTepCsvListResult (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
results		array of PolicyTepTableCsvRecord

PolicyTepListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results		array of PolicyTepTableEntry
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
transport_node_id	Transport node identifier	string	Readonly

PolicyTepMember (schema)

Name	Description	Type	Notes
tep_member_ip	The TEP Member IP	string

PolicyTepTableCsvRecord (schema)

Name	Description	Type	Notes
segment_id	TEP segment identifier This is the identifier of the TEP segment. This segment is NOT the same as logical segment or logical switch.	string
tep_ip	The tunnel endpoint IP address	IPAddress
tep_label	The tunnel endpoint label	integer	Required
tep_mac_address	The tunnel endpoint MAC address	string	Required
tep_member_ip	The TEP Member IP	string
tn_tep_group_id	The Transport Node TEP Group ID	string

PolicyTepTableEntry (schema)

Name	Description	Type
segment_id	The segment Id	string
tep_ip	The tunnel endpoint IP address	IPAddress
tep_label	The tunnel endpoint label	integer
tep_mac_address	The tunnel endpoint MAC address	string
tn_tep_group		PolicyTunnelTepGroup
tn_tep_group_id	The Transport Node TEP Group ID	string

PolicyTgwChildrenAlarm (schema)

List of policy vpc realization failures for subnets

List policy vpc realization failures under the object

Name	Description	Type	Notes
attachments		array of RealizationEntity

PolicyTier1MulticastConfig (schema)

Multicast routing configuration

Multicast routing configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Activate/deactivate Multicast Configuration Activate/deactivate Multicast Configuration. Whenever service router needs to be added/deleted from tier1, user needs to deactivate multicast first.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyTier1MulticastConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyTimeIntervalValue (schema)

Time interval on which firewall schedule will be applicable

Name	Description	Type	Notes
end_interval	End time of the interval Time in 24 hour and minutes in multiple of 30. Example, 17:30.	string	Required
start_interval	Start time of the interval Time in 24 hour and minutes in multiple of 30. Example, 9:00.	string	Required

PolicyTraceflowObservationDelivered (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
interface_path	Path of interface	string	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
lport_id	The id of the logical port into which the traceflow packet was delivered	string	Readonly
lport_name	The name of the logical port into which the traceflow packet was delivered	string	Readonly
parent_port_path	Policy path of the segment port.	string
resolution_type	The resolution type of the delivered message for ARP This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by IP table. ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table. ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP. ARP_VM - No suppression and the ARP request is resolved by VM. ARP_LRP - No suppression and the ARP request is resolved by logical router.	string	Readonly Enum: UNKNOWN, ARP_SUPPRESSION_PORT_CACHE, ARP_SUPPRESSION_TABLE, ARP_SUPPRESSION_CP_QUERY, ARP_VM, ARP_LRP
resource_type	Must be set to the value PolicyTraceflowObservationDelivered	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
segment_port_path	Path of segment port	string	Readonly
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
subnet_port_path	Path of subnet port	string	Readonly
target_mac	MAC address of the resolved IP by ARP The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
vlan_id	VLAN on bridged network	VlanID

PolicyTraceflowObservationDropped (schema)

Name	Description	Type	Notes
acl_rule_id	The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule.	integer	Readonly
acl_rule_path	Access Control List Rule Path The path of the ACL rule that was applied to forward the traceflow packet	string	Readonly
arp_fail_reason	The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction	string	Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
interface_path	Path of interface	string	Readonly
ipsec_fail_reason	The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown	string	Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
jumpto_rule_id	The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule.	integer	Readonly
l2_rule_id	The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule.	integer	Readonly
lport_id	The id of the logical port at which the traceflow packet was dropped	string	Readonly
lport_name	The name of the logical port at which the traceflow packet was dropped	string	Readonly
nat_rule_id	The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule.	integer	Readonly
nat_rule_path	Network Address Translation Rule Path The path of the NAT rule that was applied to forward the traceflow packet	string	Readonly
reason	The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. IP_OUT_OF_SCOPE - Packet is carrying IPs that are out of the network's scope (e.g., a packet with a private IP is trying to enter the external public network). DHCP_FORGED_MAC - The source MAC address of the DHCP packet sent to the DHCP server does not match the corresponding VIF MAC address of the source port. DHCP_IP_UNAVAILABLE - There is no DHCP client IP address available on the DHCP server. DHCP_IP_NOT_ALLOWED - The requested DHCP client IP address of the packet cannot be allocated from DHCP server. DHCP_INVALID_SERVER_IP_MAC - The DHCP packet is not destined to the DHCP server.	string	Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK, IP_OUT_OF_SCOPE, DHCP_FORGED_MAC, DHCP_IP_UNAVAILABLE, DHCP_IP_NOT_ALLOWED, DHCP_INVALID_SERVER_IP_MAC
resource_type	Must be set to the value PolicyTraceflowObservationDropped	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
segment_port_path	Path of segment port	string	Readonly
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
subnet_port_path	Path of subnet port	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

PolicyTraceflowObservationDroppedLogical (schema)

Name	Description	Type	Notes
acl_rule_id	The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule.	integer	Readonly
acl_rule_path	Access Control List Rule Path The path of the ACL rule that was applied to forward the traceflow packet	string	Readonly
arp_fail_reason	The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction	string	Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_id	The id of the component that dropped the traceflow packet.	string	Readonly
component_name	The name of the component that issued the observation.	string	Readonly
component_path	The path of the component that dropped the traceflow packet	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
interface_path	Path of interface	string	Readonly
ipsec_fail_reason	The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown	string	Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
jumpto_rule_id	The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule.	integer	Readonly
jumpto_rule_path	Jump-to Rule Path The path of the jump-to rule that was applied to the traceflow packet	string	Readonly
l2_rule_id	The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule.	integer	Readonly
l2_rule_path	L2 Rule Path The path of the l2 rule that was applied to the traceflow packet	string	Readonly
lport_id	The id of the logical port at which the traceflow packet was dropped	string	Readonly
lport_name	The name of the logical port at which the traceflow packet was dropped	string	Readonly
nat_rule_id	The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule.	integer	Readonly
nat_rule_path	Network Address Translation Rule Path The path of the NAT rule that was applied to forward the traceflow packet	string	Readonly
reason	The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. IP_OUT_OF_SCOPE - Packet is carrying IPs that are out of the network's scope (e.g., a packet with a private IP is trying to enter the external public network). DHCP_FORGED_MAC - The source MAC address of the DHCP packet sent to the DHCP server does not match the corresponding VIF MAC address of the source port. DHCP_IP_UNAVAILABLE - There is no DHCP client IP address available on the DHCP server. DHCP_IP_NOT_ALLOWED - The requested DHCP client IP address of the packet cannot be allocated from DHCP server. DHCP_INVALID_SERVER_IP_MAC - The DHCP packet is not destined to the DHCP server.	string	Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK, IP_OUT_OF_SCOPE, DHCP_FORGED_MAC, DHCP_IP_UNAVAILABLE, DHCP_IP_NOT_ALLOWED, DHCP_INVALID_SERVER_IP_MAC
resource_type	Must be set to the value PolicyTraceflowObservationDroppedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
segment_port_path	Path of segment port	string	Readonly
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
service_path_index	The index of service path The index of service path that is a chain of services represents the point where the traceflow packet was dropped.	integer	Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
subnet_port_path	Path of subnet port	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

PolicyTraceflowObservationForwardedLogical (schema)

Name	Description	Type	Notes
acl_rule_id	The id of the L3 firewall rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule.	integer	Readonly
acl_rule_path	Access Control List Rule Path The path of the ACL rule that was applied to forward the traceflow packet	string	Readonly
component_id	The id of the component that forwarded the traceflow packet.	string	Readonly
component_name	The name of the component that issued the observation.	string	Readonly
component_path	The path of the component that forwarded the traceflow packet	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
dst_component_id	The id of the destination component to which the traceflow packet was forwarded.	string	Readonly
dst_component_name	The name of the destination component to which the traceflow packet was forwarded.	string	Readonly
dst_component_path	The path of the destination component to which the traceflow packet was forwarded	string	Readonly
dst_component_type	The type of the destination component to which the traceflow packet was forwarded.	TraceflowComponentType	Readonly
interface_path	Path of interface	string	Readonly
ipsec_vpn	IPSec VPN on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded through IPSec VPN.	TraceflowObservationIpsecVpn	Readonly
ipsec_vpn_path	The related path of IPsec VPN through which the traceflow packet was forwarded	PolicyTraceflowObservationIpsecVpn	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
jumpto_rule_id	The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule.	integer	Readonly
jumpto_rule_path	Jump-to Rule Path The path of the jump-to rule that was applied to the traceflow packet	string	Readonly
l2_rule_id	The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule.	integer	Readonly
l2_rule_path	L2 Rule Path The path of the l2 rule that was applied to the traceflow packet	string	Readonly
lport_id	The id of the logical port through which the traceflow packet was forwarded.	string	Readonly
lport_name	The name of the logical port through which the traceflow packet was forwarded.	string	Readonly
nat_rule_id	The ID of the NAT rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a NAT rule.	integer	Readonly
nat_rule_path	Network Address Translation Rule Path The path of the NAT rule that was applied to forward the traceflow packet	string	Readonly
next_hop	Next hop IP address of matched routing entry This field is specified when the traceflow packet was routed by logical router.	IPAddress	Readonly
original_dst_ip	The original destination IP address of NAT	IPAddress	Readonly
original_src_ip	The original source IP address of NAT	IPAddress	Readonly
resend_type	The type of packet resending ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type	string	Readonly Enum: UNKNOWN, ARP_UNKNOWN_FROM_CP, ND_NS_UNKNWON_FROM_CP
resource_type	Must be set to the value PolicyTraceflowObservationForwardedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
route_prefix	Prefix of matched routing entry This field is specified when the traceflow packet was routed by logical router.	IPCIDRBlock	Readonly
segment_port_path	Path of segment port	string	Readonly
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
service_index	The index of the service insertion component	integer	Readonly
service_path_index	The path index of the service insertion component	integer	Readonly
service_ttl	The ttl of the service insertion component	integer	Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
spoofguard_ip	Prefix IP address matched in the whitelist in spoofguard This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard.	IPCIDRBlock	Readonly
spoofguard_mac	MAC address matched in the whitelist in spoofguard The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.	MACAddress	Readonly
spoofguard_vlan_id	VLAN id matched in the whitelist in spoofguard This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard.	VlanID	Readonly
subnet_port_path	Path of subnet port	string	Readonly
svc_nh_mac	MAC address of nexthop MAC address of nexthop for service insertion(SI) in service VM(SVM) where the traceflow packet was received.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
translated_dst_ip	The translated destination IP address of VNP/NAT	IPAddress	Readonly
translated_src_ip	The translated source IP address of VPN/NAT	IPAddress	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
vlan	VLAN for the logical network on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded by a VLAN logical network.	VlanID	Readonly
vni	VNI for the logical network on which the traceflow packet was forwarded. This field is specified when the traceflow packet was forwarded by an overlay logical network.	int	Readonly

PolicyTraceflowObservationIpsecVpn (schema)

The related policy path of IPsec VPN traceflow observations

Name	Description	Type	Notes
session_path	The path of the IPsec VPN session	string	Readonly
vti_path	The path of the virtual tunnel interface for Route-Based IPsec VPN	string	Readonly

PolicyTraceflowObservationReceivedLogical (schema)

Name	Description	Type	Notes
component_id	The id of the component that received the traceflow packet.	string	Readonly
component_name	The name of the component that issued the observation.	string	Readonly
component_path	The path of the component that received the traceflow packet	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
interface_path	Path of interface	string	Readonly
ipsec_vpn	IPSec VPN on which the traceflow packet was received. This field is specified when the traceflow packet was received on IPSec VPN.	TraceflowObservationIpsecVpn	Readonly
ipsec_vpn_path	The related path of IPsec VPN on which the traceflow packet was received	PolicyTraceflowObservationIpsecVpn	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
lport_id	The id of the logical port at which the traceflow packet was received	string	Readonly
lport_name	The name of the logical port at which the traceflow packet was received	string	Readonly
resource_type	Must be set to the value PolicyTraceflowObservationReceivedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
segment_port_path	Path of segment port	string	Readonly
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
src_component_id	The id of the source component from which the traceflow packet was received.	string	Readonly
src_component_name	The name of source component from which the traceflow packet was received.	string	Readonly
src_component_path	The path of the source component from which the traceflow packet was received	string	Readonly
src_component_type	The type of the source component from which the traceflow packet was received.	TraceflowComponentType	Readonly
subnet_port_path	Path of subnet port	string	Readonly
svc_mac	MAC address of SAN volume controller MAC address of SAN volume controller for service insertion(SI) in service VM(SVM) where the traceflow packet was received.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
vlan	VLAN for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by a VLAN logical network.	VlanID	Readonly
vni	VNI for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by an overlay logical network.	int	Readonly

PolicyTraceflowObservationRelayedLogical (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
dst_server_address	The IP address of the destination This field specified the IP address of the destination which the packet will be relayed.	IPAddress	Required Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
logical_comp_uuid	The id of the component which relay service located This field specified the logical component that relay service located.	string	Readonly
logical_component_path	The path of the component on which relay service located This field specifies the logical component that relay service located on.	string	Readonly
message_type	The type of the relay service This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client	string	Required Readonly Enum: REQUEST, REPLY Default: "REQUEST"
relay_server_address	The IP address of relay service This field specified the IP address of the relay service.	IPAddress	Required Readonly
resource_type	Must be set to the value PolicyTraceflowObservationRelayedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

PolicyTransitGatewayAlarm (schema)

List of policy vpc realization failures for transit gateways

List policy realization failures under the object

Name	Description	Type	Notes
attachments		PolicyTgwChildrenAlarm
realization_entities	Policy vpc subnet results	array of RealizationEntity	Required

PolicyTransportZone (schema)

Transport Zone

Transport Zone.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authorized_vlans	Authorized VLAN ids for this TransportZone This field lists vlan ids allowed on logical network entities, eg. Segments, bridges, etc. created under this transport zone. Can be empty, VLAN id or a range of VLAN ids specified with '-' in between. An empty list allows all vlan ids.	array of string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
forwarding_mode	Transport Zone Forwarding Mode Transport Zone Forwarding Mode, must be one of either IPV4_ONLY or IPV6_ONLY or IPV4_AND_IPV6. Default is IPV4_ONLY.	string	Enum: IPV4_ONLY, IPV6_ONLY, IPV4_AND_IPV6
id	Unique identifier of this resource	string	Sortable
is_default	Flag to indicate if the transport zone is the default one Flag to indicate if the transport zone is the default one. Only one transport zone can be the default one for a given transport zone type. This is allowed only when the system created default transport zone has the flag is_default set to true for a given transport zone type which is being requested.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nested_nsx	Flag to indicate if all transport nodes in this transport zone are connected through nested NSX. This flag should be set to true in nested NSX environment. When the "allow_changing_vdr_mac_in_use" property in the global config object RoutingGlobalConfig is false, this flag can not be changed if this transport zone is OVERLAY and the change will make any transport node in this transport zone to change the VDR MAC used in any host switch. When this flag is true and this transport zone is OVERLAY, all host switches in this transport zone will use the VDR MAC in the "vdr_mac_nested" property in the global config object RoutingGlobalConfig.	boolean	Default: "False"
nsx_id	Transport Zone UUID on NSX-T Enforcement Point UUID of transport zone on NSX-T enforcement point.	string	Readonly
origin_id	The host switch id generated by the system. This field is populated only if the transport zone was created by NSX system to support security on vSphere Distributed Switch (vDS). The origin_id will refer to the identifier of corresponding vDS from it's parent vCenter server.	string	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyTransportZone	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_profile_paths	Policy Transport Zone Profile paths Policy Transport Zone Profile paths	array of string
tz_type	Transport Zone Type Transport Zone Traffic type, must be one of either VLAN_BACKED or OVERLAY_BACKED. OVERLAY_STANDARD, OVERLAY_ENS and UNKNOWN are DEPRECATED. STANDARD, ENS and ENS_INTERRUPT are hostSwitch modes and same need to be given in HostTransportNode.HostSwitchSpec.	string	Required Enum: OVERLAY_STANDARD, OVERLAY_ENS, VLAN_BACKED, OVERLAY_BACKED, UNKNOWN
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
uplink_teaming_policy_names	Names of the switching uplink teaming policies that are supported by this transport zone. The names of switching uplink teaming policies that all transport nodes in this transport zone support. Uplinkin teaming policies are only valid for VLAN backed transport zones.	array of string

PolicyTransportZoneListRequestParameters (schema)

Policy Transport Zone List Request Parameters

Policy Transport Zone list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyTransportZoneListResult (schema)

Paged Collection of Transport Zone

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Transport Zone List Result Transport Zone list result.	array of PolicyTransportZone	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyTransportZoneProfile (schema)

Transport Zone Profile

Transport Zone Profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_config	Bfd Profile Options Bfd Health Monitoring Options	BfdHealthMonitoringConfig	Required
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyTransportZoneProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tz_profile_type	Policy Transport Zone Type Policy Transport Zone Type.	string	Required Enum: BFD
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyTransportZoneProfileListRequestParameters (schema)

Policy Transport Zone Profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PolicyTransportZoneProfileListResult (schema)

Paged collection of Policy Transport Zone Profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Policy Transport Zone profile list results	array of PolicyTransportZoneProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PolicyTunnelDigestAlgorithm (schema) (Deprecated)

Digest Algorithms used in tunnel establishment

The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.

Name	Description	Type	Notes
PolicyTunnelDigestAlgorithm	Digest Algorithms used in tunnel establishment The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.	string	Deprecated Enum: SHA1, SHA2_256, SHA2_384, SHA2_512

PolicyTunnelEncryptionAlgorithm (schema) (Deprecated)

Encryption algorithm used in tunnel

TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged
during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses
128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin
authentication.

Name	Description	Type	Notes
PolicyTunnelEncryptionAlgorithm	Encryption algorithm used in tunnel TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication.	string	Deprecated Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256

PolicyTunnelTepGroup (schema)

Name	Description	Type	Notes
tep_members		array of PolicyTepMember

PolicyUrlCategorizationConfig (schema)

URL categorization entity

The type contains information about the configuration of the feature for a
specific node. It contains information like the whether the feature is
activated/deactivated, the context profiles defining the category list to
detect.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enabled Property which specifies the activating/deactivating of the feature.	boolean	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyUrlCategorizationConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
update_frequency	Policy URL Categorization Update Frequency The frequency in minutes at which the updates are downloaded from the URL categorization cloud service. The minimum allowed value is 5 minutes.	int	Minimum: 5 Default: "30"
context_profiles	Context profiles The ids of the context profiles that provides the list of categories to be detected. This field is deprecated. URL Categorization will not be supported in association with context profiles.	array of string	Deprecated

PolicyVpcLogPortEipBinding (schema)

Represents LogSwitchPortEipBindingMsg for a given VPC in CCP

Represents LogSwitchPortEipBindingMsg data for a given VPC in CCP.

Name	Type	Notes
error	string	Readonly
external_ipv4	string	Readonly
internal_ipv4	string	Readonly
port_id	string	Required Readonly

PolicyVpcNatRule (schema)

Represents a NAT rule between source and destination for a given VPC

Represents a NAT rule between source and destination at for a given VPC.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Represents action of NAT Rule SNAT, DNAT, REFLEXIVE Source NAT(SNAT) - translates a source IP address into an outbound packet so that the packet appears to originate from a different network. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. Reflexive NAT(REFLEXIVE) - one-to-one mapping of source and destination IP addresses. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported.	string	Required Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_network	Represents the destination network This supports single IP address and it does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. In case of DNAT NATRule, destination network address should be IPv4 address allocated from External Block associated with VPC.	IPElementList
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Policy NAT Rule enabled flag The flag, which suggests whether the NAT rule is enabled or disabled. The default is True.	boolean	Default: "True"
firewall_match	Represents the firewall match flag It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned	string	Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS Default: "MATCH_INTERNAL_ADDRESS"
id	Unique identifier of this resource	string	Sortable
logging	Policy NAT Rule logging flag The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PolicyVpcNatRule	string
sequence_number	Sequence number of the Nat Rule The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023	int	Default: "0"
service_entry	Service Entry	NatServiceEntry
source_network	Represents the source network address This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network.	IPElementList
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
translated_network	Represents the translated network address This supports single IP address or comma separated list of single IP addresses or CIDR. If user specify the CIDR, this value is actually used as an IP pool that includes both the subnet and broadcast addresses as valid for NAT translations. This does not support IP range or IP sets. For SNAT, DNAT and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. In case of SNAT and Refelexive NATRule, translated network address should be single IPv4 address allocated from External Block associated with VPC.	IPElementList
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PolicyVpcRoutesRequestParameters (schema)

Routes request parameters for VPC operational APIs

Name	Description	Type	Notes
component_type	Define the DR routes. Component type define to take the route from CCP.	string	Enum: DR_ROUTES
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_id	UUID of edge node UUID of edge node. Edge should be member of enforcement point.	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.	string
host_id	UUID of host node UUID of host node. Host node should be member of enforcement point.	string
host_path	Policy path of host node Policy path of host node. Host node should be member of enforcement point.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
network_prefix	Network address filter parameter IPAddress or CIDR network address to filter entries in the table.	IPAddressOrCIDRBlock
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
route_source	Filter routes based on the source from which route is learned Filter routes based on the source from which route is learned.	string	Enum: BGP, STATIC, CONNECTED, OSPF
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PoolMemberAdminStateType (schema)

pool member admin state

User can set the admin state of a member to ENABLED or DISABLED or
GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED.
If a member is set to DISABLED, it is not selected for any new
connections. Active connections, however, will continue to be processed
by it. New connections with matching persistence entries pointing to
DISABLED members are not sent to those DISABLED members. Those connections
are assigned to other members of the pool and the corresponding persistence
entries are updated to point to the newly selected server.
To allow for a more graceful way of taking down servers for maintenance, a
routine task, another admin state GRACEFUL_DISABLED is supported. Existing
connections to a member in GRACEFUL_DISABLED state continue to be processed.

Name	Description	Type	Notes
PoolMemberAdminStateType	pool member admin state User can set the admin state of a member to ENABLED or DISABLED or GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED. If a member is set to DISABLED, it is not selected for any new connections. Active connections, however, will continue to be processed by it. New connections with matching persistence entries pointing to DISABLED members are not sent to those DISABLED members. Those connections are assigned to other members of the pool and the corresponding persistence entries are updated to point to the newly selected server. To allow for a more graceful way of taking down servers for maintenance, a routine task, another admin state GRACEFUL_DISABLED is supported. Existing connections to a member in GRACEFUL_DISABLED state continue to be processed.	string	Enum: ENABLED, DISABLED, GRACEFUL_DISABLED

PoolMemberSetting (schema)

Pool member setting

The setting is used to add, update or remove pool members from pool.
For static pool members, admin_state, display_name and weight can be
updated.
For dynamic pool members, only admin_state can be updated.

Name	Description	Type	Notes
admin_state	Member admin state	PoolMemberAdminStateType	Default: "ENABLED"
display_name	Pool member display name Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail.	string
ip_address	Pool member IP address	IPAddress	Required
port	Pool member port number	PortElement
weight	Pool member weight Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail.	integer	Minimum: 1 Maximum: 255

PortAddressBindingEntry (schema)

Address binding information

Detailed information about static address for the port.

Name	Description	Type
ip_address	IP address IP Address for port binding	string
mac_address	MAC address Mac address for port binding	MACAddress
vlan_id	VLAN ID VLAN ID for port binding	VlanID

PortAttacher (schema) (Deprecated)

VM or vmknic entity attached to LogicalPort

Name	Description	Type	Notes
entity	Reference to the attached entity This is a vmknic name if the attacher is vmknic. Otherwise, it is full path of the attached VM's config file	string	Required
host	TransportNode on which the attacher resides	string	Required

PortAttachment (schema)

Attachment information on the port

Detail information about port attachment

Name	Description	Type	Notes
allocate_addresses	Allocate addresses Indicate how IP will be allocated for the port. Enum BOTH references IP pool and MAC pool. Enum NONE is no allocation.	string	Enum: IP_POOL, MAC_POOL, BOTH, DHCP, DHCPV6, SLAAC, NONE
app_id	App Id ID used to identify/look up a child attachment behind a parent attachment	string
context_id	Context ID based on the type If type is CHILD and the parent port is on the same segment as the child port, then this field should be VIF ID of the parent port. If type is CHILD and the parent port is on a different segment, then this field should be policy path of the parent port. If type is INDEPENDENT/STATIC, then this field should be transport node ID.	string
context_type	Context Type Set to PARENT when type field is CHILD. Read only field.	string	Readonly Enum: PARENT
evpn_vlans	Evpn tenant VLAN IDs the Parent logical-port serves. List of Evpn tenant VLAN IDs the Parent logical-port serves in Evpn Route-Server mode. Only effective when attachment type is PARENT and the logical-port is attached to vRouter VM.	array of string	Minimum items: 0 Maximum items: 1000
hyperbus_mode	Hyperbus mode Flag to indicate if hyperbus configuration is required.	string	Enum: ENABLE, DISABLE Default: "DISABLE"
id	Port attachment ID VIF UUID on NSX Manager. If the attachement type is PARENT, this property is required.	string
traffic_tag	VLAN ID Not valid when type field is INDEPENDENT, mainly used to identify traffic from different ports in container use case.	VlanID
type	Attachement type Type of port attachment. PARENT type is automatically set if evpn_vlans or hyperbus_mode is configured. INDEPENDENT type is automatically set for ports that belong to Segment of type DVPortgroup. STATIC type is deprecated.	string	Enum: PARENT, CHILD, INDEPENDENT, STATIC

PortDiscoveryProfileBindingMap (schema)

Port Discovery Profile binding map

This entity will be used to establish association between discovery
profile and Port. Using this entity, user can specify intent for applying
discovery profile to particular Port. Port here is Logical Port.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_discovery_profile_path	IP Discovery Profile Path PolicyPath of associated IP Discovery Profile	string
mac_discovery_profile_path	Mac Discovery Profile Path PolicyPath of associated Mac Discovery Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PortDiscoveryProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PortDiscoveryProfileBindingMapListRequestParameters (schema)

Port Discovery Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PortDiscoveryProfileBindingMapListResult (schema)

Paged collection of Port Discovery Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Port Discovery Profile Binding Map list results	array of PortDiscoveryProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PortElement (schema)

A port or a port range

Examples- Single port "8080", Range of ports "8090-8095"

Name	Description	Type	Notes
PortElement	A port or a port range Examples- Single port "8080", Range of ports "8090-8095"	string	Format: port-or-range

PortMirrorFilter (schema)

Name	Description	Type	Notes
destination_ips	Destination IP used to filter packets Destination IP in the form of IPAddresses, used to match the destination IP of a packet. If not provided, no filtering by destination IPs is performed.	IPAddresses
destination_ports	Destination port or port range used to filter packets Destination port in the form of a port or port range, used to match the destination port of a packet. If not provided, no filtering by destination port is performed.	PortElement
protocol	The protocol used to filter packets. The transport protocols of TCP or UDP, used to match the transport protocol of a packet. If not provided, no filtering by IP protocols is performed.	string	Enum: TCP, UDP
source_ips	Source IP used to filter packets Source IP in the form of IPAddresses, used to match the source IP of a packet. If not provided, no filtering by source IPs is performed.	IPAddresses
source_ports	Source port or port range used to filter packets Source port in the form of a port or port range, used to match the source port of a packet. If not provided, no filtering by source port is performed.	PortElement

PortMirroringProfile (schema)

Mirrors Data from source to destination

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_group	Destination group path Data from source group will be copied to members of destination group. Only IPSET group and group with membership criteria VM is supported. IPSET group allows only three ip's.	string	Required
direction	Direction Port mirroring profile direction	string	Enum: INGRESS, EGRESS, BIDIRECTIONAL Default: "BIDIRECTIONAL"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
encapsulation_type	Mirror Destination encapsulation type User can provide Mirror Destination type e.g GRE, ERSPAN_TWO or ERSPAN_THREE.If profile type is REMOTE_L3_SPAN, encapsulation type is used else ignored.	string	Enum: GRE, ERSPAN_TWO, ERSPAN_THREE Default: "GRE"
erspan_id	ERSPAN session id Used by physical switch for the mirror traffic forwarding. Must be provided and only effective when encapsulation type is ERSPAN type II or type III.	int	Minimum: 0 Maximum: 1023 Default: "0"
filter_action	Action to include or exclude traffic for all filter in port_mirroring_filters If set to INCLUDE, packets matching all filters will be mirrored. If set to EXCLUDE, packets NOT matching any filters will be mirrored.	string	Enum: INCLUDE, EXCLUDE Default: "INCLUDE"
gre_key	GRE encapsulation key User-configurable 32-bit key only for GRE	int	Minimum: 0 Default: "0"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
port_mirroring_filters	Port mirroring filter An array of 5-tuples used to filter packets for the mirror session. If not provided, all the packets will be mirrored. This field is with filter_action which defines whether packets matching the filter will be included or excluded	array of PortMirrorFilter	Minimum items: 0 Maximum items: 1
profile_type	Allows user to select type of port mirroring session.	string	Enum: REMOTE_L3_SPAN, LOGICAL_SPAN Default: "REMOTE_L3_SPAN"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PortMirroringProfile	string
snap_length	Maximum packet length for packet truncation If this property is set, the packet will be truncated to the provided length. If this property is unset, entire packet will be mirrored.	int	Minimum: 60 Maximum: 65535
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_ip_stack	Mirror Destination encapsulation type User can provide Mirror stack or Default stack to send mirror traffic. If profile type is REMOTE_L3_SPAN, tcp_ip_stack type is used else ignored.	string	Enum: Default, Mirror Default: "Default"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PortMonitoringProfileBindingMap (schema)

Port Monitoring Profile binding map

This entity will be used to establish association between monitoring
profile and Port. Using this entity, user can specify intent for applying
monitoring profile to particular Port. Port here is Segment Port.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_l2_profile_path	IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
port_mirroring_profile_path	Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PortMonitoringProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PortQoSProfileBindingMap (schema)

Port QoS Profile binding map

This entity will be used to establish association between qos
profile and Port. Using this entity, you can specify intent for applying
qos profile to particular Port. Port here is Segment Port.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
qos_profile_path	QoS Profile Path PolicyPath of associated QoS Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PortQoSProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PortQoSProfileBindingMapListRequestParameters (schema)

Port QoS Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PortQoSProfileBindingMapListResult (schema)

Paged collection of Port QoS Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Port QoS Profile Binding Map list results	array of PortQoSProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PortRealTimeEthProfileBindingMap (schema)

Port Real Time Eth Profile binding map

This entity will be used to establish association between real time eth
profile and Port. Using this entity, you can specify intent for applying
real time eth profile to particular Port. Port here is Segment Port.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
real_time_eth_profile_path	Real Time Eth Profile Path PolicyPath of associated Real Time Eth Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PortRealTimeEthProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PortSecurityProfileBindingMap (schema)

Security profile binding map for port

Contains the binding relationship between port and security profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PortSecurityProfileBindingMap	string
segment_security_profile_path	Segment Security Profile Path The policy path of the asscociated Segment Security profile	string
spoofguard_profile_path	SpoofGuard Profile Path The policy path of the asscociated SpoofGuard profile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PortSecurityProfileBindingMapListRequestParameters (schema)

Port security profile binding map request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PortSecurityProfileBindingMapListResult (schema)

Paged collection of port security profile binding maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Port security profile binding map list results	array of PortSecurityProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PreReqCondition (schema)

Valid pre-req condition

Name	Description	Type	Notes
PreReqCondition	Valid pre-req condition	string	Enum: WAVE_FRONT, TSDB, TRACE

PreUpgradeHealthCheckInfo (schema)

ESX health perspective check information

Information about the ESX health perspective check.

Name	Description	Type	Notes
check	Check Identifier Identifier of the check.	string	Required Default: ""
description	PreUpgradeHealthCheck description Description of the check.	PreUpgradeHealthCheckMessage	Required
name	PreUpgradeHealthCheck name Name of the check.	PreUpgradeHealthCheckMessage	Required

PreUpgradeHealthCheckMessage (schema)

host health perspective localized message

Localized message object related to host health perspective.

Name	Description	Type	Notes
default_message	Default message The value of this localizable string or message template in the en_US (English) locale.	string	Required Default: ""
id	Identifier of Localizable String Unique identifier of the localizable string or message template.	string	Required Default: ""
localized	Localized string Localized string value as per request requirements.	string

PreUpgradeHealthCheckRequest (schema)

Health perspective check request

Name	Description	Type	Notes
entity-id	Entity Identifier Unique identifier of host moref.	string	Required
maintainance-mode-type	Type of maintenance mode Type of maintenance mode used for update operation	string	Enum: FULL, QUICK_PATCH, WCP Default: "FULL"
vcenter-uuid	vCenter uuid Instance uuid of vCenter. To get the instance id refer the instanceUuid field of https://<nsx-mgr>/api/v1/fabric/compute-managers API response.	string	Required

PreUpgradeHealthCheckStatus (schema)

ESX health perspective check status

Status of an host health perspective check.

Name	Description	Type	Notes
info	Check Information Status of the check.	PreUpgradeHealthCheckInfo	Required
issues	List of issues List of issues reported by the check.	array of PreUpgradeHealthCheckMessage	Required Default: "[]"
status	Status of check	string	Required Enum: OK, WAIT, NOT_OK
wait_duration	Wait duration Duration in milliseconds to wait before issuing status check again. This field is optional and is only populated when status is WAIT.	int	Readonly

PreUpgradeHostHealthCheckStatuses (schema)

host health perspective checks status list

Aggregated status list of performed host pre-upgrade checks.

Name	Description	Type	Notes
check_statuses	Check statuses List of pre check statuses.	array of PreUpgradeHealthCheckStatus	Required Default: "[]"
status	Aggregated status of all checks Aggregated status of all individual checks. It will be OK only when all executed checks return OK.	string	Required Readonly Enum: OK, WAIT, NOT_OK
wait_duration	Wait duration Duration in milliseconds to wait before issuing status check again. This field is optional and is only populated when status is WAIT.	int	Readonly

PrefixEntry (schema)

Network prefix entry

Name	Description	Type	Notes
action	Action for the prefix list Action for the prefix list.	string	Enum: PERMIT, DENY Default: "PERMIT"
ge	Prefix length greater than or equal to Prefix length greater than or equal to.	int	Minimum: 1 Maximum: 128
le	Prefix length less than or equal to Prefix length less than or equal to.	int	Minimum: 1 Maximum: 128
network	Network prefix in CIDR format Network prefix in CIDR format. "ANY" matches all networks.	string	Required

PrefixList (schema)

A named list of prefixes for routing purposes

A named list of prefixes for routing purposes.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
prefixes	Ordered list of network prefixes Specify ordered list of network prefixes.	array of PrefixEntry	Required Minimum items: 1
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value PrefixList	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PrefixListRequestParameters (schema)

PrefixList request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

PrefixListResult (schema)

Paged collection of PrefixLists

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	PrefixList results	array of PrefixList	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Principal (schema)

Name	Description	Type	Notes
attributes	Attribute list.	array of KeyValue	Required

PrincipalIdentity (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate_id	Id of the stored certificate Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_protected	Protection indicator Indicator whether the entities created by this principal should be protected.	boolean
name	Name Name of the principal.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
node_id	Unique node-id Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type	Must be set to the value PrincipalIdentity	string
roles_for_paths	Roles for Paths The roles that are associated with this PI, limiting them to a policy path like '/infra'. In case the path is '/', the roles apply everywhere.	array of RolesForPath
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
role	Role The roles that are associated with this PI.	string	Deprecated Pattern: "^[_a-z0-9-]+$"

PrincipalIdentityList (schema)

PrincipalIdentity query result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	PrincipalIdentity list.	array of PrincipalIdentity	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

PrincipalIdentityWithCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate_id	Id of the stored certificate Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required.	string
certificate_pem	PEM encoding of the new certificate PEM encoding of the new certificate.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_protected	Protection indicator Indicator whether the entities created by this principal should be protected.	boolean
name	Name Name of the principal.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
node_id	Unique node-id Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type	Must be set to the value PrincipalIdentityWithCertificate	string
roles_for_paths	Roles for Paths The roles that are associated with this PI, limiting them to a policy path like '/infra'. In case the path is '/', the roles apply everywhere.	array of RolesForPath
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
role	Role The roles that are associated with this PI.	string	Deprecated Pattern: "^[_a-z0-9-]+$"

ProfileBindingListRequestParameters (schema)

Profile binding map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ProfileBindingMap (schema)

Policy base profile binding map

This entity will be used to establish association between profile
and policy entities.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ProfileSeverity (schema)

Intrusion Detection System Profile severity

Name	Description	Type	Notes
ProfileSeverity	Intrusion Detection System Profile severity	string	Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS

ProfileSupportedAttributeTypesResult (schema)

Context Profile SupportedAttributes Types

Name	Description	Type	Notes
attribute_types	List of ProfileSupportedAttributes types	array of string	Readonly

ProfileSupportedAttributesListRequestParameters (schema)

Profile Attributes list request parameters.

Name	Description	Type	Notes
attribute_key	Fetch attributes and sub-attributes for the given attribute key It fetches attributes and subattributes for the given attribute key supported in the system which can be used for Policy Context Profile creation.	string
attribute_source	Source of the attribute, System Defined or custom It fetches attributes and sub attributes for the given attribute key based on the source of attribute which can be used for Policy Context Profile creation.	string	Enum: ALL, CUSTOM, SYSTEM Default: "SYSTEM"
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Profinet (schema)

PROFINET protocol settings

Name	Description	Type	Notes
dcp_multicast_address	List of MAC addresses used for PROFINET DCP protocol Discovery and Configuration Protocol (DCP) is part of PROFINET protocol suite and it is used to discover IO devices, identify device information and configure device setting such as device name and IP address. The default configuration will use a couple of multicast MACs - 01:0e:cf:00:00:00, 01:0e:cf:00:00:01 If non-empty set of MAC addresses are provided as input, then it will override these default multicast MACs.	array of MACAddress	Minimum items: 0 Maximum items: 25
enabled	Flag to turn on or off the protocol	boolean	Required
vlan_strip_keeps_priority	Flag indicating if the VLAN zero priority tagging is allowed PROFINET traffic generated by VM guest will have VLAN 0 with priority tag. The NSX datapath will then add or strip VLAN ID as per the Segment configuration. This boolean flag indicates if the priority tag should be retained across such add/strip operation.	boolean	Default: "False"

ProgressItem (schema)

Name	Description	Type	Notes
description	Item description	string	Required
name	Name of the item	string	Required
parts	Finer details, usually there is only one part	array of ProgressItemPart

ProgressItemPart (schema)

Name	Description	Type	Notes
description	Description of the process	string	Required
error	Error message, if ran into error	string
name	Name of the process	string	Required
percentage	0 - 100 of the task being completed	integer	Required
status	Status of this process	string	Required Enum: RUNNING, ERROR, COMPLETE

Project (schema)

Policy Project

Project is a construct that provides network isolation for all
its contents out of the box, where the compute and networking elements
within are isolated from other Projects. The Project will also be used to provide
hybridity across on-prem datacenters and the cloud, thus providing a means
of building private clouds with elements both on-prem and in the cloud.
The project can be created by users with Org Admin role and read access to Tier0s and Edge clusters.
Read access to Tier0s and Edge clusters can be achieved by either associating the user with another role with the required permissions (say Auditor),
or by sharing the Tier0s and Edge clusters with the Org before creating the project. The project can also be created by users with Enterprise Admin role
without explicit sharing of Tier0s and Edge clusters.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
activate_default_dfw_rules	Activate the default DFW rules for the Project By default, Project is created with default distributed firewall rules, this flag allows to deactivate those default rules . If not set, the default rules are enabled. The system will expect the API user to pass this flag as "false" when the system is not entitled to distributed firewall.	boolean
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
default	Flag to indicate that the project is a default project true - the project is a default project. Default projects are non-editable, system create ones.	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_ipv4_blocks	PolicyPath of public ip block IP block used for allocating CIDR blocks for public subnets. IP block can be consumed by all the VPCs under this project. CIDR that must be unique across Org/provider and will be auto advertised up to Org/Provider Tier0 gateway.	array of string
id	Unique identifier of this resource	string	Sortable
limits	PolicyPath of limits applied on the project Limits are used to add constraints within a project. This field lists the limits that are applied to a particular project by the enterprise admin.	array of string
log_labeled_external_resources		DedicatedResources
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Project	string
short_id	Identifier to use when displaying project context in logs Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set.	string	Maximum length: 8
site_infos	Collection of Site information Information related to sites applicable for given Project. For on-prem deployment, only 1 is allowed.	array of SiteInfo	Maximum items: 16
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tgw_external_connections	PolicyPaths of transit gateway connections. This represents the available transit gateway connection objects. Gateway connection and distributed VLAN connection object path will be allowed.	array of string
tier_0s	Array of Tier0s path associated with this Project. The tier0 path of type Tier0 has to be pre-created before Project is created. The tier0 typically provides connectivity to external world. List of sites for Project has to be subset of sites where the tier0 spans.	array of string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vc_folder	Flag to specify whether the DVPGs created for project segments are grouped under a folder on the VC.	boolean
dedicated_resources		DedicatedResources	Deprecated

ProjectIpAddressAllocation (schema)

Parameters for IP allocation

Allocation parameters for the IP address (e.g. specific IP
address) can be specified.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocation_ips	Allocated IP addresses The customer needs to pass allocation_ips or allocation_size. If allocation_size is used, the system will allocate IP addresses from unused IP addresses. Range or comma separated is not supported in Project IP allocation.	IPElement
allocation_size	Allocation IP address size The system will allocate IP addresses from unused IP addresses based on allocation size.	int	Minimum: 1 Maximum: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_block	IP block IP block path for project IP allocation.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ProjectIpAddressAllocation	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ProjectRouteFilter (schema)

Project route filter

Project route filter to control routes advertised from Project's Tier1 Gateway to Tier0 Gateway.
If project route filter configured for project then match_prefix_list must permit prefixes including public blocks for route advertisement from Tier1 gateway and VPC.
Project route filter can only be configured by Enterprise Admin in case of LM and Org Admin or EA in case of NSX+.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
match_prefix_list	Policy path to PrefixList Policy path to prefixList to filter routes advertised from Tier1 Gateway.	array of string	Required Maximum items: 2
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
projects_list	List of project paths Prefix list will be applied to all Tier-1s and VPCs under the specified list of project Paths. Project cannot be part of multiple route filter configurations.	array of string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ProjectRouteFilter	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

PropertyItem (schema)

LabelValue Property

Represents a label-value pair.

Name	Description	Type	Notes
condition	Expression for evaluating condition If the condition is met then the property will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.	string	Maximum length: 1024
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string
field	Field of the Property Represents field value of the property.	string	Required Maximum length: 1024
heading	If true, represents the field as a heading Set to true if the field is a heading. Default is false.	boolean	Default: "False"
label	Label of the property If a field represents a heading, then label is not needed	Label
label_value_separator	Labale value separator used between label and value Label value separator used between label and value. It can be any separator like ":" or "-".	string
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details. This will be linked with value of the property.	string	Maximum length: 1024
render_configuration	Render Configuration Render configuration to be applied, if any.	array of RenderConfiguration
rowspan	Vertical span Represent the vertical span of the widget / container	int	Minimum: 1
separator	A separator after this property If true, separates this property in a widget.	boolean	Default: "False"
span	Horizontal span Represent the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
style	A Style object applicable for the Property Item A style object applicable for the property item. It could be the any padding, margin style sheet applicable to the property item. A 'style' property is supported in case of layout 'AUTO' only.	object
type	field data type Data type of the field.	string	Required Enum: String, Number, Date, Url Maximum length: 255 Default: "String"

Protocol (schema)

This is an abstract type. Concrete child types:
HttpProtocol
HttpsProtocol
ScpProtocol
SftpProtocol

Name	Description	Type	Notes
name	Protocol name	string	Required Enum: http, https, scp, sftp

ProtocolVersion (schema)

HTTP protocol version

Name	Description	Type	Notes
enabled	Enable status for this protocol version	boolean	Required
name	Name of the TLS protocol version	string	Required

QoSBaseRateLimiter (schema)

A Limiter configuration entry that specifies type and metrics

This is an abstract type. Concrete child types:
EgressRateLimiter
IngressBroadcastRateLimiter
IngressRateLimiter

Name	Description	Type	Notes
enabled		boolean	Required
resource_type	Type rate limiter	string	Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter"

QoSDscp (schema)

One of QoS or Encapsulated-Remote-Switched-Port-Analyzer

Dscp value is ignored in case of 'TRUSTED' DscpTrustMode.

Name	Description	Type	Notes
mode		DscpTrustMode
priority	Internal Forwarding Priority	int	Minimum: 0 Maximum: 63 Default: "0"

QoSProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
class_of_service	Class of service Class of service groups similar types of traffic in the network and each type of traffic is treated as a class with its own level of service priority. The lower priority traffic is slowed down or in some cases dropped to provide better throughput for higher priority traffic. If the field is not provided during PUT / PATCH call, a default value is assigned.	int	Minimum: 0 Maximum: 7
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dscp		QoSDscp
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value QoSProfile	string
shaper_configurations	Array of Rate limiter configurations to applied on Segment or Port.	array of QoSBaseRateLimiter (Abstract type: pass one of the following concrete types) EgressRateLimiter IngressBroadcastRateLimiter IngressRateLimiter	Minimum items: 0 Maximum items: 3
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

QoSProfileBindingMap (schema)

Base QoS Profile Binding Map

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value QoSProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

QoSProfileListRequestParameters (schema)

QoS Profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

QoSProfileListResult (schema)

Paged collection of QoS profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	QoS profiles list results	array of QoSProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Quota (schema)

Base definition for quota

Any type of quota definition will extend from this base class
This is an abstract type. Concrete child types:
IpBlockQuota

Name	Description	Type	Notes
resource_type		string	Required Enum: IpBlockQuota

RAConfig (schema)

Name	Description	Type	Notes
hop_limit	Hop limit The maximum number of hops through which packets can pass before being discarded.	integer	Minimum: 0 Maximum: 255 Default: "64"
prefix_lifetime	Lifetime of prefix The time interval in seconds, in which the prefix is advertised as valid.	integer	Minimum: 0 Maximum: 4294967295 Default: "2592000"
prefix_preferred_time	Prefix preferred time The time interval in seconds, in which the prefix is advertised as preferred.	integer	Minimum: 0 Maximum: 4294967295 Default: "604800"
ra_interval	RA interval Interval between 2 Router advertisement in seconds.	integer	Minimum: 4 Maximum: 1800 Default: "600"
router_lifetime	Lifetime of router Router lifetime value in seconds. A value of 0 indicates the router is not a default router for the receiving end. Any other value in this field specifies the lifetime, in seconds, associated with this router as a default router.	integer	Minimum: 0 Maximum: 65520 Default: "1800"
router_preference	Router preference NDRA Router preference value with MEDIUM as default. If the router_lifetime is 0, the preference must be set to MEDIUM.	NDRAPreference	Default: "MEDIUM"

RAMode (schema)

Router Advertisement Mode

Router Advertisement Modes.
DISABLED - RA is disabled
SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration
SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration
DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations
SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations

Name	Description	Type	Notes
RAMode	Router Advertisement Mode Router Advertisement Modes. DISABLED - RA is disabled SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations	string	Enum: DISABLED, SLAAC_DNS_THROUGH_RA, SLAAC_DNS_THROUGH_DHCP, DHCP_ADDRESS_AND_DNS_THROUGH_DHCP, SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP

RaDNSConfig (schema)

Name	Description	Type	Notes
dns_server	DNS server DNS server.	array of IPv6Address	Maximum items: 8
dns_server_lifetime	Lifetime of DNS server in milliseconds	integer	Minimum: 0 Maximum: 4294967295 Default: "1800000"
domain_name	Domain name Domain name in RA message.	array of string	Maximum items: 8
domain_name_lifetime	Lifetime of Domain names in milliseconds	integer	Minimum: 0 Maximum: 4294967295 Default: "1800000"

RdPerEdgeEntry (schema)

Route Distinguisher per edge

Name	Description	Type
edge_display_name	display name of the edge	string
edge_path	edge path	string
rd	Route Distinguisher	string

RdPerEdgeMapping (schema)

Route Distinguisher per edge node

This object holds route distinguishers per edge.

Name	Description	Type	Notes
rd_per_edge_mapping	List of Route Distinguisher per edge	array of RdPerEdgeEntry

Reaction (schema)

Reaction

Reaction represents a programmable entity which encapsulates the events
and the actions in response to the events, or simply "If This Then That".

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
actions	Reaction Actions Actions that need to be taken when the events occur. These actions must appear in the order that they need to be taken in. This field can be interpreted as the HOW of the Reaction, or simply as "Then That".	array of Action (Abstract type: pass one of the following concrete types) PatchResources SetFields	Required Minimum items: 1 Maximum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
events	Reaction Events Events that provide contextual variables about what the reaction should react to. This field can be interpreted as the WHAT of the Reaction, or simply as "If This" Clause.	array of Event	Required Minimum items: 1 Maximum items: 1
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Reaction	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

RealTimeEthProfile (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
latency_measurement		LatencyMeasurement	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parallel_redundancy_prot		ParallelRedundancyProt	Required
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profinet		Profinet	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value RealTimeEthProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

RealTimeEthProfileBindingMap (schema)

Base Real Time Eth Profile Binding Map

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value RealTimeEthProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

RealizationEntity (schema)

Details of a realization entity, including Id, path and reason for failure, in case of a failure.

Name	Description	Type	Notes
entity_type	Entity type of the realization intent.	string
parent_path	Policy parent path of the resource.	string
path	Policy path of the object	string
realization_id	Realization id of this object	string
realized_entity_path	Path that is used to fetch the Realization details of the entity.	string
reason	Message containing error code, message ,status of the realization.	VpcStatusReason
status	Status of this object	string	Enum: SUCCESS, ERROR, UNINITIALIZED, IN_PROGRESS, UNKNOWN

RealizationFailure (schema)

Policy object that have failed to realize

Name	Description	Type	Notes
path	Path of the policy object Path of the policy object	string	Required Readonly
status	Last seen failure status of the policy object Last seen failure status of the policy object	string	Required Readonly
timestamp	Timestamp when the failure was last seen of the policy object Timestamp when the failure was last seen of the policy object	EpochMsTimestamp	Required Readonly

RealizationListRequestParameters (schema)

Realization list request params

List request params for the pass through type api that get data from the
Enforcement point. The basic requirement for these kind of APIs is
filtering by Enforcement point.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

RealizedStateRequestParameter (schema)

Binding between Intent and Enforcement Point Paths

Request parameter that represents a binding between an intent path and
enforcement point path. A request on the realized state can be parameterized
with this pair and will be evaluted as follows:
- {intent_path}: the request is evaluated on all enforcement points for
the given intent.
- {intent_path, enforcement_point_path}: the request is evaluated only on
the given enforcement point for the given intent.

Name	Description	Type	Notes
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F	string
intent_path	String Path of the intent object Intent path of object, forward slashes must be escaped using %2F	string	Required

RealizedVirtualMachine (schema) (Experimental)

Realized Virtual Machine

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alarms	Alarm info detail	array of PolicyAlarmResource
compute_ids	List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx']	array of string	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
host_id	Id of the host on which the vm exists.	string	Readonly
id	Unique identifier of this resource	string	Sortable
intent_reference	Desire state paths of this object	array of string
local_id_on_host	Id of the vm unique within the host.	string	Readonly
operational_status	String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive.	string
operational_status_error	String representation of operational status error It defines the root cause for operational status error.	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
power_state	Current power state of this virtual machine in the system.	string	Readonly Enum: VM_RUNNING, VM_STOPPED, VM_SUSPENDED, UNKNOWN
publish_status	String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive.	string
publish_status_error	String representation of publish status error It defines the root cause for publish status error.	string
publish_status_error_code	Represents error code for publish status. It defines error code for publish status error.	int
publish_status_error_details	Details for publich status error. Error details for publish status.	array of ConfigurationStateElement
publish_time	Publish time of the intent This is the time when our system detects that data has been pushed to the transport nodes. This is based on a poll mechanism and hence this is not the accurate time when the intent was published at the data path. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the publish_time will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for publish_time	EpochMsTimestamp	Readonly Sortable
realization_api	Realization API of this object on enforcement point	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
realization_specific_identifier	Realization id of this object	string
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value RealizedVirtualMachine	string
runtime_error	String representation of runtime error It define the root cause for runtime error.	string
state	Realization state of this object	string	Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
time_taken_for_realization	Appoximate time taken in milliseconds for end to end realization. This is an approximate time taken for the realization of the intent to the data path. The actual time taken could be lesser than what is reported here. The value of -1 indicates that either the publishing is still in progress or the runtime status is UNKNOWN and hence not available. The Runtime status can be UNKNOWN if one or more hosts are down and the rules could not be sent to those hosts. When the host comes up, the runtime status will change to SUCCESS but the time taken for realization will show the value of the last realization time. Any new configuration change after this will start reflecting the proper value for time_taken_for_realization	integer
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Deprecated Readonly
path	Absolute path of this object Absolute path of this object	string	Deprecated Readonly
runtime_status	String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive.	string	Deprecated

RealizedVirtualMachineListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of VMs	array of RealizedVirtualMachine
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RecommendedFeaturePermission (schema)

Recommended Feature Permission

Name	Description	Type	Notes
recommended_permissions	Permission	array of string	Required
src_features	List of source features	array of string	Required
target_feature	Feature	string	Required

RecommendedFeaturePermissionListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of RecommendedFeaturePermission	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RedirectionPolicy (schema)

Contains ordered list of rules and path to PolicyServiceInstance

Ordered list of rules long with the path of PolicyServiceInstance
to which the traffic needs to be redirected. |
Please note that the scope property must be provided for NS redirection |
policy if redirect to is a service chain. For NS, when redirect to is not |
to the service chain, and scope is specified on RedirectionPolicy, it |
will be ignored. The scope will be determined from redirect to path |
instead. For EW policy, scope must not be supplied in the request. |
Path to either Tier0 or Tier1 is allowed as the scope. Only 1 path |
can be specified as a scope. |
Also, note that, if stateful flag is not sent, it will be treated as true.
If statelessness is intended, false must be sent explicitly as the value |
for stateful field.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
north_south	Flag to denote whether it is north south policy This is the read only flag which will state the direction of this \| redirection policy. True denotes that it is NORTH-SOUTH and false \| value means it is an EAST-WEST redirection policy.	boolean	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
redirect_to	List of redirect to target paths Paths to which traffic will be redirected to. As of now, only 1 is \| supported. Paths allowed are \| 1. Policy Service Instance \| 2. Service Instance Endpoint \| 3. Virtual Endpoint \| 4. Policy Service Chain	array of string	Maximum items: 1
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value RedirectionPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	Redirection rules that are a part of this RedirectionPolicy Redirection rules that are a part of this RedirectionPolicy. At max, there can be 1000 rules in a given RedirectPolicy.	array of RedirectionRule	Maximum items: 1000
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

RedirectionRule (schema)

It define redirection rule for service insertion

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Action The action to be applied to all the services	string	Enum: REDIRECT, DO_NOT_REDIRECT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_groups	Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
destinations_excluded	Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups	boolean	Default: "False"
direction	Direction Define direction of traffic.	string	Enum: IN, OUT, IN_OUT Default: "IN_OUT"
disabled	Flag to deactivate the rule Flag to deactivate the rule. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_protocol	IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.	string	Enum: IPV4, IPV6, IPV4_IPV6
is_default	Default rule flag A flag to indicate whether rule is a default rule.	boolean	Readonly
logged	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
notes	Text for additional notes on changes User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.	string	Maximum length: 2048
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profiles	Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.	array of string	Maximum items: 128
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value RedirectionRule	string
rule_id	Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.	integer	Readonly
scope	The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.	array of string	Maximum items: 128
sequence_number	Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number	int	Minimum: 0
service_entries	Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Maximum items: 128
services	Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
source_groups	Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
sources_excluded	Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups	boolean	Default: "False"
tag	Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

RegTokenQuery (schema)

Registration token

Name	Description	Type	Notes
token	Registration token Get roles from registration token	string	Required

RegistrationToken (schema)

Appliance registration access token

Name	Description	Type	Notes
roles	List results	array of string	Required
token	Access token	string	Required
user	User delegated by token	string

RelatedApiError (schema)

Detailed information about a related API error

Name	Description	Type
details	Further details about the error	string
error_code	A numeric error code	integer
error_data	Additional data about the error	object
error_message	A description of the error	string
module_name	The module name where the error occurred	string

RelatedAttribute (schema)

Related attribute details.

Related attribute on the target resource for conditional constraints based
on related attribute value.
Example - destinationGroups/service/action is related attribute of
sourceGroups in communcation entry.

Name	Description	Type	Notes
attribute	Related attribute name on the target entity.	string	Required

RelatedAttributeConditionalExpression (schema)

Represents the leaf level type expression to express constraint as
value of realted attribute to the target. Uses
ConditionalValueConstraintExpression to constrain the target value
based on the related attribute value on the same resource.

Represents the leaf level type expression to express constraint as
value of realted attribute to the target.
Example - Constraint traget attribute 'X' (example in Constraint),
if destinationGroups contains 'vCeneter' then allow only values
"HTTPS", "HTTP" for attribute X.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix": "/infra/domains/{{DOMAIN}}/edge-communication-maps/default/communication-entries/"
},
"constraint_expression": {
"resource_type": "RelatedAttributeConditionalExpression",
"related_attribute":{
"attribute":"destinationGroups"
},
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"INCLUDES",
"values":["/infra/services/HTTP", "/infra/services/HTTPS"]
}
}
}
}

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Conditiona value constraint expression. Conditional value expression for target based on realted attribute value.	ConditionalValueConstraintExpression	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
related_attribute	Related attribute.	RelatedAttribute	Required
resource_type	Must be set to the value RelatedAttributeConditionalExpression	string	Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

RemainingSupportBundleNode (schema)

Name	Description	Type	Notes
node_display_name	Display name of node	string	Required Readonly
node_id	UUID of node	string	Required Readonly
node_ip	IPv4 address of node	string	Required Readonly
node_ipv6	IPv6 address of node	string	Required Readonly
status	Status of node	string	Required Readonly Enum: PENDING, PROCESSING

RemoteFileServer (schema)

Remote file server

Name	Description	Type	Notes
directory_path	Remote server directory to copy bundle files to	string	Required Pattern: "^\/[\w\-.\+~\/]+$"
port	Server port	integer	Minimum: 1 Maximum: 65535 Default: "22"
protocol	Protocol to use to copy file	FileTransferProtocol	Required
server	Remote server hostname or IP address	string	Required Format: hostname-or-ip

RemoteServerFingerprint (schema)

Remote server

Name	Description	Type	Notes
port	Server port	integer	Minimum: 1 Maximum: 65535 Default: "22"
server	Remote server hostname or IP address	string	Required Format: hostname-or-ip
ssh_fingerprint	SSH fingerprint of server	string	Required

RemoteServerFingerprintRequest (schema)

Remote server

Name	Description	Type	Notes
port	Server port	integer	Minimum: 1 Maximum: 65535 Default: "22"
server	Remote server hostname or IP address	string	Required Format: hostname-or-ip

RemoteSiteCompatibilityInfo (schema)

Name	Description	Type
is_compatible	are the 2 sites compatible	boolean
local_site	local site compatibility	SiteCompatibilityInfo
remote_site	remote site compatibility	SiteCompatibilityInfo

RemoteSiteCredential (schema)

Credential of remote site

Contains the information needed to communicate with another site.

Name	Description	Type	Notes
address	Address of the site (IPv4:port)	string	Required
password	Password of the site	string	Required
thumbprint	Sha256 thumbprint of API certificate of the remote site	string	Required
username	Username of the site	string	Required

RenderConfiguration (schema)

Render Configuration

Render configuration to be applied to the widget.

Name	Description	Type	Notes
color	Color of the entity The color to use when rendering an entity. For example, set color as 'RED' to render a portion of donut in red.	string
condition	Expression for evaluating condition If the condition is met then the rendering specified for the condition will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.	string	Maximum length: 1024
display_value	Overridden value to display, if any If specified, overrides the field value. This can be used to display a meaningful value in situations where field value is not available or not configured.	string	Maximum length: 255
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon	Minimum items: 0
tooltip	Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the UI element if the condition is met.	array of Tooltip	Minimum items: 0

ReorderRequest (schema)

Name	Description	Type	Notes
id	id of the upgrade unit group/upgrade unit before/after which the upgrade unit group/upgrade unit is to be placed	string	Required
is_before	flag indicating whether the upgrade unit group/upgrade unit is to be placed before or after the specified upgrade unit group/upgrade unit	boolean	Default: "True"

RepoSyncStatusReport (schema)

Name	Description	Type	Notes
failure_code	Error code for failure In case of repo sync related failure, the code for the error will be stored here.	integer
failure_message	Error message for failure In case if repo sync fails due to some issue, an error message will be stored here.	string
status	Repository Synchronization Status Status of the repo sync operation on the single nsx-manager	string	Required Enum: NOT_STARTED, IN_PROGRESS, FAILED, SUCCESS
status_message	Status message Describes the steps which repo sync operation is performing currently.	string

ResetIdsStatsRequestParameters (schema)

Reset Statistics Request Parameters

Request parameters that represents an enforcement point path and category.
A request on statistics can be parameterized with this enforcement point
path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.

Name	Description	Type	Notes
category	Aggregation statistic category Aggregation statistic category to perform reset operation. If not provided it will be considered as IDPSDFW.	string	Enum: IDPSDFW, IDPSEDGE Default: "IDPSDFW"
container_cluster_path	String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed.	string
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

ResetNodeUserOwnPasswordProperties (schema)

Name	Description	Type	Notes
old_password	The old password of the user If the old_password is not given, a 400 BAD REQUEST is returned with an error message.	string	Required
password	The new password for user	string	Required

ResetStatsRequestParameters (schema)

Reset Statistics Request Parameters

Name	Description	Type	Notes
category	Aggregation statistic category Aggregation statistic category to perform reset operation.	string	Required Enum: DFW, EDGE, BRIDGEFIREWALL
container_cluster_path	String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed.	string
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

Resource (schema)

Base class for resources

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly

ResourceFieldPointer (schema)

Resource Field Pointer

Resource Field Pointer representing the exact value within a policy object.

Name	Description	Type	Notes
field_pointer	Field Pointer Field Pointer referencing the exact field within the policy object.	string	Required
path	Resource Path Policy Path referencing a policy object. If not supplied, the field pointer will be applied to the event source.	string

ResourceInfo (schema)

Represents resources information

It represents the resource information which could identify resource.

Name	Description	Type	Notes
resource_ids	Resource identifiers It will represent resource identifiers. For example, policy objects will be represented with paths and virtual machine will be represented with external ids.	array of string	Required
resource_type	Resource type It will represent resource type on which tag bulk operation to be performed. Supported resource type is VirtualMachine.	string	Required

ResourceInfoListResult (schema)

Collection of resource info objects

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Resource info list results	array of PolicyFineTuningResourceInfo	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ResourceInfoSearchParameters (schema) (Experimental)

Represents search object that provides additional search capabilities

This object presents additional search capabilities over any API through free text query string. e.g. type="FirewallRuleDto".

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
type	Type query	string

ResourceLink (schema)

A link to a related resource

Name	Description	Type	Notes
action	Optional action	string	Readonly
href	Link to resource	string	Required Readonly
rel	Link relation type Custom relation type (follows RFC 5988 where appropriate definitions exist)	string	Required Readonly

ResourceObject (schema)

Policy resource object for sharing

A ResourceObject contains the path and properties of the resource that needs to be shared.

Name	Description	Type	Notes
include_children	Denotes if the children of the shared path are also shared Whether the children of the shared resource_path are shared (true) or just the entity represented by the path is shared (false). The default value is false.	boolean	Default: "False"
resource_path	Path of the resource to be shared Represents the path of the resource to be shared. The entity represented by this shared resources is shared with all the Orgs or Projects contexts that the Share container references.	string	Required

ResourceOperation (schema)

Resource Operation

Resource Operation is an Event Source that represents a resource that
is being changed at very specific points of time, with regard to
its interaction with dao layer.

Name	Description	Type	Notes
operation_types	Operation Types Operation types.	array of ResourceOperationType	Required Minimum items: 1
resource_pointer	Resource Pointer Regex path representing a regex expression on resources. This regex is used to identify the object(s) that is/are the source of the Event. For instance: specifying "Lb* \| /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question.	string	Required
resource_type	Must be set to the value ResourceOperation	string	Required Enum: ResourceOperation, ApiRequestBody

ResourceOperationType (schema)

Resource Operation Type

Resource Operation Type represents a change in state of a resource with
regard to the interaction with DAO layer:
POST_CREATE: post-create change event.
POST_UPDATE: post-update change event.
PRE_DELETE: pre-delete change event.

Name	Description	Type	Notes
ResourceOperationType	Resource Operation Type Resource Operation Type represents a change in state of a resource with regard to the interaction with DAO layer: POST_CREATE: post-create change event. POST_UPDATE: post-update change event. PRE_DELETE: pre-delete change event.	string	Enum: POST_CREATE, POST_UPDATE, PRE_DELETE

ResourceReference (schema)

A weak reference to an NSX resource.

Name	Description	Type	Notes
is_valid	Target validity Will be set to false if the referenced NSX resource has been deleted.	boolean	Readonly
target_display_name	Target display name Display name of the NSX resource.	string	Readonly Maximum length: 255
target_id	Target ID Identifier of the NSX resource.	string	Maximum length: 64
target_type	Target type Type of the NSX resource.	string	Maximum length: 255

ResourceSummaryDetail (schema)

Resource Summary Detail

Resource summary details represents list of resources for given resource
type with its total count.

Name	Description	Type	Notes
resource_count	Resource count Total resource count	integer	Required Readonly
resource_list	Resource List List of homogenous resources of resource type.	array of OnboardingAttribute	Readonly Maximum items: 100
resource_type	Policy Resource Type Policy resource entity type, for example: CommunicationMap, Group etc.	string	Required Readonly

ResourceTagStatus (schema)

Tag operation status for a resource

It represents tag operation status for a resource and details of the failure if any.

Name	Description	Type	Notes
details	Details about the error if any	string
resource_display_name	Resource display name	string
resource_id	Resource id	string	Required
tag_status	Status of tag apply or remove operation	string	Required Enum: Success, Error

ResourceTypeTagStatus (schema)

Tag operation status for particular resource type and resource ids.

Name	Description	Type	Notes
resource_tag_status	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceTagStatus
resource_type	Resource type	string	Required

RestoreStep (schema)

Restore step info

Name	Description	Type	Notes
description	Restore step description	string	Required Readonly
status		PerStepRestoreStatus
step_number	Restore step number	integer	Required Readonly
value	Restore step value	string	Required Readonly

RevisionedResource (schema)

A base class for types that track revisions

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly

Role (schema)

Role

Name	Description	Type	Notes
role	Role identifier Short identifier for the role. Must be all lower case with no spaces.	string	Required Pattern: "^[_a-z0-9-]+$"
role_display_name	Display name for role A short, human-friendly display name of the role.	string

RoleAssignmentPermissionConfig (schema)

Role Assignment Permission config.

Configuration that controls whether project admins and VPC admins can do role assignment to other users.

Name	Description	Type	Notes
allow_role_assignment	Specifies whether user with this role is allowed to assign roles to other users.	boolean

RoleBinding (schema)

User/Group's role binding

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
identity_source_id	ID of the external identity source The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP and OIDC servers are allowed.	string
identity_source_type	Identity source type	string	Enum: VIDM, LDAP, OIDC, CSP Default: "VIDM"
name	User/Group's name	string	Required Readonly
read_roles_for_paths	Read from roles_for_paths instead of roles Set this property to true to cause the user's role definition to be read from the roles_for_paths property. Set it to false to cause the user's role definition to be read from the roles property.	boolean
resource_type	Must be set to the value RoleBinding	string
roles_for_paths	Roles for Paths The roles that are associated with the user, limiting them to a path. In case the path is '/', the roles apply everywhere i.e. it is same as the deprecated property roles.	array of RolesForPath
stale	Stale in vIDM Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings	string	Readonly Enum: TRUE, FALSE, UNKNOWN
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
type	Type Indicates the type of the user. remote_user - This is a user which is external to NSX. remote_group - This is a group of users which is external to NSX. local_user - This is a user local to NSX. These are linux users. principal_identity - This is a principal identity user. remote - The the principal is remote but whether it is a user or group is not known. Currently this is applicable only to LDAP identity_source_type.	string	Required Readonly Enum: remote_user, remote_group, local_user, principal_identity, remote
user_id	Local user's numeric id Local user's numeric id on the system.	string	Readonly
roles	Roles	array of Role	Deprecated Readonly

RoleBindingListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of RoleBinding	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RoleBindingRequestParameters (schema)

Parameters to filter list of role bindings.

Pagination and Filtering parameters to get only a subset of users/groups.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
identity_source_id	Identity source ID If provided, only return role bindings for the given identity source. Currently only supported for LDAP and OIDC identity source types.	string
identity_source_type	Identity source type	string	Enum: VIDM, LDAP, OIDC
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
name	User/Group name	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
path	Exact path of the context	string
role	Role ID	string
root_path	Prefix path of the context	string
sort_ascending		boolean
sort_by	Field by which records are sorted	string
type	Type	string	Enum: remote_user, remote_group, local_user, principal_identity

RoleListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of Role	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RoleWithFeatures (schema)

Role

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
features	Features	array of FeaturePermission	Required
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value RoleWithFeatures	string
role	Role identifier Short identifier for the role. Must be all lower case with no spaces.	string	Required Readonly Pattern: "^[_a-z0-9-]+$"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

RoleWithFeaturesListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of RoleWithFeatures	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RolesForPath (schema)

Roles for path

The roles that are limited only to the path specified. In case the path is null, the roles apply everywhere.

Name	Description	Type	Notes
delete_path	Flag to delete the path in role-binding update operation. Flag to delete the path in role-binding update operation. If false then path will not be deleted while updating the role-binding. If true then path will be deleted while updating the role-binding. Please note: This flag will be used only in role-binding PUT api.	boolean	Default: "False"
path	Path Path of the entity in parent hierarchy.	string	Required
roles	Roles Applicable roles.	array of Role	Required

RolesListRequestParameters (schema)

Roles list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
scope	List only the roles which are applicable for this scope.	string	Enum: ROOT, ORG, PROJECT, VPC
sort_ascending		boolean
sort_by	Field by which records are sorted	string

RollbackRequest (schema)

Name	Description	Type	Notes
component_type	Component type	string	Required

RouteAdvertisementRule (schema)

Route advertisement rules and filtering

Name	Description	Type	Notes
action	Action to advertise routes Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement	string	Required Enum: PERMIT, DENY Default: "PERMIT"
name	Display name for rule Display name should be unique.	string	Required
prefix_operator	Prefix operator to match subnets Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured.	string	Enum: GE, EQ Default: "GE"
route_advertisement_types	Enable different types of route advertisements Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised.	array of Tier1RouteAdvertisentTypes
subnets	Network CIDRs Network CIDRs to be routed.	array of string

RouteAggregationEntry (schema)

List of routes to be aggregated

Name	Description	Type	Notes
prefix	CIDR of aggregate address CIDR of aggregate address	string	Required Format: ip-cidr-block
summary_only	Send only summarized route Send only summarized route. Summarization reduces number of routes advertised by representing multiple related routes with prefix property.	boolean	Default: "True"

RouteBasedIPSecVpnSession (schema)

Route based VPN session

A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
authentication_mode	Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication.	string	Enum: PSK, CERTIFICATE Default: "PSK"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
compliance_suite	Compliance suite Compliance suite.	string	Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE
connection_initiation_mode	Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request.	string	Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
dpd_profile_path	Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile.	string
enabled	Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
ike_profile_path	Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile.	string
local_endpoint_path	Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
peer_address	IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	IPAddress
peer_id	Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	string
psk	Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters.	secure_string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value RouteBasedIPSecVpnSession	IPSecVpnSessionResourceType	Required
site_overrides	SiteOverride list A collection of site specific attributes specificed only on GM	array of SiteOverride	Maximum items: 128
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_mss_clamping	TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value.	TcpMaximumSegmentSizeClamping
tunnel_interfaces	IP Tunnel interfaces IP Tunnel interfaces. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided.	array of IPSecVpnTunnelInterface	Minimum items: 1 Maximum items: 1
tunnel_profile_path	IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile.	string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
force_whitelisting	Flag to add default whitelisting Gateway Policy rule for the VTI interface. If true the default firewall rule Action is set to DROP, otherwise set to ALLOW. This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field.	boolean	Deprecated Default: "False"

RouteBasedL3VpnSession (schema) (Deprecated)

Route based L3Vpn Session

A Route Based L3Vpn is more flexible, more powerful and recommended over policy based.
IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over
tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using
redundant L3Vpn.

Name	Description	Type	Notes
default_rule_logging	Enable logging for whitelisted rule for the VTI interface Indicates if logging should be enabled for the default whitelisting rule for the VTI interface.	boolean	Default: "False"
force_whitelisting	Flag to add default whitelisting FW rule for the VTI interface. The default firewall rule Action is set to DROP if true otherwise set to ALLOW.	boolean	Default: "False"
resource_type	Must be set to the value RouteBasedL3VpnSession	L3VpnSessionResourceType	Required
tunnel_subnets	Virtual Tunnel Interface (VTI) IP subnets Virtual tunnel interface (VTI) port IP subnets to be used to configure route-based L3Vpn session. A max of one tunnel subnet is allowed.	array of TunnelSubnet	Required Minimum items: 1 Maximum items: 1
routing_config_path	Routing configuration policy path This is a deprecated field. Any specified value is not saved and will be ignored.	string	Deprecated

RouteDetails (schema)

BGP route details

BGP route details.

Name	Description	Type	Notes
as_path	AS path BGP AS path attribute.	string	Readonly
local_pref	Local preference BGP Local Preference attribute.	integer	Readonly
med	Multi Exit Discriminator BGP Multi Exit Discriminator attribute.	integer	Readonly
network	CIDR network address CIDR network address.	IPCIDRBlock	Required Readonly
next_hop	Next hop IP address Next hop IP address.	IPAddress	Readonly
weight	Weight BGP Weight attribute.	integer	Readonly

RouteMapEntry (schema)

Route map entry

Name	Description	Type	Notes
action	Action for the route map entry Action for the route map entry	string	Required Enum: PERMIT, DENY
community_list_matches	Community list match criteria Community list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry.	array of CommunityMatchCriteria
prefix_list_matches	Prefix list match criteria Prefix list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry.	array of string	Maximum items: 500
set	Set criteria for route map entry Set criteria for route map entry	RouteMapEntrySet

RouteMapEntrySet (schema)

Set criteria for route map entry

Name	Description	Type	Notes
as_path_prepend	AS path prepend to influence route selection AS path prepend to influence route selection.	string
community	Set BGP community Set BGP regular or large community for matching routes. A maximum of one value for each community type separated by space. Well-known community name, community value in aa:nn (2byte:2byte) format for regular community and community value in aa:bb:nn (4byte:4byte:4byte) format for large community are supported.	string
local_preference	Local preference to set for matching BGP routes Local preference indicates the degree of preference for one BGP route over other BGP routes. The path with highest local preference is preferred.	integer	Maximum: 4294967295 Default: "100"
med	Multi exit descriminator Multi exit descriminator (MED) is a hint to BGP neighbors about the preferred path into an autonomous system (AS) that has multiple entry points. A lower MED value is preferred over a higher value.	int	Minimum: 0 Maximum: 4294967295
prefer_global_v6_next_hop	Prefer global v6 next hop over local next hop For incoming and import route_maps on receiving both v6 global and v6 link-local address for the route, prefer to use the global address as the next hop. By default, it prefers the link-local next hop.	boolean
weight	Weight used to select certain path Weight is used to select a route when multiple routes are available to the same network. Route with the highest weight is preferred.	int	Minimum: 0 Maximum: 65535

RouterLinkRuntimeRequestParameters (schema)

Router link runtime status request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point. It is mandantory for router link interface statistics and ARP-table APIs.	string
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
tier1_path	Policy path of tier1 Policy path of tier1.	string	Required

RouterNexthop (schema)

Next hop configuration for network

Name	Description	Type	Notes
admin_distance	Cost associated with next hop route Cost associated with next hop route	int	Minimum: 1 Maximum: 255 Default: "1"
ip_address	Next hop gateway IP address Next hop gateway IP address	IPAddress
scope	Interface path associated with current route Interface path associated with current route. For example: specify a policy path referencing the IPSec VPN Session. Should not be provided while creating routes under VPC.	array of string	Minimum items: 1

RoutesPerTransportNode (schema)

Routes per transport node

BGP routes per transport node.

Name	Description	Type	Notes
routes	BGP neighbor route details Array of BGP neighbor route details for this transport node.	array of RouteDetails	Readonly
source_address	BGP neighbor source address BGP neighbor source address.	IPAddress	Readonly
transport_node_id	Transport node id	string	Required Readonly

RoutesRequestParameters (schema)

Routes request parameters

Name	Description	Type	Notes
component_type	Define the DR routes. Component type define to take the route from CCP.	string	Enum: DR_ROUTES
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
edge_id	UUID of edge node UUID of edge node. Edge should be member of enforcement point.	string
edge_path	Policy path of edge node Policy path of edge node. Edge should be member of enforcement point.	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
network_prefix	Network address filter parameter IPAddress or CIDR network address to filter entries in the table.	IPAddressOrCIDRBlock
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
route_source	Filter routes based on the source from which route is learned Filter routes based on the source from which route is learned.	string	Enum: BGP, STATIC, CONNECTED, OSPF
sort_ascending		boolean
sort_by	Field by which records are sorted	string

RoutingEntry (schema)

Routing table entry

Routing table entry.

Name	Description	Type	Notes
admin_distance	Admin distance Admin distance.	int	Readonly
black_hole	BlackHole Value of this field will be true if given routes are null routes	boolean	Readonly
interface	The policy path of the interface which is used as the next hop	string
lr_component_id	Logical router component(Service Router/Distributed Router) id	string
lr_component_type	Logical router component(Service Router/Distributed Router) type	string
network	Network CIDR Network CIDR.	string	Readonly
next_hop	Next hop address Next hop address.	IPAddress	Readonly
next_hop_gateway	Next hop gateway path	string
route_type	Route type (USER, CONNECTED, NSX_INTERNAL,..) Route type in routing table. t0c - Tier-0 Connected t0s - Tier-0 Static b - BGP t0n - Tier-0 NAT t1s - Tier-1 Static t1c - Tier-1 Connected t1n: Tier-1 NAT t1l: Tier-1 LB VIP t1ls: Tier-1 LB SNAT t1d: Tier-1 DNS FORWARDER t1ipsec: Tier-1 IPSec isr: Inter-SR	string	Readonly

RoutingTable (schema)

Routing table

Routing table.

Name	Description	Type	Notes
count	Entry count Entry count.	int	Readonly
edge_node	Edge node path Edge node path.	string	Readonly
error_message	Routing table fetch error. Routing table fetch error message, populated only if status if failure.	string	Readonly
route_entries	Route entries Route entries.	array of RoutingEntry	Required
status	Routing table fetch status. Routing table fetch status from Transport node.	string	Readonly Enum: SUCCESS, FAILURE, NOT_FOUND
transport_node_path	Transport node path Transport node path.	string	Readonly

RoutingTableListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of Routes per transport node ID Paged Collection of Routes per transport node ID.	array of RoutingTable
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RowListField (schema)

List of fields from which rows are formed

Root of the api result set for forming rows.

Name	Description	Type	Notes
alias	Alias Name Short name or alias of row list field, if any. If unspecified, the row list field can be referenced by its index in the array of row list fields as $ (for example, $0).	string	Maximum length: 255
path	JSON path JSON path to the root of the api result set for forming rows.	string	Required Maximum length: 1024

RpAddressMulticastRanges (schema)

Static IPv4 multicast address and assciated multicast group ranges

Static IPv4 multicast address and assciated multicast group ranges.

Name	Description	Type	Notes
multicast_ranges	Assciated multicast group ranges configuration Assciated multicast group ranges configuration.	array of IPCIDRBlock
rp_address	Static IPv4 multicast address configuration Static IPv4 multicast address configuration.	IPAddress	Required

Rule (schema)

A rule specifies the security policy rule between the workload groups

A rule indicates the action to be performed for various types of traffic flowing between workload groups.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Action The action to be applied to all the services The JUMP_TO_APPLICATION action is only supported for rules created in the Environment category. Once a match is hit then the rule processing will jump to the rules present in the Application category, skipping all further rules in the Environment category. If no rules match in the Application category then the default application rule will be hit. This is applicable only for DFW.	string	Enum: ALLOW, DROP, REJECT, JUMP_TO_APPLICATION
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_groups	Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
destinations_excluded	Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups	boolean	Default: "False"
direction	Direction Define direction of traffic.	string	Enum: IN, OUT, IN_OUT Default: "IN_OUT"
disabled	Flag to deactivate the rule Flag to deactivate the rule. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_protocol	IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.	string	Enum: IPV4, IPV6, IPV4_IPV6
is_default	Default rule flag A flag to indicate whether rule is a default rule.	boolean	Readonly
logged	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
notes	Text for additional notes on changes User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.	string	Maximum length: 2048
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profiles	Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.	array of string	Maximum items: 128
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Rule	string
rule_id	Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.	integer	Readonly
scope	The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.	array of string	Maximum items: 128
sequence_number	Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number	int	Minimum: 0
service_entries	Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Maximum items: 128
services	Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
source_groups	Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
sources_excluded	Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups	boolean	Default: "False"
tag	Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

RuleInsertParameters (schema)

Parameters to tell where rule needs to be placed

Parameters to let the admin specify a relative position of a rule w.r.t to
another one in the same security policy. If the rule specified in the
anchor_path belongs to another security policy an error will be thrown.

Name	Description	Type	Notes
anchor_path	The security policy/rule path if operation is 'insert_after' or 'insert_before'	string
operation	Operation	string	Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top"

RuleListRequestParameters (schema)

Rule list request parameters

By default, if sort_by is missing, then rules will be sorted based on
sequence_number and then on rule_id as second level sorting criteria.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

RuleListResult (schema)

Paged Collection of Rules

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Rule list results	array of Rule	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RuleStatistics (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
byte_count	Bytes count Aggregated number of bytes processed by the rule.	integer	Readonly
hit_count	Hits count Aggregated number of hits received by the rule.	integer	Readonly
internal_rule_id	NSX internal rule id Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created.	string	Readonly
l7_accept_count	L7 Accept count Aggregated number of L7 Profile Accepted counters received by the rule.	integer	Readonly
l7_reject_count	L7 Reject count Aggregated number of L7 Profile Rejected counters received by the rule.	integer	Readonly
l7_reject_with_response_count	L7 Reject with response count Aggregated number of L7 Profile Rejected with Response counters received by the rule.	integer	Readonly
lr_path	Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Edge FW.	string	Readonly
max_popularity_index	The maximum popularity index Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.	integer	Readonly
max_session_count	Maximum Sessions count Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.	integer	Readonly
packet_count	Packets count Aggregated number of packets processed by the rule.	integer	Readonly
popularity_index	The index of the popularity of rule This is calculated by sessions count divided by age of the rule.	integer	Readonly
rule	Rule path Path of the rule.	string	Readonly
segment_path	Segment path Path of the Segment on which the section is applied in case of Bridge Firewall.	string	Readonly
session_count	sessions count Aggregated number of sessions processed by the rule.	integer	Readonly
total_session_count	Total Sessions count Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API.	integer	Readonly

RuleStatisticsForEnforcementPoint (schema)

Rule statistics for an enforcement point

Rule statistics for a specfic enforcement point.

Name	Description	Type	Notes
container_cluster_path	Cluster container path Rule statistics for a single container cluster	string	Readonly
enforcement_point	Enforcement point path Rule statistics for a single enforcement point	string	Readonly
statistics	Rule Statistics Statistics for the specified enforcement point	RuleStatistics	Readonly

RuleStatisticsListResult (schema)

Paged Collection of rule statistics

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	RuleStatistics list results	array of RuleStatisticsForEnforcementPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

RuntimeState (schema)

Runtime State

Runtime State.

Name	Description	Type	Notes
RuntimeState	Runtime State Runtime State.	string	Enum: UNINITIALIZED, UNKNOWN, UP, DOWN, DEGRADED, SUCCESS, FAILURE, IN_PROGRESS

SamlTokenLoginCredential (schema)

A login credential specifying saml token

Details of saml token based credential to login to server.

Name	Description	Type	Notes
credential_type	Must be set to the value SamlTokenLoginCredential	string	Required
thumbprint	Thumbprint of the server Thumbprint of the server.	string
token	The saml token to login to server The saml token to login to server.	secure_string

SanEntryDns (schema)

An IA5String instance for DNS Name

DNS name string in the "preferred name syntax", as specified by
Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].
This allows wild card DNS entry that begins with "*." as well.

Name	Description	Type	Notes
SanEntryDns	An IA5String instance for DNS Name DNS name string in the "preferred name syntax", as specified by Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123]. This allows wild card DNS entry that begins with "*." as well.	string	Maximum length: 253 Format: san-entry-dns

ScimSearchListResult (schema)

SCIM search list result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Search results	array of ScimSearchResult	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ScimSearchRequestParameters (schema)

SCIM search request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
search_string	Search filter Search for users and groups whose name or login ID begins with the given string. If the string contains any special characters such as ' ' or '/', they must be escaped by replacing the special character with '%XX', where XX is a two-digit hexadecimal number.	string	Required
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ScimSearchResult (schema)

SCIM search result

One user or group entry in a list of SCIM search results

Name	Description	Type	Notes
display_name	User's Full Name Or User Group's Display Name	string	Required Readonly
domain	Domain name information	string	Required Readonly
name	User name or group name The unique name of the user or group.	string	Required Readonly
type	Type	string	Required Readonly Enum: remote_user, remote_group

ScpProtocol (schema)

Name	Description	Type	Notes
authentication_scheme	Scheme to authenticate if required	PasswordAuthenticationScheme	Required
host_key_algorithms	Host key algorithms Supported host key algorithms for SSH/SFTP connection. Algorithms are preferred in the order they are specified in list.	array of HostKeyAlgorithms	Minimum items: 1 Default: "['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521']"
name	Must be set to the value ScpProtocol	string	Required Enum: http, https, scp, sftp
ssh_fingerprint	SSH fingerprint of server	string	Required

SearchQueryRequest (schema)

SearchQueryRequest

Search query request.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
query	Search query The syntax of query is described in Search API documentation.	string	Required
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SearchResponse (schema)

SearchResponse

Search response

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Search results List of records matching the search query.	array of object	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SecurityFeature (schema)

T1 Security feature entity with feature details

Name	Description	Type	Notes
enable	Flag to activate/deactivate true - activate the feature, false - deactivate the feture	boolean	Required Default: "False"
feature		SecurityFeaturesSupported	Required

SecurityFeatureBase (schema)

Security Feature feature entity

Name	Description	Type	Notes
enable	Flag to activate/deactivate true - activate the feature, false - deactivate the feture	boolean	Required Default: "False"

SecurityFeatureParameters (schema)

T1 Security Feature parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
feature		SecurityFeaturesSupported
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SecurityFeatures (schema)

T1 Security features entity with feature details

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
features		array of SecurityFeature	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SecurityFeatures	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SecurityFeaturesSupported (schema)

Collection of T1 supported security features

Feature to be activated/deactivated.
IDPS - Intrusion Detection System
TLS - Transport Layer Security Inspection
MALWAREPREVENTION - Malware Prevention
GFW_MULTICAST - Multicast on GFW
GEOIP_MONITORING - Geo IP Monitoring
Use any one of this to enable/disabe it.

Name	Description	Type	Notes
SecurityFeaturesSupported	Collection of T1 supported security features Feature to be activated/deactivated. IDPS - Intrusion Detection System TLS - Transport Layer Security Inspection MALWAREPREVENTION - Malware Prevention GFW_MULTICAST - Multicast on GFW GEOIP_MONITORING - Geo IP Monitoring Use any one of this to enable/disabe it.	string	Readonly Enum: MALWAREPREVENTION, IDFW, IDPS, TLS, GEOIP_MONITORING

SecurityPolicy (schema)

Contains ordered list of Rules

Ordered list of Rules.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
application_connectivity_strategy	List of Application Connectivity strategy for this SecurityPolicy This field indicates the application connectivity policy for the security policy.	array of ApplicationConnectivityStrategy	Maximum items: 3
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildRule
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
connectivity_preference	Connectivity preference applicable for this SecurityPolicy This field indicates the default connectivity policy for the security policy. Based on the connectivity preference, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity preference. If NONE is selected or no connectivity preference is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_preference without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. ALLOWLIST - Adds a default drop rule. Administrator can then use "allow" rules to allow traffic between groups DENYLIST - Adds a default allow rule. Admin can then use "drop" rules to block traffic between groups ALLOWLIST_ENABLE_LOGGING - Allowlisting with logging enabled DENYLIST_ENABLE_LOGGING - Denylisting with logging enabled NONE - No default rule is created.	string	Enum: ALLOWLIST, DENYLIST, ALLOWLIST_ENABLE_LOGGING, DENYLIST_ENABLE_LOGGING, NONE
default_rule_id	Default rule ID associated with the connectivity_preference Based on the value of the connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule.	integer	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SecurityPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	Rules that are a part of this SecurityPolicy	array of Rule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
connectivity_strategy	Connectivity strategy applicable for this SecurityPolicy This field indicates the default connectivity policy for the security policy. Based on the connectivity strategy, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity strategy. If NONE is selected or no connectivity strategy is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_strategy without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. This property is deprecated. Use the type connectivity_preference instead. WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rule is created.	string	Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE
logging_enabled	Enable logging flag This property is deprecated. Flag to enable logging for all the rules in the security policy. If the value is true then logging will be enabled for all the rules in the security policy. If the value is false, then the rule level logging value will be honored.	boolean	Deprecated Default: "False"

SecurityPolicyInsertParameters (schema)

Parameters to tell where security policy needs to be placed

Parameters to let the admin specify a relative position of a security
policy w.r.t to another one.

Name	Description	Type	Notes
anchor_path	The security policy/rule path if operation is 'insert_after' or 'insert_before'	string
operation	Operation	string	Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top"

SecurityPolicyListRequestParameters (schema)

SecurityPolicy list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
include_rule_count	Include the count of rules in policy If true, populate the rule_count field with the count of rules in the particular policy. By default, rule_count will not be populated.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SecurityPolicyListResult (schema)

Paged Collection of security policies

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	SecurityPolicy list results	array of SecurityPolicy	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SecurityPolicyStatistics (schema)

Security policy statistics

Aggregate statistics of all the rules in a security policy.

Name	Description	Type	Notes
internal_section_id	NSX internal section id Realized id of the section on NSX MP. Policy Manager can create more than one section per SecurityPolicy, in which case this identifier helps to distinguish between the multiple sections created.	string	Readonly
lr_path	Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Gateway Firewall.	string	Readonly
result_count	Rule stats count Total count for rule statistics	integer	Required Readonly
results	Statistics for all rules List of rule statistics.	array of RuleStatistics	Readonly Maximum items: 1000
segment_path	Segment path Path of the Segment on which the section is applied in case of Bridge Firewall.	string	Readonly

SecurityPolicyStatisticsForEnforcementPoint (schema)

Security policy statistics for an enforcement point

Aggregate statistics of all the rules in a security policy for a specific
enforcement point.

Name	Description	Type	Notes
container_cluster_path	Cluster container path Security Policy statistics for a single container cluster	string	Readonly
enforcement_point	Enforcement point path Enforcement point to fetch the statistics from.	string	Readonly
statistics	Security Policy Statistics Statistics for the specified enforcement point	SecurityPolicyStatistics	Readonly

SecurityPolicyStatisticsListResult (schema)

Paged Collection of Security Policy statistics

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Security Policy statistics list results	array of SecurityPolicyStatisticsForEnforcementPoint	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SecurityProfileBindingMap (schema)

Base security profile binding map

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SecurityProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Segment (schema)

Segment configuration

Segment configuration to attach workloads.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
admin_state	Represents Desired state of the Segment Admin state represents desired state of segment. It does not reflect the state of other logical entities connected/attached to the segment.	string	Enum: UP, DOWN Default: "UP"
advanced_config	Advanced configuration for Segment Advanced configuration for Segment.	SegmentAdvancedConfig
bridge_profiles	Bridge Profile Configuration Multiple distinct L2 bridge profiles can be configured.	array of BridgeProfileConfig
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDhcpStaticBindingConfig ChildSegmentDiscoveryProfileBindingMap ChildSegmentPort ChildSegmentQoSProfileBindingMap ChildSegmentRealTimeEthProfileBindingMap ChildSegmentSecurityProfileBindingMap ChildStaticARPConfig
connectivity_path	Policy path to the connecting Tier-0 or Tier-1 Policy path to the connecting Tier-0 or Tier-1. Valid only for segments created under Infra. This field can only be used for overlay segments. VLAN backed segments cannot have connectivity path set.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_config_path	Policy path to DHCP configuration Policy path to DHCP server or relay configuration to use for all IPv4 & IPv6 subnets configured on this segment.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
domain_name	DNS domain name	string
evpn_segment	Evpn Segment Flag. Flag to indicate if the Segment is a Child-Segment of type EVPN.	boolean	Readonly
evpn_tenant_config_path	Policy path to the EvpnTenantConfig Policy path to the EvpnTenantConfig resource. Supported only for Route-Server Evpn Mode. Supported only for Overlay Segments. This will be populated for both Parent and Child segments participating in Evpn Route-Server Mode.	string
extra_configs	Extra configs on Segment This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by segment ports in the Segment.	array of SegmentExtraConfig
federation_config	Federation releated config Additional config for federation.	FederationConnectivityConfig	Readonly
id	Unique identifier of this resource	string	Sortable
l2_extension	Configuration for extending Segment through L2 VPN	L2Extension
mac_pool_id	Allocation mac pool associated with the Segment Mac pool id that associated with a Segment.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
metadata_proxy_paths	Metadata Proxy Configuration Paths Policy path to metadata proxy configuration. Multiple distinct MD proxies can be configured.	array of string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overlay_id	Overlay connectivity ID for this Segment Used for overlay connectivity of segments. The overlay_id should be allocated from the pool as definied by enforcement-point. If not provided, it is auto-allocated from the default pool on the enforcement-point.	int	Minimum: 0 Maximum: 2147483647
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
replication_mode	Replication mode of the Segment If this field is not set for overlay segment, then the default of MTEP will be used.	string	Enum: MTEP, SOURCE Default: "MTEP"
resource_type	Must be set to the value Segment	string
subnets	Subnet configuration. Max 1 subnet	array of SegmentSubnet
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path to the transport zone Policy path to the transport zone. Supported for VLAN backed segments as well as Overlay Segments. - This field is required for VLAN backed Segments. - For overlay Segments, it is auto assigned if only one transport zone exists in the enforcement point. Default transport zone is auto assigned for overlay segments if none specified.	string
type	Segment type Segment type based on configuration.	string	Readonly Enum: ROUTED, EXTENDED, ROUTED_AND_EXTENDED, DISCONNECTED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlan_ids	VLAN ids for VLAN backed Segment VLAN ids for a VLAN backed Segment. Can be a VLAN id or a range of VLAN ids specified with '-' in between.	array of string
address_bindings	Address bindings for the Segment Static address binding used for the Segment. This field is deprecated and will be removed in a future release. Please use address_bindings in SegmentPort to configure static bindings.	array of PortAddressBindingEntry	Deprecated Maximum items: 512
ls_id	Pre-created logical switch id for Segment This property is deprecated. The property will continue to work as expected for existing segments. The segments that are newly created with ls_id will be ignored. Sepcify pre-creted logical switch id for Segment.	string	Deprecated

SegmentAdvancedConfig (schema)

Advanced configuration for Segment

Name	Description	Type	Notes
address_pool_paths	Policy path to IP address pools Policy path to IP address pools.	array of string	Maximum items: 1
connectivity	Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity.	string	Enum: ON, OFF Default: "ON"
hybrid	Flag to identify a hybrid logical switch When set to true, all the ports created on this segment will behave in a hybrid fashion. The hybrid port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This property is only applicable for segment created with transport zone type OVERLAY_STANDARD. This property cannot be modified after segment is created.	boolean	Default: "False"
inter_router	Flag to indicate if the logical switch will provide inter-router connectivity When set to true, any port attached to this logical switch will not be visible through VC/ESX UI	boolean	Default: "False"
local_egress	Flag to enable local egress This property is used to enable proximity routing with local egress. When set to true, logical router interface (downlink) connecting Segment to Tier0/Tier1 gateway is configured with prefix-length 32.	boolean	Default: "False"
local_egress_routing_policies	Local egress routing policies An ordered list of routing policies to forward traffic to the next hop.	array of LocalEgressRoutingEntry	Minimum items: 1
multicast	Enable multicast on the downlink Enable multicast on the downlink LRP created to connect the segment to Tier0/Tier1 gateway.	boolean
ndra_profile_path	Policy path of Neighbor Discovery Router Advertisement profile This profile is applie dto the downlink logical router port created while attaching this semgnet to tier-0 or tier-1. If this field is empty, NDRA profile of the router is applied to the newly created port.	string
node_local_switch	Prevent BUM (broadcast, unknown-unicast and multicast) traffic from reaching the other spanned edges A behaviour required for Firewall As A Service (FaaS) where the segment BUM traffic is confined within the edge node that this segment belongs to.	boolean
origin_id	ID of the discovered Segment representing a network managed by non-NSX entity. ID populated by NSX when NSX on DVPG is used to indicate the source DVPG. Currently, only DVPortgroups are identified as Discovered Segments. The origin_id is the identifier of DVPortgroup from the source vCenter server.	string
origin_type	The DVPortgroup origin type The type of source from where the DVPortgroup is discovered	string	Enum: VCENTER
uplink_teaming_policy_name	Uplink Teaming Policy Name The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. See transport_zone_path property above for more details. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP.	string
urpf_mode	Unicast Reverse Path Forwarding mode This URPF mode is applied to the downlink logical router port created while attaching this segment to tier-0 or tier-1.	string	Enum: NONE, STRICT Default: "STRICT"

SegmentConfigurationState (schema)

Segment state on specific Enforcement Point

Segment state on specific Enforcement Point. The details section
in SegmentConfigurationState contains the list of out of sync hosts
which are present in the transport zone that is associated with the
segment. Out of Sync hosts are the host transport nodes which are
not fully synced.

Name	Description	Type	Notes
details	Array of configuration state of various sub systems	array of ConfigurationStateElement	Readonly
failure_code	Error code	integer	Readonly
failure_message	Error message in case of failure	string	Readonly
segment_path	Segment path	string	Readonly
state	Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated.	string	Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, VC_VCP_ACTION_PENDING, VC_VCP_ACTION_FAILED, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE, ADVANCED_CONFIG_EDIT_PENDING, DUPLICATE_VLANS_SHARING_SAME_PNIC, MULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, REDEPLOY_ACTIVITY_FAILED, REDEPLOY_ACTIVITY_IN_PROGRESS, REDEPLOY_ACTIVITY_SCHEDULED, REDEPLOY_ACTIVITY_SUCCESSFUL, REPLACE_ACTIVITY_FAILED, REPLACE_ACTIVITY_IN_PROGRESS, REPLACE_ACTIVITY_SCHEDULED, REPLACE_ACTIVITY_SUCCESSFUL, REPLACED_RPC_CLIENT_OF_TN, RETRYING_REPLACE, UNABLE_TO_DELETE_EDGE_NODE_VM_INTERNAL_ERROR, VM_REDEPLOY_FAILED, VM_RESOURCE_RESERVATION_EDIT_PENDING, REDEPLOYED_VM_REGISTRATION_PENDING

SegmentConfigurationStateListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of Segment State on specific Enforcement Point Paged Collection of Segment State on specific Enforcement Point	array of SegmentConfigurationState
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentConnectionBindingMap (schema)

Vendor specific configuration on Segment for Kubernetes workloads with Antrea

Segment with this binding map indicates the connection between this segment and another one
to enable advances in IPAM, Routing, and NAT for Kubernetes workloads with Antrea

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentConnectionBindingMap	string
segment_path	Policy path to the segment Path of the segment where the host VM is connected.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlan_traffic_tag	VLAN id indicates which connected segment the package should be forwarded VLAN ID used to identify traffic between the segment connected to the containers and segment where the host VM is connected.	VlanID	Required

SegmentCrossSiteTrafficStats (schema)

Segment cross-site statistics

Provides the cross-site traffic statistics of a global segment. It provides
the aggregated incoming and outgoing cross-site packet statistics and packet
drops.

Name	Description	Type	Notes
last_update_timestamp	Last updated timestamp Timestamp when the l2 forwarder statistics was last updated.	EpochMsTimestamp	Required Readonly
rx_stats	Received data counters Provides the aggregated incoming cross-site packet counters on the global segment. It includes the total number of packets received and dropped while receiving.	InterSitePortCounters	Readonly
segment_path	Policy path of Segment to attach interface Policy path of Segment to attach interface.	string	Required Readonly
tx_stats	Sent data counters Provides the aggregated outgoing cross-site packet counters on the global segment. It includes the total number of packets sent and dropped while sending.	InterSitePortCounters	Readonly

SegmentDeleteRequestParameters (schema)

Segment delete request parameters

Name	Description	Type	Notes
cascade	Flag to specify whether to delete related segment ports When the flag is true, all segment ports associated with this segment are detached and deleted.	boolean	Default: "False"

SegmentDhcpConfig (schema)

DHCP configuration for segment subnet

DHCP IPv4 and IPv6 configurations are extended from this abstract class.
This is an abstract type. Concrete child types:
SegmentDhcpV4Config
SegmentDhcpV6Config

Name	Description	Type	Notes
dns_servers	DNS servers for subnet IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property.	array of IPAddress	Maximum items: 2
lease_time	DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
resource_type		string	Required Enum: SegmentDhcpV4Config, SegmentDhcpV6Config
server_address	IP address of the DHCP server IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment.	IPCIDRBlock

SegmentDhcpV4Config (schema)

DHCP configuration of IPv4 subnet in a segment

Name	Description	Type	Notes
dns_servers	DNS servers for subnet IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property.	array of IPAddress	Maximum items: 2
lease_time	DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
options	DHCP options IPv4 DHCP options for segment subnet.	DhcpV4Options
resource_type	Must be set to the value SegmentDhcpV4Config	string	Required Enum: SegmentDhcpV4Config, SegmentDhcpV6Config
server_address	IP address of the DHCP server IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment.	IPCIDRBlock

SegmentDhcpV6Config (schema)

DHCP configuration of IPv6 subnet in a segment

Name	Description	Type	Notes
dns_servers	DNS servers for subnet IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property.	array of IPAddress	Maximum items: 2
domain_names	Domain names for subnet Domain names for subnet.	array of string
excluded_ranges	Excluded range of IPv6 addresses Excluded addresses to define dynamic ip allocation ranges.	array of IPElement	Minimum items: 0 Maximum items: 128
lease_time	DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
preferred_time	Preferred time The length of time that a valid address is preferred. When the preferred lifetime expires, the address becomes deprecated.	integer	Minimum: 60 Maximum: 4294967295
resource_type	Must be set to the value SegmentDhcpV6Config	string	Required Enum: SegmentDhcpV4Config, SegmentDhcpV6Config
server_address	IP address of the DHCP server IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment.	IPCIDRBlock
sntp_servers	SNTP servers for subnet IPv6 address of SNTP servers for subnet.	array of IPv6Address	Maximum items: 2

SegmentDiscoveryProfileBindingMap (schema)

Segment Discovery Profile binding map

This entity will be used to establish association between discovery profile
and Segment. Using this entity, user can specify intent for applying
discovery profile to particular segments.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_discovery_profile_path	IP Discovery Profile Path PolicyPath of associated IP Discovery Profile	string
mac_discovery_profile_path	Mac Discovery Profile Path PolicyPath of associated Mac Discovery Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentDiscoveryProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentDiscoveryProfileBindingMapListRequestParameters (schema)

Segment Discovery Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SegmentDiscoveryProfileBindingMapListResult (schema)

Paged collection of Segment Discovery Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Segment Discovery Profile Binding Map list results	array of SegmentDiscoveryProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentExtraConfig (schema)

Vendor specific configuration on segment or Segment port

Segment extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on either segment or segment port.

Name	Description	Type	Notes
config_pair	Key value pair in string for the configuration Key value pair in string for the configuration.	UnboundedKeyValuePair	Required

SegmentL2ForwarderSiteSpanInfo (schema) (Experimental)

Name	Description	Type	Notes
inter_site_forwarder_status	Inter-site forwarder status per node Inter-site forwarder status per node.	array of L2ForwarderStatusPerNode	Readonly
last_update_timestamp	Last updated timestamp Timestamp when the L2 forwarder remote mac addresses was last updated.	EpochMsTimestamp	Required Readonly
remote_macs_per_site	L2 forwarder remote mac addresses per site L2 forwarder remote mac addresses per site for logical switch.	array of L2ForwarderRemoteMacsPerSite	Readonly
segment_path	Segment path Policy path of a segment.	string	Required Readonly

SegmentListRequestParameters (schema)

Segment list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
segment_type	Segment type	string	Enum: DVPortgroup, ALL
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SegmentListResult (schema)

Paged collection of Segments

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Segment list results	array of Segment	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentMacAddressListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results		array of MacTableEntry
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
transport_node_id	Transport node identifier	string	Readonly

SegmentMonitoringProfileBindingMap (schema)

Segment Monitoring Profile binding map

This entity will be used to establish association between monitoring profile
and Segment. Using this entity, you can specify intent for applying
monitoring profile to particular segment.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipfix_l2_profile_path	IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
port_mirroring_profile_path	Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentMonitoringProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentPort (schema)

Policy port object for segment

Policy port will create LogicalPort on LogicalSwitch corresponding to the Segment. Address bindings cannot be removed after realization.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
address_bindings	Address bindings for the port Static address binding used for the port.	array of PortAddressBindingEntry	Maximum items: 512
admin_state	Represents desired state of the segment port	string	Enum: UP, DOWN Default: "UP"
attachment	VIF attachment Only VIF attachment is supported	PortAttachment
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPortDiscoveryProfileBindingMap ChildPortQoSProfileBindingMap ChildPortSecurityProfileBindingMap
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extra_configs	Extra configs on segment port This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port.	array of SegmentExtraConfig
id	Unique identifier of this resource	string	Sortable
ignored_address_bindings	Address bindings to be ignored by IP Discovery module IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported.	array of PortAddressBindingEntry	Minimum items: 0 Maximum items: 16
init_state	Initial state of this logical ports Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host.	string	Enum: UNBLOCKED_VLAN, RESTORE_VIF
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_id	ID of the distributed virtual port and the distributed virtual switch in the source vCenter ID populated by NSX when NSX on DVPG is used to indicate the source Distributed Virtual Port and the corresponding Distributed Virtual Switch. This ID is populated only for ports attached to discovered segments.	string	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentPort	string
source_site_id	source site(LM) id. This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tofu_version	Version of Trust On First Use (TOFU) paradigm. This is an experimental field. The TOFU workflow will be triggered upon modification of this value to a different non-zero positive value.	integer	Minimum: 0 Maximum: 4294967295
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentPortAttachmentState (schema)

VIF attachment state of a segment port

Name	Description	Type	Notes
attachers	VM or vmknic entities that are attached to the Segment Port	array of PortAttacher	Readonly
id	VIF ID	string	Readonly
state	State of the VIF attached to Segment Port A segment port must be in one of following states. FREE - If there are no active attachers. The port may or may not have an attachment ID configured on it. This state is applicable only to port of static type. ATTACHED - Segment port has exactly one active attacher and no further configuration is pending. ATTACHED_PENDING_CONF - Segment port has exactly one attacher, however it may not have been configured completely. Additional configuration will be provided by other nsx components. ATTACHED_IN_MOTION - Segment port has multiple active attachers. This state represents a scenario where VM is moving from one location (host or storage) to another (e.g. vmotion, vSphere HA) DETACHED - A temporary state after all port attachers have been detached. This state is applicable only to a port of ephemeral type and the port will soon be deleted.	string	Required Readonly Enum: FREE, ATTACHED, ATTACHED_PENDING_CONF, ATTACHED_IN_MOTION, DETACHED

SegmentPortListRequestParameters (schema)

SegmentPort list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SegmentPortListResult (schema)

Paged collection of SegmentPort

List SegmentPort objects

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	SegmentPort list results Place holder for the list result	array of SegmentPort	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentPortMacAddressCsvListResult (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
results		array of SegmentPortMacTableCsvEntry

SegmentPortMacAddressListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results		array of SegmentPortMacTableEntry
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly
transport_node_id	Transport node identifier	string	Readonly

SegmentPortMacTableCsvEntry (schema)

Name	Description	Type	Notes
mac_address	The MAC address	string	Required
mac_type	The type of the MAC address	MacAddressType	Required

SegmentPortMacTableEntry (schema)

Name	Description	Type	Notes
mac_address	The MAC address	string	Required
mac_type	The type of the MAC address	MacAddressType	Required

SegmentPortState (schema)

Realized state of the segment port on enforcement point

Contains realized state of the segment port. For example: transport node
on which the port is located, discovered and realized address bindings of
the port.

Name	Description	Type	Notes
attachment	Segment port attachment state	SegmentPortAttachmentState	Readonly
discovered_bindings	Segment port bindings discovered automatically Contains the list of address bindings for a segment port that were automatically dicovered using various snooping methods like ARP, DHCP etc.	array of AddressBindingEntry
duplicate_bindings	Duplicate segment port address bindings If any address binding discovered on the port is also found on other port on the same segment, then it is included in the duplicate bindings list along with the ID of the port with which it conflicts.	array of DuplicateAddressBindingEntry
external_address_binding	Realized external address binding Realized external address binding	PolicyVpcLogPortEipBinding
real_time_eth_config_state	Real time ethernet config state Real time ethernet config state on the port. The state is set as VALID if the corresponding Transport node's host switch has vSwitch-RT config set and INVALID if not. If a corresponding Transport node cannot be found then the state is set as UNKNOWN.	string	Readonly Enum: VALID, INVALID, UNKNOWN
realized_bindings	Realized segment port bindings List of segment port bindings that are realized. This list may be populated from the discovered bindings or manual user specified bindings. This binding configuration can be used by features such as firewall, spoof-guard, traceflow etc.	array of AddressBindingEntry
transport_node_ids	Identifiers of the transport nodes where the port is located	array of string

SegmentPortStatistics (schema)

Segment port statistics on specific Enforcement Point

Segment port statistics on specific Enforcement Point.

Name	Description	Type	Notes
distributed_dhcp_server_packets		DistributedDhcpServerPackets	Readonly
dropped_by_firewall_packets		DfwDropCounters	Readonly
dropped_by_security_packets		PacketsDroppedBySecurity	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_port_id	The id of the logical port	string	Required Readonly
mac_learning		MacLearningCounters	Readonly
rx_bytes		DataCounter	Readonly
rx_packets		DataCounter	Readonly
tx_bytes		DataCounter	Readonly
tx_packets		DataCounter	Readonly

SegmentPortStatus (schema)

Segment port status on specific Enforcement Point

Segment port status on specific Enforcement Point.

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_port_id	The id of the logical port	string	Required Readonly
status	The Operational status of the logical port	string	Required Enum: UP, DOWN, UNKNOWN

SegmentQoSProfileBindingMap (schema)

Segment QoS Profile binding map

This entity will be used to establish association between qos profile
and Segment. Using this entity, you can specify intent for applying
qos profile to particular segment.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
qos_profile_path	QoS Profile Path PolicyPath of associated QoS Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentQoSProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentQoSProfileBindingMapListRequestParameters (schema)

Segment QoS Profile Binding Map list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SegmentQoSProfileBindingMapListResult (schema)

Paged collection of Segment QoS Profile Binding Maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Segment QoS Profile Binding Map list results	array of SegmentQoSProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentRealTimeEthProfileBindingMap (schema)

Segment Real Time Eth Profile binding map

This entity will be used to establish association between real time eth profile
and Segment. Using this entity, you can specify intent for applying
real time eth profile to particular segment.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
real_time_eth_profile_path	Real Time Eth Profile Path PolicyPath of associated Real Time Eth Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentRealTimeEthProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentRequestParameter (schema)

Segment request parameter for HAPI

Segment request parameter, used in hierarchical API.

Name	Description	Type	Notes
force	Force segment update.	boolean	Required
resource_type	Must be set to the value SegmentRequestParameter	string	Required

SegmentSecurityFeature (schema)

Segment Security feature entity with feature details

Name	Description	Type	Notes
enable	Flag to activate/deactivate true - activate the feature, false - deactivate the feture	boolean	Required Default: "False"
feature		SegmentSecurityFeaturesSupported	Required

SegmentSecurityFeatures (schema)

Segment Security features entity with feature details

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
features		array of SegmentSecurityFeature	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentSecurityFeatures	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentSecurityFeaturesSupported (schema)

Collection of Segment supported security features

Feature to be activated/deactivated.
BRIDGE_FIREWALL - Bridge Firewall
Use any one of this to enable/disable it.

Name	Description	Type	Notes
SegmentSecurityFeaturesSupported	Collection of Segment supported security features Feature to be activated/deactivated. BRIDGE_FIREWALL - Bridge Firewall Use any one of this to enable/disable it.	string	Readonly Enum: BRIDGE_FIREWALL

SegmentSecurityProfile (schema)

Segment Security Profile

Security features extended by policy operations for securing logical segments.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bpdu_filter_allow	Deactivate BPDU filtering on this allowlist Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering. List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03, 01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07, 01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b, 01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f, 00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00, 01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0, 01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4, 01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7	array of MACAddress	Minimum items: 0 Maximum items: 32
bpdu_filter_enable	BPDU filtering status Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default.	boolean	Default: "True"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_client_block_enabled	Enable DHCP client block Filters DHCP server and/or client traffic. DHCP server blocking is activated and client blocking is deactivated by default.	boolean	Default: "False"
dhcp_client_block_v6_enabled	Enable DHCP client block v6 Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is deactivated by default.	boolean	Default: "False"
dhcp_server_block_enabled	Enable DHCP server block Filters DHCP server and/or client traffic. DHCP server blocking is activated and client blocking is deactivated by default.	boolean	Default: "True"
dhcp_server_block_v6_enabled	Enable DHCP server block v6 Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is deactivated by default.	boolean	Default: "True"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
non_ip_traffic_block_enabled	Enable non IP traffic block A flag to block all traffic except IP/(G)ARP/BPDU.	boolean	Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
ra_guard_enabled	Enable Router Advertisement Guard Activate or deactivate Router Advertisement Guard.	boolean	Default: "False"
rate_limits	Rate limiting configuration Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is deactivated by default	TrafficRateLimits
rate_limits_enabled	Enable Rate Limits Activate or deactivate Rate Limits	boolean	Default: "False"
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentSecurityProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentSecurityProfileBindingMap (schema)

Security profile binding map for segment

Contains the binding relationship between segment and security profile.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SegmentSecurityProfileBindingMap	string
segment_security_profile_path	Segment Security Profile Path The policy path of the asscociated Segment Security profile	string
spoofguard_profile_path	SpoofGuard Profile Path The policy path of the asscociated SpoofGuard profile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SegmentSecurityProfileBindingMapListRequestParameters (schema)

Segment security profile binding map request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SegmentSecurityProfileBindingMapListResult (schema)

Paged collection of segment security profile binding maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Segment security profile binding map list results	array of SegmentSecurityProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentSecurityProfileListRequestParameters (schema)

Segment security profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SegmentSecurityProfileListResult (schema)

Paged collection of segment security profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Segment Security profile list results	array of SegmentSecurityProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SegmentStateRequestParameters (schema)

Request Parameters for Metadata Proxy Runtime Information

Request parameters that represents a segment path and enforcement_point_path.

Name	Description	Type	Notes
configuration_state	Configuration state of the segment on enforcement point	string	Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

SegmentStatistics (schema)

Segment statistics on specific Enforcement Point

Segment statistics on specific Enforcement Point.

Name	Description	Type	Notes
distributed_dhcp_server_packets		DistributedDhcpServerPackets	Readonly
dropped_by_firewall_packets		DfwDropCounters	Readonly
dropped_by_security_packets		PacketsDroppedBySecurity	Readonly
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_switch_id	The id of the logical Switch	string	Required Readonly
mac_learning		MacLearningCounters	Readonly
nsxt_fp	ENS/FC module for DP packet processing	FpCounters	Readonly
nsxt_swsec	Switch Security provides stateless L2 and L3 security by checking, traffic to the logical switch and dropping unauthorized packets sent, from VMs	SwsecCounters	Readonly
nsxt_vdl2	Overlay Layer-2 module responsible for workload connectivity	Vdl2Counters	Readonly
nsxt_vdrb	Virtual Distributed Routing (VDR) routes packets on every ESX	VdrbCounters	Readonly
nsxt_vsip	VSIP provides Distributed Firewall capability	VsipCounters	Readonly
nsxt_vswitch	Virtual Switch is responsible for providing switching functionality	VswitchCounters	Readonly
rx_bytes		DataCounter	Readonly
rx_packets		DataCounter	Readonly
tx_bytes		DataCounter	Readonly
tx_packets		DataCounter	Readonly

SegmentSubnet (schema)

Subnet configuration for segment

Name	Description	Type	Notes
dhcp_config	Additional DHCP configuration Additional DHCP configuration for current subnet.	SegmentDhcpConfig (Abstract type: pass one of the following concrete types) SegmentDhcpV4Config SegmentDhcpV6Config
dhcp_ranges	DHCP address ranges for dynamic IP allocation DHCP address ranges are used for dynamic IP allocation. Supports address range and CIDR formats. First valid host address from the first value is assigned to DHCP server IP address. Existing values cannot be deleted or modified, but additional DHCP ranges can be added.	array of IPElement	Minimum items: 1 Maximum items: 99
gateway_address	Gateway IP address. Gateway IP address in CIDR format for both IPv4 and IPv6.	string	Format: ip-cidr-block
network	Network CIDR for subnet Network CIDR for this subnet calculated from gateway_addresses and prefix_len.	string	Readonly

SelectableResourceReference (schema)

Resources to take action on

Name	Description	Type	Notes
is_valid	Target validity Will be set to false if the referenced NSX resource has been deleted.	boolean	Readonly
selected	Set to true if this resource has been selected to be acted upon	boolean	Required
target_display_name	Target display name Display name of the NSX resource.	string	Readonly Maximum length: 255
target_id	Target ID Identifier of the NSX resource.	string	Maximum length: 64
target_type	Target type Type of the NSX resource.	string	Maximum length: 255

SelectiveSyncSettings (schema)

Directory domain selective sync settings

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
enabled	Enable or disable SelectiveSync	boolean	Required
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
selected_org_units	Selected OrgUnits for SelectiveSync If SelectiveSync is enabled, this contains 1 or more OrgUnits, which NSX will synchronize with in LDAP server. The full distiguished name (DN) should be used for OrgUnit. If SelectiveSync is disabled, do not define this or specify an empty list.	array of string
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SelfResourceLink (schema)

Link to this resource

The server will populate this field when returing the resource. Ignored on PUT and POST.

Name	Description	Type	Notes
action	Optional action	string	Readonly
href	Link to resource	string	Required Readonly
rel	Link relation type Custom relation type (follows RFC 5988 where appropriate definitions exist)	string	Required Readonly

SelfSignedActionParameter (schema)

Name	Description	Type	Notes
days_valid	Number of days the certificate will be valid, default 825 days	integer	Required Default: "825"

Service (schema)

Contains the information related to a service

Used while defining a CommunicationEntry. A service may have multiple
service entries.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildServiceEntry
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Flag for default services The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted.	boolean	Readonly Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Service	string
service_entries	Service type Service entries for this service	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry
service_type	Type of service, ETHER or NON_ETHER	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ServiceEntry (schema)

A Service entry that describes traffic

This is an abstract type. Concrete child types:
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ServiceEntry	string	Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ServiceEntryListRequestParameters (schema)

Service entry list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ServiceEntryListResult (schema)

Paged Collection of Service entries

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Service entry list results	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ServiceGateway (schema)

Service Gateway configuration

Service Gateway serves as the default gateway for VPC.

Name	Description	Type	Notes
auto_snat	Auto plumb snat rule Auto plumb snat rule for private subnet, this will make sure private subnets are routable outside of VPC. There will be one snat rule per VPC, translated ip will be taken from external ip block. If enabled, user must also configure external ip block. This property is applicable only when service_gateway is enabled.	boolean	Default: "True"
disable	Flag to indicate if Gateway Service support is required or not. By default, service gateway is enabled. Flag to deactivate service gateway for connected subnets. If false then VPC will support the following services: NAT, gateway security policies, and gateway QoS profile. If true, VPC will support only distributed services i.e., EW security policy. Workload shall be protected using the same. All traffic from subnets will be routed through the distributed router to the connected gateway and eliminates the intermediate hop of the service gateway.	boolean	Default: "False"
qos_config	Gateway QoS Profile configuration QoS Profile configuration for VPC connected to the gateway. The profiles must be pre-created at the project level.	GatewayQosProfileConfig

ServiceGatewayCounter (schema)

Name	Description	Type
blocked_packets	The number of blocked packets	integer
destination_unsupported_dropped_packets	The number of dropped packets due to destination_unsupported	integer
dropped_packets	The number of error packets	integer
error_packets	The number of error packets	integer
firewall_dropped_packets	The number of dropped packets by firewall	integer
ipsec_dropped_packets	The number of dropped packets by ipsec	integer
ipsec_no_sa_dropped_packets	The number of dropped packets by ipsec no sa	integer
ipsec_no_vti_dropped_packets	The number of dropped packets by ipsec no vti	integer
ipv6_dropped_packets	The number of dropped ipv6 packets	integer
kni_dropped_packets	The number of dropped kni packets	integer
l4port_unsupported_dropped_packets	The number of dropped l4port_unsupported packets	integer
malformed_dropped_packets	The number of dropped malformed packets	integer
no_receiver_dropped_packets	The number of dropped no receiver packets	integer
proto_unsupported_dropped_packets	The number of proto unsupported packets dropped	integer
redirect_dropped_packets	The number of dropped packets due to redirection	integer
rpf_check_dropped_packets	The number of dropped packets due to rpf check	integer
total_bytes	The total number of bytes	integer
total_packets	The total number of packets	integer
ttl_exceeded_dropped_packets	The number of dropped packets due to exceeding ttl	integer

ServiceGatewayCounterCommon (schema)

Name	Description	Type
dropped_packets	The number of error packets	integer
total_bytes	The total number of bytes	integer
total_packets	The total number of packets	integer

ServiceInstanceEndpoint (schema)

Service EndPoint for Byod Policy Service Instance

A ServiceInstanceEndpoint belongs to one ByodPolicyServiceInstance and is attached to one ServiceInterface. A ServiceInstanceEndpoint represents a redirection target for a RedirectionPolicy.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ServiceInstanceEndpoint	string	Required Enum: VirtualEndpoint, ServiceInstanceEndpoint
service_interface_path	Service Interface path Path of Service Interface to which this ServiceInstanceEndpoint is connected.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_ips	IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected.	array of IPInfo	Required Minimum items: 1 Maximum items: 1
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ServiceInterface (schema)

Service interface configuration

Service interface configuration for internal connectivity.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_relay_path	policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ServiceInterface	string
subnets	IP address and subnet specification for interface Specify IP address and network prefix for interface.	array of InterfaceSubnet	Required Minimum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ServiceInterfaceListResult (schema)

Paged collection of Service Interfaces

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Service Interface list results	array of ServiceInterface	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ServiceListRequestParameters (schema)

Service list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
default_service	Fetch all default services If set to true, then it will display only default services. If set to false, then it will display all user defined services. If it is not provided, then complete (default as well as user defined) list of services will be displayed.	boolean
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

ServiceListResult (schema)

Paged Collection of Services

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Service list results	array of Service	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ServiceReference (schema)

An anchor object representing the intent to consume a given 3rd party service.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Operational state of the Service. A Service's operational state can be enabled or disabled. Note that would work only for NetX type of services and would not work for Guest Introsp- ection type of Services. TRUE - The Service should be enabled FALSE - The Service should be disabled	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
partner_service_name	Name of Partner Service Unique name of Partner Service to be consumed for redirection.	string	Required
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ServiceReference	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ServiceSegment (schema)

Service Segment configuration

Service Segment configuration to attach Service Insertion VM.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
lr_paths	Policy paths of logical routers Policy paths of logical routers or ports \| to which this Service Segment can be connected.	array of string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ServiceSegment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transport_zone_path	Policy path to the transport zone Policy path to transport zone. Only overlay transport zone is supported.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ServiceType (schema)

Supported service types, that are using certificates.

Name	Description	Type	Notes
ServiceType	Supported service types, that are using certificates.	string	Enum: MGMT_CLUSTER, MGMT_PLANE, API, NOTIFICATION_COLLECTOR, SYSLOG_SERVER, RSYSLOG_CLIENT, APH, APH_TN, GLOBAL_MANAGER, LOCAL_MANAGER, CLIENT_AUTH, RMQ, K8S_MSG_CLIENT, WEB_PROXY, CBM_API, CBM_CCP, CBM_CSM, CBM_MP, CBM_GM, CBM_AR, CBM_MONITORING, CBM_IDPS_REPORTING, CBM_CM_INVENTORY, CBM_MESSAGING_MANAGER, CBM_UPGRADE_COORDINATOR, CBM_SITE_MANAGER, CBM_CLUSTER_MANAGER, CBM_CORFU, COMPUTE_MANAGER, CCP, ANALYTICS_AGENT, ANALYTICS_KAFKA, NAPP_COMMON_AGENT, NAPP_PACE_AGENT, NAPP_METRICS_AGENT

SessionAuthenticationCredentials (schema)

Credentials used to authenticate to NSX

Username and password used to obtain a session cookie.

Name	Description	Type	Notes
j_password	Password Password to use when authenticating.	string	Required
j_username	User name User name to authenticate as.	string	Required

SessionLoginCredential (schema) (Deprecated)

A login credential specifying session_id

Details of session based login credential to login to server.

Name	Description	Type	Notes
credential_type	Must be set to the value SessionLoginCredential	string	Required
session_id	The session_id to login to server The session_id to login to server.	secure_string
thumbprint	Thumbprint of the login server Thumbprint of the login server.	string

SessionTimerProfileBindingListResult (schema)

Paged Collection of session timer profile binding maps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Session timer profile binding maps list results	array of SessionTimerProfileBindingMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SessionTimerProfileBindingMap (schema)

Policy Session Timer Profile binding map

This entity will be used to establish association between Session Timer
profile and Logical Routers.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profile_path	Profile Path PolicyPath of associated Profile	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SessionTimerProfileBindingMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SetFields (schema)

Set Fields

Set Fields is an action to set fields of the source event.

Name	Description	Type	Notes
field_settings	Field Settings Field Settings.	array of FieldSetting	Minimum items: 1
resource_type	Must be set to the value SetFields	string	Required Enum: PatchResources, SetFields

SetInterSiteAphCertificateRequest (schema)

Data for setting Appliance Proxy certificate for inter-site communication

Name	Description	Type	Notes
cert_id	Certificate ID ID of the certificate that is already imported.	string	Required Readonly
used_by_id	Node ID ID of the node that this certificate is used on.	string	Required Readonly

SetPrincipalIdentityCertificateForFederationRequest (schema)

Data for setting a principal identity certificate

Name	Description	Type	Notes
cert_id	Id of the certificate	string	Required Readonly
service_type	Service type for which the certificate should be used.	PIServiceType	Required Readonly

SftpProtocol (schema)

Name	Description	Type	Notes
authentication_scheme	Scheme to authenticate if required	PasswordAuthenticationScheme	Required
host_key_algorithms	Host key algorithms Supported host key algorithms for SSH/SFTP connection. Algorithms are preferred in the order they are specified in list.	array of HostKeyAlgorithms	Minimum items: 1 Default: "['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521']"
name	Must be set to the value SftpProtocol	string	Required Enum: http, https, scp, sftp
ssh_fingerprint	SSH fingerprint of server	string	Required

ShaDynamicPlugin (schema)

Sha dynamic Plugin

Define a kind of Dynamic Sha plugin.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_group_path	Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_plugin_uploaded	Flag to show the dynamic plugin status Flag to show the dynamic plugin zip file is uploaded.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ShaDynamicPlugin	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ShaDynamicPluginProfile (schema)

Dynamic created plugin profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_group_path	Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string
applied_to_ua	Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes.	boolean
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
config	Plugin configuration Define the plugin configuration.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Plugin Enablement Flag The on-off switch of System Health Plugin	boolean	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
plugin_path	Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ShaDynamicPluginProfile	ShaPluginType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ShaPluginProfile (schema)

Abstract base type for System Health plugin profile of different types

The ShaPluginProfile is the base class for System Health plugin profile
This is an abstract type. Concrete child types:
ShaDynamicPluginProfile
ShaPredefinedPluginProfile
ShaSystemPluginProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_group_path	Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string
applied_to_ua	Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes.	boolean
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Plugin Enablement Flag The on-off switch of System Health Plugin	boolean	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
plugin_path	Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ShaPluginProfile	ShaPluginType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ShaPluginType (schema)

Valid System Health plugin types

Name	Description	Type	Notes
ShaPluginType	Valid System Health plugin types	string	Enum: PredefinedPlugin, DynamicPlugin, SystemPlugin

ShaPredefinedPlugin (schema)

System pre-defined plugin config

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
config	Plugin configuration Define the plugin configurtion detail.	ShaPredefinedPluginProfileData	Readonly
delay_on_reboot	The delay after reboot The corresponding plugin will wait for config seconds after reboot.	integer	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Profile Enablement Flag The on-off switch of Sha plugin	boolean	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pre_req_conditions	The pre-req conditions Display the pre-req conditions to run the predefined plugin.	array of PreReqCondition	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ShaPredefinedPlugin	string
supported_node_types	The supported node types Display the running node types of predefined plugin.	array of NsxtNodeType	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ShaPredefinedPluginProfile (schema)

System predefined plugin profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_group_path	Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string
applied_to_ua	Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes.	boolean
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
config	Plugin configuration Define the plugin configuration.	ShaPredefinedPluginProfileData	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Plugin Enablement Flag The on-off switch of System Health Plugin	boolean	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
plugin_path	Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ShaPredefinedPluginProfile	ShaPluginType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

ShaPredefinedPluginProfileData (schema)

System Health Plugin Config Item

Describes a config item for System Health profile.

Name	Description	Type
check_interval	The check interval The interval of plugin to check the status.	integer
desired_crash	The desired crash Whether crash the component which spew too much log	boolean
desired_duration	The desired duration The expected rotation of logging	integer
granular_desired_duration	The granular desired duration The expected rotation for each log	string
report_interval	The report interval The interval of plugin to report the status.	integer
smallest_report_interval_if_change	The smallest report interval The smallest report interval if the status is changed. The value of smallest_report_interval_if_change should be less than the value of report_interval	integer
threshold	The threshold The threshold to alarm logging report	integer

ShaSystemPluginProfile (schema)

System plugin profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_to_group_path	Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string
applied_to_ua	Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes.	boolean
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
config	Plugin configuration Define the plugin configuration.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Plugin Enablement Flag The on-off switch of System Health Plugin	boolean	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
plugin_path	Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value ShaSystemPluginProfile	ShaPluginType	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Share (schema)

A Share is a container that shares all its contents represented by associated SharedResource entities
with Orgs or Projects represented using the 'sharedWith' property. Default share object is created by the system which
is shared with all the orgs and projects by default. Id of default share object is default.
Also, default share object per org/project will also be created as part of org/project
creation workflow. Id of org share object will be "", but for default org it is "default-org-share".
Id of project share object will be "-" (ex: org1-project1).

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Share	string
sharedWith	Path of the context Represents an array of the paths of the contexts (Org or Project) to which the contents of this share should be shared. If any entry in this array refers to a custom project's path, it is mandatory to set the value of sharing_strategy to ALL_DESCENDANTS.	array of string	Required Minimum items: 1
sharing_strategy	Sharing Strategy Strategy used to decide to which shareWith the contents of the share should be shared. Project is descendant of Org. Vpc is descendant of Project. ALL_DESCENDANTS - Share with the shareWith path and all it's descendants. NONE_DESCENDANTS - Share with the shareWith path only and not its descendants. (Default).	string	Enum: NONE_DESCENDANTS, ALL_DESCENDANTS Default: "NONE_DESCENDANTS"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SharedResource (schema)

Policy Shared resource

A SharedResource is a child of the resource that needs to be shared. Where the resoruce is shared is determined by
the Share instance to which this shared resource refers. Default shared resource under default share object is created
by the system. All the resources under default shared resources will be available for consumption to all the orgs/projects by default.
Shared Resource for specific org will be available for consumption for that particular org only.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_objects	Path of the resource to be shared Represents the path and other properties of the resource to be shared. The entity represented by this shared resource is shared with all the Orgs or Projects contexts that the Share container references.	array of ResourceObject	Required Minimum items: 1
resource_type	Must be set to the value SharedResource	string
share_shared_with	Share's Shared With Read only field. Shows subset (shared-with-me API context) of sharedWith used in Share.	array of string	Readonly
share_sharing_strategy	Share's Sharing Strategy Read only field. Shows sharing strategy used in Share.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Site (schema)

Site

Site represents an NSX deployment having its own set of NSX clusters and
transport nodes. It may correspond to a Data Center, VMC deployment, or
NSX-Cloud deployment managed via CSM.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint ChildSiteSecuritySetting
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
fail_if_rtep_misconfigured	Fail onboarding if RTEPs misconfigured Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail.	boolean	Default: "True"
fail_if_rtt_exceeded	Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded.	boolean	Default: "True"
federation_config	Federation releated config System managed federation config.	GmFederationSiteConfig	Readonly
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
maximum_rtt	Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value.	integer	Minimum: 0 Maximum: 1000 Default: "250"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Site	string
site_connection_info	Connection information To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate.	array of SiteNodeConnectionInfo	Maximum items: 3
site_number	12-bit system generated site number	integer	Readonly
site_type	Persistent Site Type The site_type property identifies type of current site.	string	Enum: ONPREM_LM, SDDC_LM
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SiteActionParameters (schema)

Paramters for Site delete operation

If force=true then site will be deleted even if not reachable.
NOTE - Use this with caution as Global Manager will go ahead and
offboard the site forcefully.

Name	Description	Type	Notes
force		boolean

SiteAllocationIndexForEdge (schema)

Allocation index for edge

Index for cross site allocation for edge cluster
and its members referred by gateway.

Name	Description	Type	Notes
index	Unique index across sites for gateway span Unqiue edge cluster node index across sites based on stretch of the Gateway. For example, if a Gateway is streched to sites S1 with one edge cluster of 3 nodes and site S2 with one edge cluster of 2 nodes, the in the Global Manager will allocate the index for 5 edge nodes and 2 cluster in the rage 0 to 7.	integer	Readonly
target_resource_path	Edge cluster or edge node path	string	Readonly

SiteCleanupPending (schema)

Details for cleanup of resource.

SiteCleanupPending contains information about the resource cleanup
from sites.

Name	Description	Type	Notes
marked_for_delete	Indicates whether the resource is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted.	boolean	Readonly
pending_sites	List of SpanSiteInfos List of SpanSiteInfos representing the strech of the entity.	array of SpanSiteInfo	Readonly
resource_path	Policy path of an resource. Policy resource which is either marked for delete or in process of deletion from site.	string	Readonly

SiteCleanupPendingListRequestParameters (schema)

SiteCleanupPending list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
intent_path	String Path of a resource. String Path of a resource. Can pass multiple values.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SiteCleanupPendingListResult (schema)

Paged collection of SiteCleanupPending

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	SiteCleanupPending list results	array of SiteCleanupPending	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SiteCompatibilityInfo (schema)

Name	Description	Type	Notes
compatibility_list	Compatibility list	array of string
site_version	Site version	string

SiteFederationConfig (schema)

Site fedeation configuration

Site fedeation configuration.

Name	Description	Type	Notes
rtep_ips	Remote tunnel endpoint IP addresses	array of IPAddress	Readonly
site_id	Site UUID	string	Readonly
site_index	Unique site index allocated (from range 0-4095)	integer	Readonly
site_path	Site path	string	Readonly

SiteInfo (schema)

Site information

Information related to Sites applicable for given Org.

Name	Description	Type	Notes
edge_cluster_paths	PolicyPath of the edge cluster or label The edge cluster on which the networking elements for the Org will be created. In case of Label, it should have reference of Edge cluster path.	array of string
site_path	PolicyPath of the site This represents the path of the site which is managed by Global Manager. For the local manager, if set, this needs to point to 'default'.	string
transport_zone_paths	PolicyPath of the transport zone This represents the path of the transport zone on which elements of the project will be created. If not provided, this field is set to the path of the default transport zone for the associated site. Transport zone cannot be modified.	array of string	Maximum items: 1

SiteListRequestParameters (schema)

Site List Request Parameters

Site list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SiteListResult (schema)

Paged Collection of Sites

Paged Collection of Sites.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Site List Result Site list result.	array of Site	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SiteNodeConnectionInfo (schema)

Site Node Connection Info

Credential info to connect to a node in the federated remote site.

Name	Description	Type
fqdn	Fully Qualified Domain Name of the Management Node Please specify the fqdn of the Management Node of your site.	string
password	Password Password to connect to Site's Local Manager.	secure_string
site_uuid	id of Site Site UUID supplied for connection info	string
thumbprint	Thumbprint of Enforcement Point Thumbprint of Site's Local Manager in the form of a SHA-256 hash represented in lower case HEX.	string
username	Username Username to connect to Site's Local Manager.	string

SiteOnboardingPreference (schema)

User Onboarding Preference

User onboarding preference for site.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ignore_import	Ignore Import Preference Represents user's decision to ignore onboarding option for a site. User will not be shown onboarding message or will failing onboarding when ignore status is set to 'true'.	boolean	Required Readonly
resource_type	Must be set to the value SiteOnboardingPreference	string
site_id	Site Identifier Unique site identifier.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

SiteOverride (schema)

IPSecVpn Site Override Parameters

IPSecVPN site specific attributes specified only on GM. This allows user to specify site specific parameters which overrides the correspondig attributes in the IPSecVpnSession Object.

Name	Description	Type	Notes
local_endpoint_path	Local endpoint path Policy path referencing Local endpoint.	string	Required
locale_service_path	Locale service policy path Policy path referencing LocateService where SiteOverride attributes will be applied	string	Required
peer_address	IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs.	IPAddress	Required
peer_id	Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer.	string	Required
tunnel_interfaces	IP Tunnel interfaces IP Tunnel interfaces. This property is mandatory for RouteBasedIpSecVpn session.	array of IPSecVpnTunnelInterface	Minimum items: 1 Maximum items: 1

SiteRequestParameter (schema)

Request parameter to get flow to a given Site

User can get flow details from the Site where API invoked to a given
Site by specifying the Site policy path.

Name	Description	Type	Notes
site_path	Policy path of the Site object	string

SiteSecuritySetting (schema)

Site Security configuration

Common security configuration for the Site.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
air_gapped	Flag to indicate air gapped deployments If true, deployment is marked as air gapped deployment and operations that requires internet connectivity are expected to be supported through Global Manager.	boolean	Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SiteSecuritySetting	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SiteStatus (schema)

Name	Description	Type	Notes
site_name	Site name	string	Required
stubs	Connection status	array of StubStatus

SnmpServiceProperties (schema)

SNMP Service properties

Name	Description	Type	Notes
communities	SNMP v1, v2c community strings	array of string	Maximum items: 1
start_on_boot	Start when system boots	boolean	Required
v2_configured	SNMP v2 is configured or not	boolean	Readonly
v3_auth_protocol	SNMP v3 auth protocol	string	Required Enum: SHA1 Default: "SHA1"
v3_configured	SNMP v3 is configured or not	boolean	Readonly
v3_priv_protocol	SNMP v3 private protocol	string	Required Enum: AES128 Default: "AES128"
v3_users	V3 users SNMP v3 users information	array of SnmpV3User	Maximum items: 1

SnmpV3User (schema)

SNMP v3 user

SNMP v3 user properties

Name	Description	Type	Notes
auth_password	Auth password SNMP v3 user auth password	secure_string
priv_password	Private password SNMP v3 user private password	secure_string
user_id	User ID SNMP v3 user ID	string	Required

Source (schema)

Event Source

Source that is logically deemed to be the "object" upon which the
Event in question initially occurred upon. The Source is responsible
for providing information of the occurred event. Some example sources
include:
- Resource.
- API.
This is an abstract type. Concrete child types:
ApiRequestBody
ResourceOperation

Name	Description	Type	Notes
resource_type	Resource Type Event Source resource type.	string	Required Enum: ResourceOperation, ApiRequestBody

SourceFieldEvaluation (schema)

Source Field Evaluation

Source Field Evaluation represents an evaluation on resource fields.
A source field evaluation will be evaluated against an Event Source which
is of type Resource Operation. For instance, the attribute constraint could
be related to the necessity that one of the source fields equals one of the
specified values.

Name	Description	Type	Notes
expected	Operator Arguments Expected values necessary to apply the specified operation on the source field value.	array of string	Required Minimum items: 1 Maximum items: 1
field_pointer	Field Pointer Field in the form of a pointer, describing the location of the attribute within the source of the event.	string	Required
operator	Logical Operator Logical operator.	string	Required Enum: EQ, NOT_EQ
resource_type	Must be set to the value SourceFieldEvaluation	string	Required Enum: SourceFieldEvaluation

SourceIpPersistencePurge (schema)

source ip persistence purge setting

If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available.

Name	Description	Type	Notes
SourceIpPersistencePurge	source ip persistence purge setting If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available.	string	Enum: NO_PURGE, FULL

SpacerWidgetConfiguration (schema)

Spacer widget Configuration

Represents configuration for spacer widget. For this widget the data source is not applicable. This widget can be use to add the space inside the dashboard container.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value SpacerWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

Span (schema)

Represents strech information for federated entity.

Represents the strech information for a federated entity
available only on local manager.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Span	string
sites	List of SpanSiteInfos List of SpanSiteInfos representing the strech of the entity.	array of SpanSiteInfo	Readonly
span_leader	Policy resource type of span leader Represents Policy resource type streached entity's span leader.	string	Readonly
span_resource	Policy resource path Represents Policy resource path of streached entity.	string	Readonly
span_resource_type	Policy resource type Policy resource type of the streached entity.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

SpanSiteInfo (schema)

Represents Site resource for Span entity.

Represents the Site resource information for a Span entity
including both the internal id as well as the site path.

Name	Description	Type	Notes
site_id	Internal ID of the Site resource Site UUID representing the Site resource	string	Readonly
site_path	Path of the Site resource Path of the Site resource	string	Readonly

SpoofGuardProfile (schema)

SpoofGuard Profile

SpoofGuard is a tool that is designed to prevent virtual machines in your
environment from sending traffic with IP addresses which are not authorized
to send traffic from. A SpoofGuard policy profile once enabled blocks the
traffic determined to be spoofed.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
address_binding_allowlist	Enable SpoofGuard If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the allowlist. This value cannot conflict with whitelist.	boolean	Required Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SpoofGuardProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
address_binding_whitelist	Enable SpoofGuard If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the allowlist. This field is deprecated because it has offensive terminology. Please use address_binding_allowlist. This value cannot conflict with allow list.	boolean	Deprecated Required Default: "False"

SpoofGuardProfileListRequestParameters (schema)

SpoofGuard profile request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

SpoofGuardProfileListResult (schema)

Paged collection of SpoofGuard profiles

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	SpoofGuard profile list results	array of SpoofGuardProfile	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SshFingerprintProperties (schema)

Server ssh fingerprint properties

Server properties - hostname/ip_address, port and ssh fingerprint

Name	Description	Type	Notes
host_key_algorithms	Host key algorithms Supported host key algorithms for SSH/SFTP connection. Algorithms are preferred in the order they are specified in list.	array of HostKeyAlgorithms	Minimum items: 1 Default: "['ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521']"
port	Server port Remote server port on which ssh connection is made.	integer	Required Minimum: 1 Maximum: 65535
server	Remote server hostname or IP address Server hostname/ip_address for which fingerprint has been retrieved.	string	Required Pattern: "^.+$"
ssh_fingerprint	SSH fingerprint of server Remote server's ssh fingerprint.	string

SshKeyBaseProperties (schema)

Name	Description	Type	Notes
label	SSH key label (used to identify the key)	string	Required
password	Current password for user (required for users root and admin)	string

SshKeyProperties (schema)

Name	Description	Type	Notes
label	SSH key label (used to identify the key)	string	Required
password	Current password for user (required for users root and admin)	string
type	SSH key type	string	Required Pattern: "^(ecdsa-sha2-nistp256\|ecdsa-sha2-nistp384\|ecdsa-sha2-nistp521\|ssh-dss\|ssh-ed25519\|ssh-rsa)$"
value	SSH key value	string	Required

SshKeyPropertiesListResult (schema)

SSH key properties query results

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	SSH key properties query results	array of SshKeyProperties	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

SshServiceProperties (schema)

SSH Service properties

Name	Description	Type	Notes
root_login	Permit SSH Root login	boolean
start_on_boot	Start service when system boots	boolean	Required

SslCipher (schema)

SSL cipher

ECDH ciphers and 3DES ciphers are not supported because they are not supported
by OpenSSL 3.0.
Deprecated ciphers which do not comply with OpenSSL 3.0:
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

Name	Description	Type	Notes
SslCipher	SSL cipher ECDH ciphers and 3DES ciphers are not supported because they are not supported by OpenSSL 3.0. Deprecated ciphers which do not comply with OpenSSL 3.0: - TLS_RSA_WITH_3DES_EDE_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384	string	Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384

SslCipherGroup (schema)

SSL cipher group

SslCipherGroup can be configured in LB SSL profiles.
The BALANCED SSL profile supports a mix of SSL protocols and ciphers to
offer a perfect mix of performance and security to clients/servers.
The HIGH_SECURITY SSL profile supports the highest-secured SSL protocols
and ciphers to offer the most secured access to clients/servers.
The HIGH_COMPATIBILITY SSL profile supports a large range of SSL protocols
and ciphers to offer access to the widest range of clients/servers.

Name	Description	Type	Notes
SslCipherGroup	SSL cipher group SslCipherGroup can be configured in LB SSL profiles. The BALANCED SSL profile supports a mix of SSL protocols and ciphers to offer a perfect mix of performance and security to clients/servers. The HIGH_SECURITY SSL profile supports the highest-secured SSL protocols and ciphers to offer the most secured access to clients/servers. The HIGH_COMPATIBILITY SSL profile supports a large range of SSL protocols and ciphers to offer access to the widest range of clients/servers.	string	Enum: BALANCED, HIGH_SECURITY, HIGH_COMPATIBILITY, CUSTOM

SslProtocol (schema)

SSL protocol

Only TLS_V1_2 is supported.
Deprecated protocols which do not comply with OpenSSL 3.0:
- SSL_V2
- SSL_V3
- TLS_V1
- TLS_V1_1

Name	Description	Type	Notes
SslProtocol	SSL protocol Only TLS_V1_2 is supported. Deprecated protocols which do not comply with OpenSSL 3.0: - SSL_V2 - SSL_V3 - TLS_V1 - TLS_V1_1	string	Enum: SSL_V2, SSL_V3, TLS_V1, TLS_V1_1, TLS_V1_2

StageUpgradeRequestParameters (schema)

Stage upgrade request parameters

Parameters specified during upgrade staging request

Name	Description	Type	Notes
component_type	Component type Type of the component	string

StaleCertificate (schema)

Stale Certificate

Name	Description	Type	Notes
certificate_id	Certificate Id	string	Required Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
display_name	Display name Display name of the stale certificate	string	Readonly
node_id	Node Id Node Id to which this certificate is applied to.	string
service_type	Service Type Service Type of the CertificateProfile to which the certificate is applied to.	ServiceType	Required

StaleCertificatesListResult (schema)

List of stale certificates

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result	List of stale certificates.	array of StaleCertificate	Required Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

StandaloneHostIdfwConfiguration (schema)

Standalone host idfw configuration

Idfw configuration for activate/deactivate idfw on standalone hosts.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
idfw_enabled	Idfw enabled flag If set to true, Idfw is enabled for standalone hosts	boolean	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StandaloneHostIdfwConfiguration	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

StatItem (schema)

Statistic of an entity

Displayed as a single number. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states.

Name	Description	Type	Notes
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget.	string
tooltip	Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the stat.	array of Tooltip	Minimum items: 0
total	Total If expression for total is specified, it evaluates it. Total can be omitted if not needed to be shown.	string
value	Stat Expression for stat to be displayed.	string	Required Maximum length: 1024

StaticARPConfig (schema)

Static ARP Config

Contains Static ARP configuration for Segment.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_address	IP Address	IPAddress	Required
mac_address	MAC Address	MACAddress	Required
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticARPConfig	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

StaticFilter (schema)

Static filters

Name	Description	Type	Notes
additional_value	An additional value for static filter An additional key-value pair for static filter.	object
display_name	Display name for static filter display name to be shown in the drop down for static filter.	string	Maximum length: 1024
info_text	Info text for the static filter. Additional information to be shown along with the static filter. It will shown on the tooltip of an info icon,	string
short_display_name	A property value to be shown once value is selected for a filter. Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used.	string	Maximum length: 1024
value	Value of static filter Value of static filter inside dropdown filter.	string

StaticIpAllocation (schema)

Static IP allocation for VPC Subnet ports with VIF attachement

Name	Description	Type	Notes
enabled	Activate or Deactivate static ip allocation for VPC Subnet ports with VIF attachement Enable ip and mac addresses allocation for VPC Subnet ports from static ip pool. To enable this, dhcp pool shall be empty and static ip pool shall own all available ip addresses. To optimize static ip pool management, it is recommended to allocate ip addresses starting from the highest available ip in the static pool. This approach simplifies adjustments when the pool size needs to be reduced, as it avoids the need to reconfigure existing allocations.	boolean	Default: "False"

StaticMimeContent (schema)

Static MIME content

MIME content with text message and image path in it.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticMimeContent	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
text_message	text message text message.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

StaticPoolConfig (schema)

Static IP pool configuration

Name	Description	Type	Notes
ipv4_pool_size	Static IPv4 Pool size Number of IPs to be reserved in static ip pool. Maximum allowed value is 'subnet size - 4'. If dhcp is enabled then by default static ipv4 pool size will be zero and all available IPs will be reserved in local dhcp pool. If dhcp is deactivated then by default all IPs will be reserved in static ip pool.	int	Minimum: 0 Default: "0"

StaticRouteBfdPeer (schema)

Static Route Bidirectional Forwarding Detection Peer

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bfd_profile_path	Policy path to Bfd Profile Bfd Profile is not supported for IPv6 networks.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable BFD Peer Flag to enable BFD peer.	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
peer_address	IP Address of static route next hop peer Both IPv4 and IPv6 addresses are supported. Only a single BFD config per peer address is allowed.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticRouteBfdPeer	string
scope	Array of policy paths of locale services Represents the array of policy paths of locale services where this BFD peer should get relalized on. The locale service service and this BFD peer must belong to the same router. Default scope is empty.	array of string
source_addresses	List of source IP addresses Array of Tier0 external interface IP addresses. BFD peering is established from all these source addresses to the neighbor specified in peer_address. Both IPv4 and IPv6 addresses are supported.	array of string	Minimum items: 0 Maximum items: 8
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

StaticRouteBfdPeerListResult (schema)

Paged Colleciton of StaticRouteBfdPeer

Paged collection of StaticRouteBfdPeer.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	StaticRouteBfdPeer list results StaticRouteBfdPeer list results.	array of StaticRouteBfdPeer	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

StaticRoutes (schema)

Static routes configuration on Tier-0, Tier-1 or VPC

Static routes configuration on Tier-0, Tier-1 or VPC.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled_on_secondary	Flag to plumb route on secondary site When false or by default northbound routes are configured only on the primary location and not on secondary location. When true, the static route will also be configured on a secondary location. Secondary location prefers route learned from the primary location and enabling this flag secondary location can override this. This flag is not applicable if all sites are primary. Not applicable for static routes created under VPC.	boolean	Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
network	Network address in CIDR format Specify network address in CIDR format. In case of VPC, user can optionally use allocated IP from one of the external blocks associated with VPC. Only /32 CIDR is allowed in case IP overlaps with external blocks.	IPElement	Required
next_hops	Next hop routes for network Specify next hop routes for network.	array of RouterNexthop	Required Minimum items: 1
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value StaticRoutes	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

StaticRoutesListRequestParameters (schema)

Static Routes list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

StaticRoutesListResult (schema)

Paged collection of Static Routes

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Static Routes list results	array of StaticRoutes	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

StatisticsRequestParameters (schema)

Statistics Request Parameters

Request parameters that represents an enforcement point path. A request on statistics
can be parameterized with this path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.
- {container_cluster_path}: The request is evaluated only on the given
container cluster.

Name	Description	Type	Notes
container_cluster_path	String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed.	string
enforcement_point_path	String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F.	string

StatsConfiguration (schema)

Stats Configuration

Represents configuration of a statistic for an entity. Example, number of logical switches and their admin states.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
label	Label of the Stats Configuration Displayed at the sections, by default. It labels the entities of sections. If label is not provided, the sections are not labelled.	Label
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
navigation	Navigation to a specified UI page Hyperlink of the specified UI page that provides details.	string	Maximum length: 1024
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value StatsConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
sections	Sections	array of DonutSection	Minimum items: 0
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
stat	Expression for feching statistic of an entity Expression that fetches statistic. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. If stat is not provided, then it will not be displayed.	StatItem
sub_type	Sub-type of the StatsConfiguration A sub-type of StatsConfiguration. If sub-type is not specified the parent type is rendered. The COMPACT sub_type, conserves the space for the widget. The statistic is placed on the right side on top of the status bar and the title of the widget is placed on the left side on the top of the status bar. The COMPACT style aligns itself horizontally as per the width of the container. If multiple widgets are placed insided the container then the widgets are placed one below the other to conserve the space.	string	Enum: COMPACT
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

StatusEnum (schema)

Status of VPC and components under it.

Name	Description	Type	Notes
status	Status of this object	string	Enum: SUCCESS, ERROR, UNINITIALIZED, IN_PROGRESS, UNKNOWN

StatusSummaryRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade units to be filtered	string
selection_status	Flag to indicate whether to return status for only selected, only deselected or both type of upgrade units	string	Enum: SELECTED, DESELECTED, ALL Default: "ALL"
show_history	Get upgrade activity for a given component Get details of the last 16 operations performed during the upgrade of a given component.	boolean

StringArrayConstraintValue (schema)

Array of String Values to perform operation

List of String values

Name	Description	Type	Notes
resource_type	Must be set to the value StringArrayConstraintValue	string	Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue
values	Array of String Array of string values	array of string	Required Minimum items: 1 Maximum items: 100

StubStatus (schema)

Name	Description	Type	Notes
address	IP/FQDN of the node	string
connection_up	Is stub up	boolean	Required

SubPool (schema)

Name	Description	Type	Notes
remaining_credit_number	Remaining credit number of the sub-pool Credits remaining on the sub-pool that can be used to deploy services of corresponding sub-pool type.	int	Readonly
sub_pool_type	Sub-pool Type Type of the sub-pool configured on edge node.	string	Readonly
usage_percentage	Percentage utlization of sub-pool Percentage utlization of sub-pool based on the number of services configured and the hard limits, if any.	number	Readonly

SubjectAltNames (schema)

A collection of subject alternative names

Name	Description	Type	Notes
dns_names	DNS names A list of DNS names in subject alternative names	array of SanEntryDns	Readonly Minimum items: 1 Maximum items: 128
ip_addresses	IP Addresses A list of IP addresses in subject alternative names	array of string	Readonly Minimum items: 1 Maximum items: 64

SubjectPublicKeyHash (schema)

Name	Description	Type	Notes
public_key_sha256_hashes	SHA256 hashes of Public Keys List of SHA256 hashes of the Public Key of the revoked certificates with the specified subject.	array of string
subject	Subject Distinguished Name (DN) Subject Distinguished Name of the revoked certificates.	string

SubnetAdvancedConfig (schema)

VPC Subnet Advanced Configuration

Name	Description	Type	Notes
connectivity_state	Connectivity State Connectivity status of the subnet from other subnets to the VPC.	string	Enum: CONNECTED, DISCONNECTED Default: "CONNECTED"
dhcp_server_addresses	Dhcp Server Addresses An array of dhcp server addresses per address family. Addresses should be in ip/prefix_length format.	array of IPCIDRBlock	Maximum items: 1
extra_configs	Extra configs on subnet This property could be used for vendor specific configuration in key value string pairs.	array of SubnetExtraConfig
gateway_addresses	Gateway Addresses An array of gateway addresses per address family. Addresses should be in ip/prefix_length format.	array of IPCIDRBlock	Maximum items: 1
static_ip_allocation	Static IP allocation for VPC Subnet ports with VIF attachement Static IP allocation configuration for VPC Subnet ports with VIF attachement. Not supported when DUAL ip_address_type is used in parent VPC.	StaticIpAllocation

SubnetConnectionBindingMap (schema)

Vendor specific configuration on Subnet for Kubernetes workloads with Antrea

Subnet with this binding map indicates the connection between this subnet and another subnet in the same VPC
to enable advances in IPAM, Routing, and NAT for Kubernetes workloads with Antrea

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value SubnetConnectionBindingMap	string
subnet_path	Policy path of the subnet Policy path of the subnet connected to the host VM.	string	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vlan_traffic_tag	VLAN id indicates which connected subnet the package should be forwarded VLAN ID is used to identify traffic between the VPC subnet connected to the containers and VPC subnet where the host VM is connected.	VlanID	Required

SubnetDhcpConfig (schema)

Vpc subnet DHCP config

The DHCP configurations for a subnet, with the base configurations inherited from the VPC Service Profile.
Any additional settings will be applied on top of the inherited configurations.

Name	Description	Type	Notes
dhcp_server_additional_config	Additional DHCP server config DHCP configuration of subnet is derived from VPC Service Profile. These additional configuration will take effect along with the derived ones.	DhcpServerAdditionalConfig
mode	DHCP Mode The operational mode of DHCP within the subnet. Options include DHCP server, relay, or deactivated. The default mode will be DHCP_DEACTIVATED. When mode is set to DHCP server or relay, static IP allocation cannot be enabled in the subnet's advanced configuration.	string	Enum: DHCP_SERVER, DHCP_RELAY, DHCP_DEACTIVATED

SubnetExtraConfig (schema)

Vendor specific configuration on vpc subnet

Vpc subnet extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on vpc subnet.

Name	Description	Type	Notes
config_pair	Key value pair in string for the configuration Key value pair in string for the configuration.	UnboundedKeyValuePair	Required

SubnetProfiles (schema)

Subnet Profiles

Profile references will be applied to subnets. If not specified by the user, default profiles will be used.

Name	Description	Type
ip_discovery	IP Discovery Profile Using this profile to configure different options of IP Discovery	string
mac_discovery	Mac Discovery Profile Mac Discovery Profile	string
qos	Segment Qos Profile Segment Qos Profile	string
segment_security	Segment Security Profile Security features are extended by policy operations for securing logical segments.	string
spoof_guard	SpoofGuard Profile SpoofGuard is a tool that is designed to prevent virtual machines in your environment from sending traffic with IP addresses which are not authorized to send traffic from. A SpoofGuard policy profile once enabled blocks the traffic determined to be spoofed.	string

SuccessNodeSupportBundleResult (schema)

Name	Description	Type	Notes
bundle_name	Name of support bundle, e.g. nsx_NODETYPE_UUID_YYYYMMDD_HHMMSS.tgz	string	Required Readonly
bundle_size	Size of support bundle in bytes	integer	Required Readonly
node_display_name	Display name of node	string	Required Readonly
node_id	UUID of node	string	Required Readonly
node_ip	IPv4 address of node	string	Required Readonly
node_ipv6	IPv6 address of node	string	Required Readonly
sha256_thumbprint	File's SHA256 thumbprint	string	Required Readonly

SummaryRequest (schema)

Name	Description	Type	Notes
summary	Flag indicating whether to return the summary	boolean	Default: "False"

SupportBundleConfig (schema)

Supportbundle configuration

Config to enable/disable concurrent tasks execution on support bundle collection.

Name	Description	Type	Notes
enable_concurrent_tasks	Enable concurrent data collection When collecting data for support bundles, allow concurrent data collection. If set to false, data is collected one at a time, for example, APIs are invoked one at a time then system commands are invoked one at a time, etc. By default, the value of this property is true.	boolean	Required Default: "True"

SupportBundleContainerNode (schema)

This is an abstract type. Concrete child types:
AntreaSupportBundleContainerNode

Name	Description	Type	Notes
container_type	Support bundle container type	string	Required Enum: ANTREA

SupportBundleFileTransferAuthenticationScheme (schema)

Name	Description	Type	Notes
password	Password to authenticate with	string	Required
scheme_name	Authentication scheme name	string	Required Enum: PASSWORD
username	User name to authenticate with	string	Required

SupportBundleFileTransferProtocol (schema)

Name	Description	Type	Notes
authentication_scheme	Scheme to authenticate if required	SupportBundleFileTransferAuthenticationScheme	Required
name	Protocol name	string	Required Enum: SCP, SFTP
ssh_fingerprint	SSH fingerprint of server	string	Required

SupportBundleQueryParameter (schema)

Name	Description	Type	Notes
override_async_response	Override any existing support bundle async response Override an existing support bundle async response if it exists. If not set to true and an existing async response is available, the support bundle request results in 409 CONFLICT.	boolean	Default: "False"
require_delete_or_override_async_response	Suppress auto-deletion of generated support bundle If the remote_file_server option has not been specified, save generated support bundle until a subsequent request either deletes or overrides the support bundle generated by the current request using the action=delete_async_response or override_async_response=true query parameters. Setting this property to true allows the NSX API client to re-download a support bundle if for example a previous download attempt fails.	boolean	Default: "False"

SupportBundleQueryParameters (schema)

Name	Description	Type	Notes
all	Include all files Include all files including files that may have sensitive information like core files.	boolean	Default: "False"

SupportBundleRemoteFileServer (schema)

Remote file server

Name	Description	Type	Notes
directory_path	Remote server directory to copy bundle files to	string	Required
manager_upload_only	Uploads to the remote file server performed by the manager	boolean	Default: "False"
port	Server port	integer	Minimum: 1 Maximum: 65535 Default: "22"
protocol	Protocol to use to copy file	SupportBundleFileTransferProtocol	Required
server	Remote server hostname or IP address	string	Required

SupportBundleRequest (schema)

Name	Description	Type	Notes
container_nodes	List of container clusters and their nodes requiring support bundle collection	array of SupportBundleContainerNode (Abstract type: pass one of the following concrete types) AntreaSupportBundleContainerNode	Minimum items: 1
content_filters	Bundle should include content of specified type List of content filters that specify additional content or action when collecting support bundle. Filter `ALL` includes core dumps and audit logs in support bundle Filter `REMOVE_CORE_FILES` can optionally be in list with `ALL`, to remove core dump files after collected in support bundle Filter `EAL4_AUDIT` can optionally be in list to collect pre-defined selective log files. The selected log files are deleted from the support bundle if the files have not been modified in the last 4 hours. By default no core dumps and audit logs are included in support bundle with filter `DEFAULT`. No other content-filters can be added along with `EAL4_AUDIT` content-filter When content-filter `EAL4_AUDIT` is added, the log_age_limit field is disabled. Note, `REMOVE_CORE_FILES` is limited to NSX appliance and ESXi nodes only.	array of ContentFilterValue	Minimum items: 1 Default: "['DEFAULT']"
dynamic_content_filters	List of content filters that decide the additional content that go into the support bundle List of dynamic content filters that specify additional content to include in the support bundle. The list of available filters available depends on your NSX-T deployment and can be determined by invoking the GET /api/v1/adminstration/support-bundles/dynamic-content-filters NSX API. For example, if NSX Intelligence is deployed, filters for collecting specific information about services are available.	array of DynamicContentFilterValue	Default: "['ALL']"
log_age_limit	Include log files with modified times not past the age limit in days	integer	Minimum: 1 Maximum: 365
nodes	List of cluster/fabric node UUIDs processed in specified order	array of string	Minimum items: 1
remote_file_server	Remote file server to copy bundles to, bundle in response body if not specified	SupportBundleRemoteFileServer

SupportBundleResult (schema)

Name	Description	Type	Notes
failed_nodes	Nodes where bundles were not generated or not copied to remote server	array of FailedNodeSupportBundleResult	Required Readonly
remaining_nodes	Nodes where bundle generation is pending or in progress	array of RemainingSupportBundleNode
request_properties	Request properties	SupportBundleRequest	Required Readonly
success_nodes	Nodes whose bundles were successfully copied to remote file server	array of SuccessNodeSupportBundleResult	Required Readonly

SwitchingProfileType (schema) (Deprecated)

Supported switching profiles.

Supported switching profiles.
'PortMirroringSwitchingProfile' is deprecated, please turn to
"Troubleshooting And Monitoring: Portmirroring" and use
PortMirroringSession API for port mirror function.

Name	Description	Type	Notes
SwitchingProfileType	Supported switching profiles. Supported switching profiles. 'PortMirroringSwitchingProfile' is deprecated, please turn to "Troubleshooting And Monitoring: Portmirroring" and use PortMirroringSession API for port mirror function.	string	Deprecated Enum: QosSwitchingProfile, PortMirroringSwitchingProfile, IpDiscoverySwitchingProfile, SpoofGuardSwitchingProfile, SwitchSecuritySwitchingProfile, MacManagementSwitchingProfile, RealTimeEthernetSwitchingProfile

SwitchingProfileTypeIdEntry (schema) (Deprecated)

Name	Description	Type	Notes
key		SwitchingProfileType
value	key value	string	Required

SwitchoverStatus (schema)

Name	Description	Type	Notes
current_step	Progress of each items	ProgressItem
current_step_number	Current number	integer	Required
note	Special messages, most of the time this will be empty, i.e. If SM performing the operation went down, another SM will restart the progress.	string	Required
number_of_steps	Total number of steps	integer	Required
overall_status	Status of the operation	string	Required Enum: NOT_STARTED, RUNNING, ERROR, COMPLETE

SwsecCounters (schema)

Name	Description	Type	Notes
bpdu_filter_drops	Number of packets dropped by BPDU Filtering. When the BPDU Filter is enabled, traffic to the configured BPDU destination MAC addresses	integer	Readonly
dhcp_client_block_ipv4_drops	Number of IPv4 DHCP packets dropped by DHCP Client Block. DHCP Client Block prevents a VM from acquiring DHCP IP address by blocking DHCP requests	integer	Readonly
dhcp_client_block_ipv6_drops	Number of DHCPv6 packets dropped by DHCP Client Block. DHCP Client Block prevents a VM from acquiring DHCP IP address by blocking DHCP requests	integer	Readonly
dhcp_client_validate_ipv4_drops	Number of IPv4 DHCP packets dropped because addresses in the payload were not valid	integer	Readonly
dhcp_server_block_ipv4_drops	Number of IPv4 DHCP packets dropped by DHCP Server Block. DHCP Server Block blocks traffic from a DHCP Server to a DHCP Client	integer	Readonly
dhcp_server_block_ipv6_drops	Number of DHCPv6 packets dropped by DHCP Server Block. DHCP Server Block blocks traffic from a DHCP Server to a DHCP Client	integer	Readonly
nd_parse_errors	Number of IPv 6 Router Advertisement packets dropped by RA Guard.	integer	Readonly
ra_guard_drops	Number of IPv6 Neighbor Discovery (ND) packets which were not correctly parsed	integer	Readonly
rx_arp_pkts	Number of transmitted IPv6 packets	integer	Readonly
rx_garp_pkts	Number of transmitted ARP packets	integer	Readonly
rx_ipv4_pkts	Number of received IPv4 packets	integer	Readonly
rx_ipv6_pkts	Number of received IPv6 packets	integer	Readonly
rx_na_pkts	Number of IPv6 ND (Neighbor Discovery) NA (Neighbor Advertisement) packets	integer	Readonly
rx_non_ip_pkts	Number of transmitted Gratuitous ARP (GARP) packets	integer	Readonly
rx_ns_pkts	Number of IPv6 ND (Neighbor Discovery) NS (Neighbor Solicitation) packets	integer	Readonly
rx_rate_limit_bcast_drops	Number of ingress packets dropped by broadcast Rate Limiting	integer	Readonly
rx_rate_limit_mcast_drops	Number of ingress packets dropped by multicast Rate Limiting	integer	Readonly
rx_unsolicited_na_pkts	Number of IPv6 ND (Neighbor Discovery) NA (Neighbor Advertisement) packets which, were unsolicited	integer	Readonly
spoof_guard_arp_drops	Number of IPv6 packets dropped by Spoof Guard. SpoofGuard protects against IP spoofing by maintaining a reference table of , VM names and IP addresses	integer	Readonly
spoof_guard_ipv4_drops	Number of IPv4 packets dropped by Spoof Guard. SpoofGuard protects against IP spoofing by maintaining a reference table of , VM names and IP addresses	integer	Readonly
spoof_guard_ipv6_drops	Number of IPv6 Neighbor Discovery (ND) packets dropped by Spoof Guard. SpoofGuard protects against ND Spoofing by filtering out ND packets whose addresses, do not match the VM's address	integer	Readonly
spoof_guard_nd_drops	Number of ARP packets dropped by Spoof Guard. Spoof Guard protects against malicious ARP spoofing attacks by keeping track of , MAC and IP addresses	integer	Readonly
spoof_guard_non_ip_drops	Number of Non-IP packets dropped by Spoof Guard	integer	Readonly
tx_arp_pkts	Number of received ARP packets	integer	Readonly
tx_ipv4_pkts	Number of transmitted IPv4 packets	integer	Readonly
tx_ipv6_pkts	Number of received non-IP packets	integer	Readonly
tx_non_ip_pkts	Number of transmitted non-IP packets	integer	Readonly
tx_rate_limit_bcast_drops	Number of egress packets dropped by broadcast Rate Limiting	integer	Readonly
tx_rate_limit_mcast_drops	Number of egress packets dropped by multicast Rate Limiting	integer	Readonly

SyslogFacility (schema)

Syslog facility

Name	Description	Type	Notes
SyslogFacility	Syslog facility	string	Enum: KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, AUTHPRIV, FTP, LOGALERT, CRON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7

SystemHostname (schema)

System host name

Name	Description	Type	Notes
SystemHostname	System host name	string	Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?)*\.?$"

Tag (schema)

Arbitrary key-value pairs that may be attached to an entity

Name	Description	Type	Notes
scope	Tag scope Tag searches may optionally be restricted by scope	string	Maximum length: 128 Default: ""
tag	Tag value Identifier meaningful to user with maximum length of 256 characters	string	Default: ""

TagBulkOperation (schema)

Payload to update the tag on specified objects

Tag and resource information on which tag to be applied or removed.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
apply_to	List of resources on which tag needs to be applied List of resources on which tag needs to be applied.	array of ResourceInfo
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
remove_from	List of resources from which tag needs to be removed List of resources from which tag needs to be removed.	array of ResourceInfo
resource_type	Must be set to the value TagBulkOperation	string
tag	Tag	Tag	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TagBulkOperationStatus (schema)

Status of tag bulk operation

Status of tag bulk operation.

Name	Description	Type	Notes
apply_to	Tag apply operation status per resource type Tag apply operation status per resource type.	array of ResourceTypeTagStatus
path	Intent path corresponding to tag operation	string	Required
remove_from	Tag remove operation status per resource type Tag remove operation status per resource type.	array of ResourceTypeTagStatus
status	Overall status	string	Required Enum: Success, Running, Error, Pending
tag	Tag	Tag	Required

TagInfo (schema)

Information about arbitrary key-value pairs that may be attached to an entity

Name	Description	Type	Notes
scope	Tag scope Tag searches may optionally be restricted by scope	string	Maximum length: 128 Default: ""
tag	Tag value Identifier meaningful to user with maximum length of 256 characters	string	Default: ""
tagged_objects_count	Number of objects with assigned with matching scope and tag values	int	Readonly

TagInfoListRequestParameters (schema)

TagInfo list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
scope	Tag scope	string
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	Source from which tags are synced.	string	Enum: Amazon, Azure, NSX, ANY
tag	Tag value	string

TagInfoListResult (schema)

Paged Collection of Tags

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tag info list results	array of TagInfo	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

TaggedObjectsListRequestParameters (schema)

TagInfo list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F.	string
filter_by	Comma-separated list of field names to filter tagged objects. Comma-separated list of field names used to filter tagged objects. Supported field names are resource_type, display_name and external_id.	string
filter_text	Filter text to restrict tagged objects list with matching filter text.	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
scope	Tag scope	string
sort_ascending		boolean
sort_by	Field by which records are sorted	string
tag	Tag value	string

TaskProperties (schema)

Task properties

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
async_response_available	True if response for asynchronous request is available	boolean	Readonly
cancelable	True if this task can be canceled	boolean	Readonly
description	Description of the task	string	Readonly
end_time	The end time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
id	Identifier for this task	string	Readonly
message	A message describing the disposition of the task	string	Readonly
progress	Task progress if known, from 0 to 100	integer	Readonly Minimum: 0 Maximum: 100
request_method	HTTP request method	string	Readonly
request_uri	URI of the method invocation that spawned this task	string	Readonly
start_time	The start time of the task in epoch milliseconds	EpochMsTimestamp	Readonly
status	Current status of the task	TaskStatus	Readonly
user	Name of the user who created this task	string	Readonly

TaskStatus (schema)

Current status of the task

Name	Description	Type	Notes
TaskStatus	Current status of the task	string	Enum: running, error, success, canceling, canceled, killed

TcpHeader (schema)

Name	Description	Type	Notes
dst_port	Destination port of tcp header	integer	Minimum: 0 Maximum: 65535
src_port	Source port of tcp header	integer	Minimum: 0 Maximum: 65535
tcp_flags	TCP flags (9bits)	integer	Minimum: 0 Maximum: 511

TcpMaximumSegmentSizeClamping (schema)

TCP MSS Clamping

TCP MSS Clamping Direction and Value.

Name	Description	Type	Notes
direction	Maximum Segment Size Clamping Direction Specifies the traffic direction for which to apply MSS Clamping.	string	Enum: NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION, BOTH Default: "NONE"
max_segment_size	Maximum Segment Size Value MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 216 to 8960.	integer	Minimum: 108 Maximum: 8902

TenancyContextQueryParameter (schema)

Tenancy Context of the API request

The following are the valid values for this query parameter –
- ALL_PROJECTS: The response returned would contain entries corresponding to
ALL (i.e. custom and default) projects in the org.

Name	Description	Type	Notes
TenancyContextQueryParameter	Tenancy Context of the API request The following are the valid values for this query parameter – - ALL_PROJECTS: The response returned would contain entries corresponding to ALL (i.e. custom and default) projects in the org.	string	Enum: ALL_PROJECTS

TepGroupConfig (schema)

VTEP Group Configurations

Name	Description	Type	Notes
enable_tep_grouping_on_edge	Enable or disable TEP Grouping on Edge TransportNode. Indicates if the TEP Grouping is enabled on an Edge TransportNode. Set enable_tep_grouping_on_edge to true to enable flow-based load balancing for overlay traffic in a multi TEP Edge deployment. This feature does not support EVPN, Multicast Routing, Federation and IPv6 TEP functionalities. Do not enable this feature if these functionalities are already configured in your environment. If this feature is enabled and is planned to use the above mentioned unsupported functionalities, please disable the feature first.	boolean	Default: "False"

Tier0 (schema)

Tier-0 configuration

Tier-0 configuration for external connectivity.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
advanced_config	Advanced configuration for tier-0 NSX specific configuration for tier-0	Tier0AdvancedConfig
arp_limit	ARP limit per transport node Maximum number of ARP entries per transport node.	int	Minimum: 5000 Maximum: 50000
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildCommunityList ChildLocaleServices ChildPolicyDnsForwarder ChildPrefixList ChildStaticRoutes ChildTier0RouteMap ChildTier0SecurityFeatures
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_config_paths	DHCP configuration for Segments connected to Tier-0 DHCP configuration for Segments connected to Tier-0. DHCP service is configured in relay mode.	array of string	Minimum items: 0 Maximum items: 1
disable_firewall	Disable gateway firewall Disable or enable gateway fiewall.	boolean
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_rd_per_edge	Flag to enable route distinguisher per edge node This field is enable that each edge node has a distinct route distinguisher per edge node.	boolean
failover_mode	Failover mode Determines the behavior when a Tier-0 instance in ACTIVE-STANDBY high-availability mode restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. This property is not used when the ha_mode property is set to ACTIVE_ACTIVE. Only applicable when edge cluster is configured in Tier0 locale-service.	string	Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "NON_PREEMPTIVE"
federation_config	Federation releated config Additional config for federation.	FederationGatewayConfig	Readonly
ha_mode	High-availability Mode for Tier-0 Specify high-availability mode for Tier-0. Default is ACTIVE_ACTIVE. When ha_mode is changed from ACTIVE_ACTIVE to ACTIVE_STANDBY, inter SR iBGP (in BGP) is disabled. Changing ha_mode from ACTIVE_STANDBY to ACTIVE_ACTIVE will enable inter SR iBGP (in BGP) and previously configured preferred edge nodes (in Tier0 locale-service) are removed.	string	Enum: ACTIVE_ACTIVE, ACTIVE_STANDBY Default: "ACTIVE_ACTIVE"
id	Unique identifier of this resource	string	Sortable
internal_transit_subnets	Internal transit subnets in CIDR format Specify subnets that are used to assign addresses to logical links connecting service routers and distributed routers. Only IPv4 addresses are supported. When not specified, subnet 169.254.0.0/24 is assigned by default in ACTIVE_ACTIVE HA mode or 169.254.0.0/28 in ACTIVE_STANDBY mode.	array of string	Maximum items: 1
intersite_config	Inter site routing configuration Inter site routing configuration when the gateway is streched.	IntersiteGatewayConfig
ipv6_profile_paths	IPv6 NDRA and DAD profiles configuration IPv6 NDRA and DAD profiles configuration on Tier0. Either or both NDRA and/or DAD profiles can be configured.	array of string	Minimum items: 0 Maximum items: 2
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
multi_vrf_inter_sr_routing	multi vrf inter sr routing Flag to enable/disable multi_vrf_inter_sr_routing. Warning: This is one time toggle flag and can't be disabled once enabled.	boolean
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
rd_admin_field	Route distinguisher administrator address If you are using EVPN service, then route distinguisher administrator address should be defined if you need auto generation of route distinguisher on your VRF configuration.	IPAddress
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier0	string
stateful_services	Enable/disable stateful services For ACTIVE-ACTIVE, this is used to enable/disable stateful services.	Tier0StatefulServicesConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transit_subnets	Transit subnets in CIDR format Specify transit subnets that are used to assign addresses to logical links connecting tier-0 and tier-1s. Both IPv4 and IPv6 addresses are supported. When not specified, subnet 100.64.0.0/16 is configured by default. When modifying, for stateful active-active Tier-0 number of IPs should be at least attached Tier-1s count * 16 and for other type of Tier-0 number of IPs should be at least attached Tier-1s count * 2. Modification not allowed if there are child tier-0 VRFs and there are any Tier-1s connected to those VRFs. The value in VRF tier-0 is always inherited from the parent.	array of string
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vrf_config	VRF config VRF config, required for VRF Tier0.	Tier0VrfConfig
vrf_transit_subnets	VRF transit subnets in CIDR format Specify subnets that are used to assign addresses to logical links connecting default T0 and child VRFs. When not specified, subnet 169.254.2.0/23 is assigned by default.	array of string	Maximum items: 1
default_rule_logging	Enable logging for whitelisted rule Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field.	boolean	Deprecated Default: "False"
force_whitelisting	Flag to add whitelisting FW rule during realization This field is deprecated and recommended to change Rule action field. Note that this field is not synchronized with default rule field.	boolean	Deprecated Default: "False"

Tier0AdvancedConfig (schema)

Advanced configuration for tier-0

NSX specific configuration for tier-0

Name	Description	Type	Notes
connectivity	Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity.	string	Enum: ON, OFF Default: "ON"
forwarding_up_timer	Forwarding up timer Extra time in seconds the router must wait before sending the UP notification after the peer routing session is established. Default means forward immediately. VRF logical router will set it same as parent logical router.The functionality of this timer is to ensure that a given node when coming up does not claim as active until it has learned the northbound routes. This minimizes any impact on traffic. 5 seconds is a smarter default as it allows to learn a few thousand routes (which should cover a lot of customers). Customers that have larger scale of course today would have to set it to higher value. Exception for the this default setting is single node case, i.e; no redundancy (which is anyway not recommended,not sure if anyone deploys like that). For single node case, it should be set to 0.	integer	Minimum: 0 Maximum: 300 Default: "5"

Tier0DeploymentMap (schema)

Tier-0 Deployment Map

Binding of Tier-0 to the enforcement point.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enforcement_point	Absolute Path of Enforcement Point Path of enforcement point on which Tier-0 shall be deployed.	string	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier0DeploymentMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Tier0DeploymentMapListRequestParameters (schema)

Tier0 Deployment Map List Request Parameters

Tier Deployment Map list request parameters.

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier0DeploymentMapListResult (schema)

Paged Collection of Tier-0 Deployment Map

Paged collection of Tier-0 Deployment Map.

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-0 Deployment Maps Tier-0 Deployment Maps.	array of Tier0DeploymentMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier0GatewayState (schema)

Tier0 gateway state

Name	Description	Type
auto_rds	Auto assigned Route Distingushers Object that holds auto assigned route distingushers for this gateway.	AutoRds
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.	string
evpn_rd_per_edge_mappings	Route Distingusher per edge node Object that holds route distingushers for this gateway.	RdPerEdgeMapping
ipv6_status	IPv6 DAD status for Tier0 interfaces IPv6 DAD status for interfaces configured on Tier0	array of IPv6Status
tier0_state	Tier0 state Detailed realized state information for Tier0	LogicalRouterState
tier0_status	Tier0 status Detailed realized status information for Tier0	LogicalRouterStatus
transport_zone	Transport Zone Information Transport Zone information which got configured on Gateway.	PolicyTransportZone

Tier0HaVipConfig (schema)

Tier0 HA VIP Config

Name	Description	Type	Notes
enabled	Flag to enable this HA VIP config.	boolean	Default: "True"
external_interface_paths	Policy paths to Tier0 external interfaces for providing redundancy Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active.	array of string	Required Minimum items: 2
vip_subnets	VIP floating IP address subnets Array of IP address subnets which will be used as floating IP addresses.	array of InterfaceSubnet	Required Minimum items: 1 Maximum items: 2

Tier0Interface (schema)

Tier-0 interface configuration

Tier-0 interface configuration for external connectivity.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
access_vlan_id	Vlan id Vlan id.	VlanID
admin_state	Flag to enable/disable admin_state of tier-0 service port This flag is used to enable/disable admin state on tier-0 service port. If admin_state flag value is not specified then default is UP. When set to UP then traffic on service port will be enabled and service port is enabled from routing perspective. When set to DOWN then traffic on service port will be disabled and service port is down from routing perspective. This flag is experimental because it will be used in V2T BYOT migration. This flag should not be set to UP or DOWN if EVPN is configured, and tier-0 LR is in A/S mode. Also this flag can not be set to UP or DOWN for service interfaces which are configured on vrf-lite.	string	Enum: UP, DOWN
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_relay_path	policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
edge_path	Policy path to edge node Policy path to edge node to handle external connectivity. Required when interface type is EXTERNAL. Edge path is required for service interface when tier0 is in ACTIVE_ACTIVE ha_mode. Edge path is required for VRF service interface when parent tier0 is in ACTIVE_ACTIVE ha_mode.	string
id	Unique identifier of this resource	string	Sortable
igmp_local_join_groups	IGMP local join groups configuration IGMP local join groups configuration.	array of IPv4Address
ipv6_profile_paths	IPv6 NDRA profile configuration Configuration IPv6 NDRA profile. Only one NDRA profile can be configured.	array of string	Minimum items: 0 Maximum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mtu	MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit.	int	Minimum: 64
multicast	Multicast PIM configuration Multicast PIM configuration.	Tier0InterfacePimConfig
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
ospf	OSPF configuration OSPF configuration.	PolicyInterfaceOspfConfig
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
proxy_arp_filters	List of proxy Address Resolution Protocol Filters Array of prefix lists used to specify filtering for ARP proxy. Prefixes in this array are used to configure ARP proxy entries on Tier-0 gateway (for uplinks).	array of string	Minimum items: 0 Maximum items: 1
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier0Interface	string
segment_path	Segment to attach tier-0 interface Specify Segment to which this interface is connected to. Either segment_path or ls_id property is required.	string
subnets	IP address and subnet specification for interface Specify IP address and network prefix for interface.	array of InterfaceSubnet	Required Minimum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
type	Interface type Interface type	string	Enum: EXTERNAL, SERVICE, LOOPBACK, INTERVRF Default: "EXTERNAL"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
urpf_mode	Unicast Reverse Path Forwarding mode	string	Enum: NONE, STRICT Default: "STRICT"
edge_cluster_member_index	Association of interface with edge cluster member Specify association of interface with edge cluster member. This property is deprecated, use edge_path instead. When both properties are specifed, only edge_path property is used.	int	Deprecated Minimum: 0
ls_id	Logical switch id to attach tier-0 interface Specify logical switch to which tier-0 interface is connected for external access. This property is deprecated, use segment_path instead. Both properties cannot be used together.	string	Deprecated

Tier0InterfaceGroup (schema)

Tier0 Interface group

Tier0 Interface group for interface grouping.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
members	Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location.	array of GatewayInterfaceReference
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier0InterfaceGroup	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Tier0InterfaceGroupListRequestParameters (schema)

Tier-0 Interface group list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier0InterfaceGroupListResult (schema)

Paged collection of Tier-0 Interface groups

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-0 Interface group list results	array of Tier0InterfaceGroup	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier0InterfaceListRequestParameters (schema)

Tier-0 Interface list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier0InterfaceListResult (schema)

Paged collection of Tier-0 Interfaces

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-0 Interface list results	array of Tier0Interface	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier0InterfacePimConfig (schema)

Multicast PIM configuration

Multicast PIM configuration.

Name	Description	Type	Notes
enabled	enable/disable PIM configuration enable/disable PIM configuration.	boolean	Default: "False"
hello_interval	PIM hello interval at interface level PIM hello interval(seconds) at interface level.	int	Minimum: 1 Maximum: 180 Default: "30"
hold_interval	PIM hold interval at interface level PIM hold interval(seconds) at interface level.	int	Minimum: 1 Maximum: 630

Tier0ListRequestParameters (schema)

Tier-0 list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier0ListResult (schema)

Paged collection of Tier-0s

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-0 list results	array of Tier0	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier0NumberOfRoutesRequestParameters (schema)

Tier0 Number Of Routes Request Parameters

Name	Description	Type	Notes
edge_path	Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point.	string	Required
enforcement_point_path	String Path of the enforcement point Enforcement point path.	string
include_child_vrf	Count all the child VRF routes or not.	boolean

Tier0NumberOfRoutesResult (schema)

Tier 0 Number Of Routes Request Result

Name	Description	Type	Notes
number_of_ipv4	Number of IPV4 Routes Number of IPV4 Routes	integer
number_of_ipv6	Number of IPV6 Routes Number of IPV6 Routes	integer

Tier0RouteMap (schema)

RouteMap for redistributing routes to BGP and other routing protocols

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
entries	Ordered list of route map entries Ordered list of route map entries.	array of RouteMapEntry	Required Minimum items: 1 Maximum items: 1000
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier0RouteMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Tier0RouteMapListResult (schema)

Paged collection of RouteMaps

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier0RouteMap results	array of Tier0RouteMap	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier0RouteRedistributionConfig (schema)

Route Redistribution config

Name	Description	Type	Notes
bgp_enabled	Flag to enable route redistribution for BGP.	boolean	Default: "True"
ospf_enabled	Flag to enable route redistribution for OSPF.	boolean	Default: "False"
redistribution_rules	List of redistribution rules.	array of Tier0RouteRedistributionRule	Minimum items: 0 Maximum items: 5 Default: "[]"

Tier0RouteRedistributionRule (schema)

Single route redistribution rule

Name	Description	Type	Notes
destinations	List of destination for a given redistribution rule Each rule can have more than one destinations. If destinations not specified for a given rule, default destionation will be BGP	array of string	Enum: BGP, OSPF
name	Rule name	string
route_map_path	Route map to be associated with the redistribution rule	string
route_redistribution_types	List of redistribution types	array of Tier0RouteRedistributionTypes	Required

Tier0RouteRedistributionTypes (schema)

Tier-0 route redistribution types

Tier-0 route redistribution types.

TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and
routes related to TIER0_SEGMENT,
TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types.
TIER1_STATIC: Redistribute all subnets and static routes advertised
by Tier-1s.
TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets
on Tier-0.
TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets
on Tier-0.
TIER0_SEGMENT: Redistribute subnets configured on Segments connected
to Tier-0.
TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0
TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets.
TIER0_NAT: Redistribute NAT IPs owned by Tier-0.
TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1
instances.
TIER1_CONNECTED: Redistribute all subnets configured on Segments and
Service Interfaces.
TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets.
TIER1_SEGMENT: Redistribute subnets configured on Segments connected
to Tier1.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint
subnets advertised by TIER1.
INTER_VRF_STATIC: Redistribute IPs advertised by TIER0/VRF instances
TGW_STATIC: Redistribute IPs advertised by Transit Gateways

Route redistribution destination is BGP.

Name	Description	Type	Notes
Tier0RouteRedistributionTypes	Tier-0 route redistribution types Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. INTER_VRF_STATIC: Redistribute IPs advertised by TIER0/VRF instances TGW_STATIC: Redistribute IPs advertised by Transit Gateways Route redistribution destination is BGP.	string	Enum: TIER0_STATIC, TIER0_CONNECTED, TIER0_EXTERNAL_INTERFACE, TIER0_SEGMENT, TIER0_ROUTER_LINK, TIER0_SERVICE_INTERFACE, TIER0_LOOPBACK_INTERFACE, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT, TIER0_EVPN_TEP_IP, TIER1_NAT, TIER1_STATIC, TIER1_LB_VIP, TIER1_LB_SNAT, TIER1_DNS_FORWARDER_IP, TIER1_CONNECTED, TIER1_SERVICE_INTERFACE, TIER1_SEGMENT, TIER1_IPSEC_LOCAL_ENDPOINT, INTER_VRF_STATIC, TGW_STATIC

Tier0SecurityFeature (schema)

T0 Security feature entity with feature details

Name	Description	Type	Notes
enable	Flag to activate/deactivate true - activate the feature, false - deactivate the feture	boolean	Required Default: "False"
feature		Tier0SecurityFeaturesSupported	Required

Tier0SecurityFeatureParameters (schema)

T0 Security Feature parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
feature		Tier0SecurityFeaturesSupported
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier0SecurityFeatures (schema)

T0 Security features entity with feature details

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
features		array of Tier0SecurityFeature	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier0SecurityFeatures	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Tier0SecurityFeaturesSupported (schema)

Collection of T0 supported security features

Feature to be activated/deactivated.
IDFW - Identity Firewall
IDPS - Intrusion Detection System
GFW_MULTICAST - Multicast on GFW
GEOIP_MONITORING - Geo IP Monitoring
Use any one of this to enable/disabe it.

Name	Description	Type	Notes
Tier0SecurityFeaturesSupported	Collection of T0 supported security features Feature to be activated/deactivated. IDFW - Identity Firewall IDPS - Intrusion Detection System GFW_MULTICAST - Multicast on GFW GEOIP_MONITORING - Geo IP Monitoring Use any one of this to enable/disabe it.	string	Readonly Enum: IDFW, IDPS, GEOIP_MONITORING

Tier0StateRequestParameters (schema)

State request parameters for Tier0 gateway

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
interface_path	Interface path for interface specific state such as IPv6 DAD state String Path of interface on current Tier0 gateway for interface specified state such as IPv6 DAD state. When not specified, IPv6 NDRA state from from all interfaces is returned.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType
type	Returns specific information based on the value specified. Returns specific information based on the value specified. When not specified response include gateway state, status and DAD status from interfaces.	string	Enum: GATEWAY_STATE, GATEWAY_STATUS, IPV6_STATUS, RD_PER_EDGE_MAPPING

Tier0StatefulServicesConfig (schema)

Tier0 stateful services config

Tier0 stateful services config to define stateful

Name	Description	Type	Notes
enabled	Flag to enable ACTIVE-ACTIVE stateful services This is used to enable or disable ACTIVE-ACTIVE stateful services.	boolean	Default: "False"
redirection_policy	Redirection policy configuration Redirection policy to load balance traffic among nodes IP_HASH: Hash Source IP or destination ip to redirect packet for load sharing and stateful services. NONE: Disable redirection. It requires user to define static traffic group per edge node and expects external router to forward return packet back to the same edge node. SRC_DST_IP_HASH: Hash both source and desitnation ip to redirect packet for load sharing. This mode doesn't support NAT and presumes source and destination IP remains same in either direction.	string	Enum: IP_HASH, NONE, SRC_DST_IP_HASH Default: "IP_HASH"

Tier0VrfConfig (schema)

Tier-0 vrf configuration

Tier-0 vrf configuration.

Name	Description	Type	Notes
evpn_l2_vni_config	VRF configurations required for EVPN service in ROUTE_SERVER mode. It is required for VRF to participate in the EVPN service in ROUTE_SERVER mode.	VrfEvpnL2VniConfig
evpn_transit_vni	L3 VNI associated with the VRF for overlay traffic L3 VNI associated with the VRF for overlay traffic of ethernet virtual private network (EVPN). It must be unique and available from the VNI pool defined for EVPN service. It is required for VRF to participate in the EVPN service in INLINE mode.	int
rd_per_edge_pool	route distinguisher pool for edge nodes route distinguisher pool for edge nodes.	array of string
route_distinguisher	Route distinguisher Route distinguisher with format in IPAddress: or ASN:.	string
route_targets	Route targets Route targets.	array of VrfRouteTargets	Minimum items: 1 Maximum items: 1
tier0_path	Tier0 path Default tier0 path. Cannot be modified after realization.	string	Required

Tier1 (schema)

Tier-1

Tier-1 instance configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
arp_limit	ARP limit per transport node Maximum number of ARP entries per transport node.	int	Minimum: 5000 Maximum: 50000
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildLocaleServices ChildPolicyDnsForwarder ChildSecurityFeatures ChildSegment ChildStaticRoutes
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_config_paths	DHCP configuration for Segments connected to Tier-1 DHCP configuration for Segments connected to Tier-1. DHCP service is enabled in relay mode.	array of string	Minimum items: 0 Maximum items: 1
disable_firewall	Disable gateway firewall Disable or enable gateway fiewall.	boolean
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enable_standby_relocation	Flag to enable standby service router relocation. Flag to enable standby service router relocation. Standby relocation is not enabled until edge cluster is configured for Tier1.	boolean	Default: "False"
failover_mode	Failover mode Determines the behavior when a Tier-1 instance restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. Only applicable when edge cluster is configured in Tier1 locale-service.	string	Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "NON_PREEMPTIVE"
federation_config	Federation releated config Additional config for federation.	FederationGatewayConfig	Readonly
ha_mode	High-availability Mode for Tier-1 Specify high-availability mode for Tier-1.If Tier-1 is service router, HaMode will be set as ACTIVE_STANDBY. If Tier-1 is distributed router, HaMode will be set as null.	string	Enum: ACTIVE_STANDBY, ACTIVE_ACTIVE
id	Unique identifier of this resource	string	Sortable
intersite_config	Inter site routing configuration Inter site routing configuration when the gateway is streched.	IntersiteGatewayConfig
ipv6_profile_paths	IPv6 NDRA and DAD profiles configuration Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured.	array of string	Minimum items: 0 Maximum items: 2
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pool_allocation	Edge node allocation size Supports edge node allocation at different sizes for routing and load balancer service to meet performance and scalability requirements. ROUTING: Allocate edge node to provide routing services. LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE: Specify size of load balancer service that will be configured on TIER1 gateway.	string	Enum: ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE Default: "ROUTING"
qos_profile	Gateway QoS Profile configuration QoS Profile configuration for Tier1 router link connected to Tier0 gateway.	GatewayQosProfileConfig
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier1	string
route_advertisement_rules	Route advertisement rules and filtering	array of RouteAdvertisementRule
route_advertisement_types	Enable different types of route advertisements Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised.	array of Tier1RouteAdvertisentTypes
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tier0_path	Tier-1 connectivity to Tier-0 The reference to the Tier-0 instance using the policy path of the Tier-0 of type Provider. Specify the Tier-1 connectivity to Tier-0 instance. .	string
type	Tier1 type Tier1 connectivity type for reference. Property value is not validated with Tier1 configuration. ROUTED: Tier1 is connected to Tier0 gateway and routing is enabled. ISOLATED: Tier1 is not connected to any Tier0 gateway. NATTED: Tier1 is in ROUTED type with NAT configured locally.	string	Enum: ROUTED, ISOLATED, NATTED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
default_rule_logging	Enable logging for whitelisted rule Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field.	boolean	Deprecated Default: "False"
force_whitelisting	Flag to add whitelisting FW rule during realization This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field.	boolean	Deprecated Default: "False"

Tier1DeploymentMap (schema)

Tier-1 Deployment Map

Binding of Tier-1 to the enforcement point.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enforcement_point	Absolute path of Enforcement Point Path of enforcement point on which Tier-1 shall be deployed.	string	Required
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier1DeploymentMap	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Tier1GatewayState (schema)

Tier1 gateway state

Name	Description	Type
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.	string
ipv6_status	IPv6 DAD status for Tier1 interfaces IPv6 DAD status for interfaces configured on Tier1	array of IPv6Status
tier1_state	Tier1 state Detailed realized state information for Tier1	LogicalRouterState
tier1_status	Tier1 status Detailed realized status information for Tier1	LogicalRouterStatus
transport_zone	Transport Zone Information Transport Zone information which got configured on Gateway.	PolicyTransportZone

Tier1Interface (schema)

Tier-1 interface configuration

Tier-1 interface configuration for attaching services.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
admin_state	Flag to enable/disable admin_state of tier-1 service port This flag is used to enable/disable admin state on tier-1 service port. If admin_state flag value is not specified then default is UP. When set to UP then traffic on service port will be enabled and service port is enabled from routing perspective. When set to DOWN then traffic on service port will be disabled and service port is down from routing perspective. This flag is experimental because it will be used in V2T BYOT migration.	string	Enum: UP, DOWN
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_relay_path	policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ipv6_profile_paths	IPv6 NDRA profile configuration Configrue IPv6 NDRA profile. Only one NDRA profile can be configured.	array of string	Minimum items: 0 Maximum items: 1
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mtu	MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit.	int	Minimum: 64
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier1Interface	string
segment_path	Policy path of Segment to attach interface Policy path of Segment to which interface is connected to.	string	Required
subnets	IP address and subnet specification for interface Specify IP address and network prefix for interface.	array of InterfaceSubnet	Required Minimum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
urpf_mode	Unicast Reverse Path Forwarding mode	string	Enum: NONE, STRICT Default: "STRICT"

Tier1InterfaceGroup (schema)

Tier1 Interface group

Tier1 Interface group for interface grouping.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
members	Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location.	array of GatewayInterfaceReference
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tier1InterfaceGroup	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
type	Interface group type Interface group type. It is readonly. Always type SERVICE.	string	Readonly Enum: SERVICE Default: "SERVICE"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Tier1InterfaceGroupListRequestParameters (schema)

Tier-1 Interface group list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier1InterfaceGroupListResult (schema)

Paged collection of Tier-1 Interface groups

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-1 Interface group list results	array of Tier1InterfaceGroup	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier1InterfaceListResult (schema)

Paged collection of Tier-1 Interfaces

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-1 Interface list results	array of Tier1Interface	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier1ListRequestParameters (schema)

Tier-1 list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

Tier1ListResult (schema)

Paged collection of Tier-1 instances

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Tier-1 list results	array of Tier1	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tier1RouteAdvertisentTypes (schema)

Control routes advertised by Tier-1 instance.
TIER1_STATIC_ROUTES: Advertise all STATIC routes.
TIER1_CONNECTED: Advertise all subnets configured on connected
Interfaces and Segments.
TIER1_NAT: Advertise all NAT IP addresses.
TIER1_LB_VIP: Advertise all Load-balancer VIPs.
TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses.
TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets.

Name	Description	Type	Notes
Tier1RouteAdvertisentTypes	Control routes advertised by Tier-1 instance. TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets.	string	Enum: TIER1_STATIC_ROUTES, TIER1_CONNECTED, TIER1_NAT, TIER1_LB_VIP, TIER1_LB_SNAT, TIER1_DNS_FORWARDER_IP, TIER1_IPSEC_LOCAL_ENDPOINT

Tier1StateRequestParameters (schema)

State request parameters for Tier1 gateway

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
interface_path	Interface path for interface specific state such as IPv6 DAD state String Path of interface on current Tier1 gateway for interface specified state such as IPv6 DAD state. When not specified, IPv6 NDRA state from from all interfaces is returned.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
source	Source of statistics data The data source can be either realtime or cached. If not provided, cached data is returned.	DataSourceType
type	Returns specific information based on the value specified. Returns specific information based on the value specified. When not specified response include gateway state, status and DAD status from interfaces.	string	Enum: GATEWAY_STATE, GATEWAY_STATUS, IPV6_STATUS

TimeRangeDropdownFilterWidgetConfiguration (schema)

Time Range Dropdown Filter widget Configuration

Represents configuration for dropdown filter widget for Time Range.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
alias	Alias to be used when emitting filter value Alias to be used when emitting filter value.	string
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
default_value	Expression to specify default value Expression to specify default value of filter.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
dropdown_filter_plot_config	Dropdown filter plotting configuration Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only.	DropdownFilterPlotConfiguration
dropdown_item	Definition for item of a dropdown Defines the item of a dropdown.	DropdownItem
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
placeholder_msg	Placeholder message to be shown in filter Placeholder message to be displayed in dropdown filter.	string
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value TimeRangeDropdownFilterWidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
static_filter_condition	Expression for evaluating condition If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally.	string
static_filters	Additional static items to be added in dropdown filter Additional static items to be added in dropdown filter. Example can be 'ALL'.	array of StaticFilter
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
time_range_filter_info	Definition for time range filter. Defines the time range filter configuration.	TimeRangeFilterInfo
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

TimeRangeFilterInfo (schema)

time range filter information

Name	Description	Type	Notes
from_param_name	from parameter name for time range filter. from parameter name used for time range filter from date value.	string	Maximum length: 1024 Default: "fromDate"
to_param_name	to parameter name for time range filter to parameter name used for time range filter to date value.	string	Maximum length: 1024 Default: "toDate"
value_type	type of time range filter value type of time range filter value can be epoch, ISO date Format.	string	Enum: EPOCH Default: "EPOCH"

TlsCertificate (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	Category Category of certificate. This certificate is used to connect to services only.	string	Readonly Enum: SERVICE_CERTIFICATE
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
details	list of X509Certificates.	array of X509Certificate	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
has_private_key	whether we have the private key for this certificate.	boolean	Required Readonly Default: "False"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Readonly Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCertificate	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_certificate_type	Classification of the TlsCertificate helps differentiate how a TlsCertificate could be used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED.	string	Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsCertificateList (schema)

Certificate queries result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	TlsCertificate list.	array of TlsCertificate	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

TlsCiphers (schema)

TLS balanced cipher

Name	Description	Type	Notes
TlsCiphers	TLS balanced cipher	string	Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA

TlsConfigSettings (schema)

TLS config settings

Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom

Name	Description	Type	Notes
TlsConfigSettings	TLS config settings Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom	string	Required Enum: BALANCED, HIGH_FIDELITY, HIGH_SECURITY, CUSTOM

TlsCrl (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
details	Details of the X509Crl object Details of the X509Crl object.	X509Crl	Readonly
details_revoked_by_issuer_and_serial_number	Certificates revoked by issuer and serial number	array of IssuerSerialNumber	Readonly
details_revoked_by_subject_and_public_key_hash	Certificates revoked by subject and public key hash	array of SubjectPublicKeyHash	Readonly
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
one_crl	JSON-encoded OneCRL-like object	string
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	Pem encoded crl data Pem encoded crl data.	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCrl	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsCrlListResult (schema)

Paged Collection of TlsCrl

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	TlsCrl list results	array of TlsCrl	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

TlsCsr (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCsr	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsCsrListResult (schema)

Paged Collection of TlsCsr

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	TlsCsr list results	array of TlsCsr	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

TlsCsrWithDaysValid (schema)

CSR data with days valid

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
algorithm	Cryptographic algorithm (asymmetric) used by the public key for data encryption.	string	Enum: RSA, EC Default: "RSA"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
days_valid	Number of days the certificate will be valid, default 825 days	integer	Default: "825"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
extensions	X509 extensions to add X509 v3 extensions to be added to a CSR.	CsrExtensions	Readonly
id	Unique identifier of this resource	string	Sortable
is_ca	Whether the CSR is for a CA certificate.	boolean	Default: "False"
key_size	Size measured in bits of the public key used in a cryptographic algorithm.	integer	Default: "4096"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	PEM encoded certificate data.	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsCsrWithDaysValid	string
subject	The certificate owner's information. (CN, O, OU, C, ST, L)	Principal	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsInspectionExternalProfile (schema)

TLS inspection external profile

External inspection profile is used when the TLS connection is destined to a service not owned by the enterprise.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attention	TLS Pre-defined settings mis-match Used to indicate an TLS version or Cipher version pre-defined settings mis-match.	string	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
client_cipher_suite	List of cipher suites client supports Client's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.	array of TlsCiphers	Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
client_max_tls_version	Maximum TLS version client supports Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_2"
client_min_tls_version	Minimum TLS version client supports Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_1"
crls	Certificate Revocation List Ids Bypass profile - CRL is required if the "invalid_certificate" action is allow. External profile - CRL is always required. Internal profile - CRL is required if "certificate_validation" is turned on.	array of string	Maximum items: 100 Default: "['/infra/crls/default_public_crl']"
crypto_enforcement		CryptoEnforcement	Default: "ENFORCE"
decryption_fail_action		DecryptionFailAction	Default: "BYPASS"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
idle_connection_timeout	Idle connection timeout in seconds Timeout the connection when kept idle. Default is 90 minutes.	int	Minimum: 1 Maximum: 4320000 Default: "5400"
invalid_cert_action		InvalidCertificateAction	Default: "ALLOW"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
ocsp_must_staple	Flag to activate/deactivate ocsp must staple true - activate the ocsp must staple, false - deactivate it.	boolean	Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
proxy_trusted_ca_cert	Proxy trusted ca cert and key Proxy trusted ca cert and key used to issue valid ca certificate. This is the subordinate CA cert (referred to as Proxy CA) by the Enterprise Issuing CA.	string	Required
proxy_untrusted_ca_cert	Proxy untrusted ca cert and key Proxy untrusted ca cert and key used to issue invalid ca certificate	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsInspectionExternalProfile	string	Required Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile
server_cipher_suite	List of cipher suites server support Server's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.	array of TlsCiphers	Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
server_max_tls_version	Maximum TLS version server supports Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_2"
server_min_tls_version	Minimum TLS version server supports Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_1"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_config_setting		TlsConfigSettings	Default: "BALANCED"
trusted_ca_bundles	List of CA bundle Ids Bypass profile - CA bundle is required if the "invalid_certificate" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if "certificate_validation" is turned on.	array of string	Maximum items: 100 Default: "['/infra/cabundles/default_trusted_public_ca_bundle']"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsInspectionInternalProfile (schema)

TLS inspection internal profile

Internal inspection Profile is used when the TLS connection is destined to a service not owned by the enterprise.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attention	TLS Pre-defined settings mis-match Used to indicate an TLS version or Cipher version pre-defined settings mis-match.	string	Readonly
certificate_validation	Flag to activate/deactivate certificate validation true - activate the certificate validation; false - deactivate it.	boolean	Default: "False"
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
client_cipher_suite	List of cipher suites client supports Client's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.	array of TlsCiphers	Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
client_max_tls_version	Maximum TLS version client supports Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_2"
client_min_tls_version	Minimum TLS version client supports Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_1"
crls	Certificate Revocation List Ids Bypass profile - CRL is required if the "invalid_certificate" action is allow. External profile - CRL is always required. Internal profile - CRL is required if "certificate_validation" is turned on.	array of string	Maximum items: 100 Default: "['/infra/crls/default_public_crl']"
crypto_enforcement		CryptoEnforcement	Default: "ENFORCE"
decryption_fail_action		DecryptionFailAction	Default: "BYPASS"
default_cert_key	One of the actual server certificate presented to the client Default server certificate presented to the user.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
idle_connection_timeout	Idle connection timeout in seconds Timeout the connection when kept idle. Default is 90 minutes.	int	Minimum: 1 Maximum: 4320000 Default: "5400"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
ocsp_must_staple	Flag to activate/deactivate ocsp must staple true - activate the ocsp must staple, false - deactivate it.	boolean	Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsInspectionInternalProfile	string	Required Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile
server_certs_key	Actual server certificate key Server certificate presented to the client.	array of string	Required Maximum items: 100
server_cipher_suite	List of cipher suites server support Server's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.	array of TlsCiphers	Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']"
server_max_tls_version	Maximum TLS version server supports Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.0, TLS1.1 and TLS1.2	TlsProtocol	Default: "TLS_V1_2"
server_min_tls_version	Minimum TLS version server supports Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. supported versions are TLS1.1 and TLS1.2.	TlsProtocol	Default: "TLS_V1_1"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_config_setting		TlsConfigSettings	Default: "BALANCED"
trusted_ca_bundles	List of CA bundle Ids Bypass profile - CA bundle is required if the "invalid_certificate" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if "certificate_validation" is turned on.	array of string	Maximum items: 100 Default: "['/infra/cabundles/default_trusted_public_ca_bundle']"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsListenerCertificate (schema)

Remote TLS Listener Certificate

Returns the certificate and thumbprint of a remote TLS listener, if the
listener is running and accepting requests. If the certificate cannot be
retrieved, the result property describes the problem.

Name	Description	Type	Notes
certificate	The certificate of the TLS listener The certificate of the TLS listener.	X509Certificate	Readonly
result	Result of get certificate operation Result of get certificate operation.	string	Enum: SUCCESS, CONNECTION_TIMEOUT, NO_ROUTE_TO_HOST, CONNECTION_REFUSED
thumbprint	The SHA-256 thumbprint of the TLS listener The SHA-256 thumbprint of the TLS listener.	string	Readonly

TlsListenerEndpointAddressRequestParameters (schema)

TLS Listener Endpoint Address Request Parameters

The hostname or IP, and TCP port number of the listener to connect to.

Name	Description	Type	Notes
address	Host name or IP address of TLS listener Host name or IP address of TLS listener.	string	Required Format: hostname-or-ip
port	TCP port number of the TLS listener TCP port number of the TLS listener	int	Required Minimum: 0 Maximum: 65535

TlsPolicy (schema)

Contains ordered list of Rules for TLSPolicy

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
category	A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority.	string
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
comments	SecurityPolicy lock/unlock comments Comments for security policy lock/unlock.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
internal_sequence_number	Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories.	int	Readonly
is_default	Default policy flag A flag to indicate whether policy is a default policy.	boolean	Readonly
lock_modified_by	User who locked the security policy ID of the user who last modified the lock for the secruity policy.	string	Readonly
lock_modified_time	SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds.	EpochMsTimestamp	Readonly
locked	Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsPolicy	string
rule_count	Rule count The count of rules in the policy.	int	Readonly
rules	Rules that are a part of this TLSPolicy	array of TlsRule
scheduler_path	Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration.	string
scope	The list of group paths where the rules in this policy will get applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain.	array of string	Maximum items: 128
sequence_number	Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999.	int	Minimum: 0
stateful	Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless.	boolean
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true.	boolean
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsProfile (schema)

This is an abstract type. Concrete child types:
TlsInspectionExternalProfile
TlsInspectionInternalProfile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
attention	TLS Pre-defined settings mis-match Used to indicate an TLS version or Cipher version pre-defined settings mis-match.	string	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
crls	Certificate Revocation List Ids Bypass profile - CRL is required if the "invalid_certificate" action is allow. External profile - CRL is always required. Internal profile - CRL is required if "certificate_validation" is turned on.	array of string	Maximum items: 100 Default: "['/infra/crls/default_public_crl']"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
idle_connection_timeout	Idle connection timeout in seconds Timeout the connection when kept idle. Default is 90 minutes.	int	Minimum: 1 Maximum: 4320000 Default: "5400"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsProfile	string	Required Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
trusted_ca_bundles	List of CA bundle Ids Bypass profile - CA bundle is required if the "invalid_certificate" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if "certificate_validation" is turned on.	array of string	Maximum items: 100 Default: "['/infra/cabundles/default_trusted_public_ca_bundle']"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsProtocol (schema)

TLS protocol

Name	Description	Type	Notes
TlsProtocol	TLS protocol	string	Enum: TLS_V1_2, TLS_V1_1, TLS_V1_0

TlsRule (schema)

A rule specifies the TLS policy rule between the workload groups

A rule indicates the decryption actions to be performed for various types of traffic flowing between workload groups.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_groups	Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
destinations_excluded	Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups	boolean	Default: "False"
direction	Direction Define direction of traffic.	string	Enum: IN, OUT, IN_OUT Default: "IN_OUT"
disabled	Flag to deactivate the rule Flag to deactivate the rule. Default is activated.	boolean	Default: "False"
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_protocol	IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null.	string	Enum: IPV4, IPV6, IPV4_IPV6
is_default	Default rule flag A flag to indicate whether rule is a default rule.	boolean	Readonly
logged	Enable logging flag Flag to enable packet logging. Default is deactivated.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
notes	Text for additional notes on changes User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of the notes, internally notes will get truncated after 39 characters.	string	Maximum length: 2048
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
profiles	Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed.	array of string	Maximum items: 128
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsRule	string
rule_id	Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on.	integer	Readonly
scope	The list of policy paths where the rule is applied LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs.	array of string	Maximum items: 128
sequence_number	Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number	int	Minimum: 0
service_entries	Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null.	array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry	Maximum items: 128
services	Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
source_groups	Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values.	array of string	Maximum items: 128
sources_excluded	Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups	boolean	Default: "False"
tag	Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tls_profile	TLS inspection action profile path TLS profile path.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TlsServiceEndpoint (schema)

TLS service endpoint

The hostname or IP and port number of a TLS service endpoint.

Name	Description	Type	Notes
host	Hostname or IP of the endpoint The hostname or IP address of the TLS service endpoint.	string	Format: hostname-or-ip
port	TCP port number The TCP port number of the endpoint.	int	Minimum: 0 Maximum: 65535

TlsTrustData (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key_algo	Key algorithm contained in this certificate.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
passphrase	Password for private key encryption.	secure_string
path	Absolute path of this object Absolute path of this object	string	Readonly
pem_encoded	pem encoded certificate data.	string	Required
private_key	private key data	secure_string
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TlsTrustData	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TokenBasedPrincipalIdentity (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_protected	Protection indicator Indicator whether the entities created by this principal should be protected.	boolean
name	Name Name of the principal. This will be matched to the name provided in the token.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._@]?[a-zA-Z0-9]+)*$"
node_id	Unique node-id Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type	Must be set to the value TokenBasedPrincipalIdentity	string
roles_for_paths	Roles for Paths The roles that are associated with this PI, limiting them to a path. In case the path is '/', the roles apply everywhere.	array of RolesForPath
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

TokenBasedPrincipalIdentityListResult (schema)

Token-based PrincipalIdentity query result

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	TokenBasedPrincipalIdentity list.	array of TokenBasedPrincipalIdentity	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

Tooltip (schema)

Tooltip

Tooltip to be shown while hovering over the dashboard UI element.

Name	Description	Type	Notes
condition	Expression for evaluating condition If the condition is met then the tooltip will be applied. If no condition is provided, then the tooltip will be applied unconditionally. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API.	string	Maximum length: 1024
heading	Tooltip will be treated as header. If true, displays tooltip text in bold	boolean
text	Textbox shown at tooltip Text to be shown on tooltip while hovering over UI element. The text would be wrapped if it exceeds 80 chars.	string	Required Maximum length: 1024

Traceflow (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
analysis	Traceflow result analysis notes	array of string	Readonly
counters	observation counters	TraceflowObservationCounters	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	The id of the traceflow round	string	Required Readonly
logical_counters	counters of observations from logical components	TraceflowObservationCounters	Readonly
lport_id	id of the source logical port used for injecting the traceflow packet	string	Readonly
operation_state	Represents the traceflow operation state	string	Required Readonly Enum: IN_PROGRESS, FINISHED, FAILED
request_status	Traceflow request status The status of the traceflow RPC request. SUCCESS - The traceflow request is sent successfully. TIMEOUT - The traceflow request gets timeout. SOURCE_PORT_NOT_FOUND - The source port of the request cannot be found. DATA_PATH_NOT_READY - The datapath component cannot be ready to receive request. CONNECTION_ERROR - There is connection error on datapath component. UNKNOWN - The status of traceflow request cannot be determined.	string	Readonly Enum: SUCCESS, TIMEOUT, SOURCE_PORT_NOT_FOUND, DATA_PATH_NOT_READY, CONNECTION_ERROR, UNKNOWN
resource_type	Must be set to the value Traceflow	string
result_overflowed	A flag, when set true, indicates some observations were deleted from the result set.	boolean	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Timeout (in ms) for traceflow observations result list Maximum time (in ms) the management plane will be waiting for this traceflow round. Upper limit for federation case is 90000, for non-federation case is 15000, the maximum is set to 90000 as the higher of the two cases.	integer	Readonly Minimum: 5000 Maximum: 90000

TraceflowComponentSubType (schema)

This field specifies the traceflow component sub type that reports the observation
LR_TIER0
- Tier-0 Gateway
LR_TIER1
- Tier-1 Gateway
LR_VRF_TIER0
- Tier-0 VRF Gateway
LS_TRANSIT
- Transit Switch
SI_CLASSIFIER
- Service Insertion Classifier
SI_PROXY
- Service Insertion Proxy
VDR
- Virtual Distributed Router
ENI
- Elastic Network Interface
AWS_GATEWAY
- Amazon Gateway
TGW_ROUTE
- Transit Gateway
EDGE_UPLINK
- Edge Uplink
DELL_GATEWAY
- Dell Gateway
LGW_ROUTE
- Local Gateway
LR_KNI
- Kernel NIC Interface
UNKNOWN
- Unknown component sub type

Name	Description	Type	Notes
TraceflowComponentSubType	This field specifies the traceflow component sub type that reports the observation LR_TIER0 - Tier-0 Gateway LR_TIER1 - Tier-1 Gateway LR_VRF_TIER0 - Tier-0 VRF Gateway LS_TRANSIT - Transit Switch SI_CLASSIFIER - Service Insertion Classifier SI_PROXY - Service Insertion Proxy VDR - Virtual Distributed Router ENI - Elastic Network Interface AWS_GATEWAY - Amazon Gateway TGW_ROUTE - Transit Gateway EDGE_UPLINK - Edge Uplink DELL_GATEWAY - Dell Gateway LGW_ROUTE - Local Gateway LR_KNI - Kernel NIC Interface UNKNOWN - Unknown component sub type	string	Readonly Enum: LR_TIER0, LR_TIER1, LR_VRF_TIER0, LS_TRANSIT, SI_CLASSIFIER, SI_PROXY, VDR, ENI, AWS_GATEWAY, TGW_ROUTE, EDGE_UPLINK, DELL_GATEWAY, LGW_ROUTE, LR_KNI, UNKNOWN

TraceflowComponentType (schema)

Name	Description	Type	Notes
TraceflowComponentType		string	Enum: PHYSICAL, LR, LS, DFW, BRIDGE, EDGE_TUNNEL, EDGE_HOSTSWITCH, FW_BRIDGE, EDGE_RTEP_TUNNEL, LOAD_BALANCER, NAT, IPSEC, SERVICE_INSERTION, VMC, SPOOFGUARD, EDGE_FW, DLB, ANTREA_SPOOFGUARD, ANTREA_LB, ANTREA_ROUTING, ANTREA_DFW, ANTREA_FORWARDING, HOST_SWITCH, UNKNOWN, DHCP

TraceflowConfig (schema)

Traceflow configuration

TraceflowConfig mainly records what type of packets the user
wants to inject into which port. This configuration will be
cleaned up by the system after two hours of inactivity if
is_transient is true. Traceflow is not supported for VPC Admin role.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
connected_parent_path_as_source	PolicyPath of the segment or VPC subnet connected to the container. This field should be provided when the source of traceflow is a host VM with containers running on it. The value of this field is the path of the segment or VPC subnet connected to the containers.	string
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_transient	Marker to indicate if intent is transient This field indicates if intent is transient and will be cleaned up by the system if set to true	boolean	Default: "True"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
packet	Packet configuration Configuration of packet data	PacketData (Abstract type: pass one of the following concrete types) BinaryPacketData FieldsPacketData	Required
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TraceflowConfig	string
source_id	Segment Port Path or UUID Policy path or UUID (validated for syntax only) of segment port to start traceflow from. Auto-plumbed ports don't have corresponding policy path. Both overlay backed port and VLAN backed port are supported.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
timeout	Timeout for traceflow observation results Maximum time in seconds the management plane will wait for observation result to be generated. The default, minimum and maximum timeout values, in seconds, for: Single site environment - minimum 5, default 10, maximum 15. Federated enviroment - minimum 15, default 30, maximum 60. These values are validated by the system based on type of environment.	integer	Minimum: 5 Maximum: 60 Default: "10"
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
segment_port_path	Segment Port Path or UUID Policy path or UUID of segment port to start traceflow from. Auto-plumbed ports don't have corresponding policy path. Ports auto-created by policy as part of connecting segment to Tier-0 or Tier-1 or DHCP server cannot be used. UUID is validated for syntax only. This configuration will be cleaned up by the system after two hours of inactivity.	string	Deprecated

TraceflowConfigListResult (schema)

Paged Collection of TraceflowConfigs

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	TraceflowConfig list results	array of TraceflowConfig	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

TraceflowObservation (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
resource_type		TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

TraceflowObservationCounters (schema)

Name	Description	Type	Notes
delivered_count	Delivered observation count Total number of delivered observations for this traceflow round.	integer	Readonly
dropped_count	Dropped observation count Total number of dropped observations for this round.	integer	Readonly
forwarded_count	Forwarded observation count Total number of forwarded observations for this traceflow round.	integer	Readonly
protected_count	Protected observation count Total number of protected observations for this traceflow round, which current user does not have access.	integer	Readonly
received_count	Received observation count Total number of received observations for this traceflow round.	integer	Readonly

TraceflowObservationDelivered (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
lport_id	The id of the logical port into which the traceflow packet was delivered	string	Readonly
lport_name	The name of the logical port into which the traceflow packet was delivered	string	Readonly
resolution_type	The resolution type of the delivered message for ARP This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by IP table. ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table. ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP. ARP_VM - No suppression and the ARP request is resolved by VM. ARP_LRP - No suppression and the ARP request is resolved by logical router.	string	Readonly Enum: UNKNOWN, ARP_SUPPRESSION_PORT_CACHE, ARP_SUPPRESSION_TABLE, ARP_SUPPRESSION_CP_QUERY, ARP_VM, ARP_LRP
resource_type	Must be set to the value TraceflowObservationDelivered	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
target_mac	MAC address of the resolved IP by ARP The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
vlan_id	VLAN on bridged network	VlanID

TraceflowObservationDropped (schema)

Name	Description	Type	Notes
acl_rule_id	The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule.	integer	Readonly
arp_fail_reason	The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction	string	Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
ipsec_fail_reason	The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown	string	Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
jumpto_rule_id	The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule.	integer	Readonly
l2_rule_id	The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule.	integer	Readonly
lport_id	The id of the logical port at which the traceflow packet was dropped	string	Readonly
lport_name	The name of the logical port at which the traceflow packet was dropped	string	Readonly
nat_rule_id	The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule.	integer	Readonly
reason	The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. IP_OUT_OF_SCOPE - Packet is carrying IPs that are out of the network's scope (e.g., a packet with a private IP is trying to enter the external public network). DHCP_FORGED_MAC - The source MAC address of the DHCP packet sent to the DHCP server does not match the corresponding VIF MAC address of the source port. DHCP_IP_UNAVAILABLE - There is no DHCP client IP address available on the DHCP server. DHCP_IP_NOT_ALLOWED - The requested DHCP client IP address of the packet cannot be allocated from DHCP server. DHCP_INVALID_SERVER_IP_MAC - The DHCP packet is not destined to the DHCP server.	string	Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK, IP_OUT_OF_SCOPE, DHCP_FORGED_MAC, DHCP_IP_UNAVAILABLE, DHCP_IP_NOT_ALLOWED, DHCP_INVALID_SERVER_IP_MAC
resource_type	Must be set to the value TraceflowObservationDropped	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

TraceflowObservationDroppedLogical (schema)

Name	Description	Type	Notes
acl_rule_id	The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule.	integer	Readonly
arp_fail_reason	The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction	string	Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY
component_id	The id of the component that dropped the traceflow packet.	string	Readonly
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
ipsec_fail_reason	The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown	string	Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
jumpto_rule_id	The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule.	integer	Readonly
l2_rule_id	The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule.	integer	Readonly
lport_id	The id of the logical port at which the traceflow packet was dropped	string	Readonly
lport_name	The name of the logical port at which the traceflow packet was dropped	string	Readonly
nat_rule_id	The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule.	integer	Readonly
reason	The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. IP_OUT_OF_SCOPE - Packet is carrying IPs that are out of the network's scope (e.g., a packet with a private IP is trying to enter the external public network). DHCP_FORGED_MAC - The source MAC address of the DHCP packet sent to the DHCP server does not match the corresponding VIF MAC address of the source port. DHCP_IP_UNAVAILABLE - There is no DHCP client IP address available on the DHCP server. DHCP_IP_NOT_ALLOWED - The requested DHCP client IP address of the packet cannot be allocated from DHCP server. DHCP_INVALID_SERVER_IP_MAC - The DHCP packet is not destined to the DHCP server.	string	Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK, IP_OUT_OF_SCOPE, DHCP_FORGED_MAC, DHCP_IP_UNAVAILABLE, DHCP_IP_NOT_ALLOWED, DHCP_INVALID_SERVER_IP_MAC
resource_type	Must be set to the value TraceflowObservationDroppedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
service_path_index	The index of service path The index of service path that is a chain of services represents the point where the traceflow packet was dropped.	integer	Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

TraceflowObservationForwarded (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
context	The 64bit tunnel context carried on the wire	integer
dst_transport_node_id	The id of the transport node to which the traceflow packet is forwarded This field will not be always available. Use remote_ip_address when this field is not set.	string	Readonly
dst_transport_node_name	The name of the transport node to which the traceflow packet is forwarded	string	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
local_ip_address	IP address of the source end of the tunnel	IPAddress
remote_ip_address	IP address of the destination end of the tunnel	IPAddress
resource_type	Must be set to the value TraceflowObservationForwarded	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
uplink_name	The name of the uplink the traceflow packet is forwarded on	string
vtep_label	The virtual tunnel endpoint label	integer

TraceflowObservationForwardedLogical (schema)

Name	Description	Type	Notes
acl_rule_id	The id of the L3 firewall rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule.	integer	Readonly
component_id	The id of the component that forwarded the traceflow packet.	string	Readonly
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
dst_component_id	The id of the destination component to which the traceflow packet was forwarded.	string	Readonly
dst_component_name	The name of the destination component to which the traceflow packet was forwarded.	string	Readonly
dst_component_type	The type of the destination component to which the traceflow packet was forwarded.	TraceflowComponentType	Readonly
ipsec_vpn	IPSec VPN on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded through IPSec VPN.	TraceflowObservationIpsecVpn	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
jumpto_rule_id	The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule.	integer	Readonly
l2_rule_id	The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule.	integer	Readonly
lport_id	The id of the logical port through which the traceflow packet was forwarded.	string	Readonly
lport_name	The name of the logical port through which the traceflow packet was forwarded.	string	Readonly
nat_rule_id	The ID of the NAT rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a NAT rule.	integer	Readonly
next_hop	Next hop IP address of matched routing entry This field is specified when the traceflow packet was routed by logical router.	IPAddress	Readonly
original_dst_ip	The original destination IP address of NAT	IPAddress	Readonly
original_src_ip	The original source IP address of NAT	IPAddress	Readonly
resend_type	The type of packet resending ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type	string	Readonly Enum: UNKNOWN, ARP_UNKNOWN_FROM_CP, ND_NS_UNKNWON_FROM_CP
resource_type	Must be set to the value TraceflowObservationForwardedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
route_prefix	Prefix of matched routing entry This field is specified when the traceflow packet was routed by logical router.	IPCIDRBlock	Readonly
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
service_index	The index of the service insertion component	integer	Readonly
service_path_index	The path index of the service insertion component	integer	Readonly
service_ttl	The ttl of the service insertion component	integer	Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
spoofguard_ip	Prefix IP address matched in the whitelist in spoofguard This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard.	IPCIDRBlock	Readonly
spoofguard_mac	MAC address matched in the whitelist in spoofguard The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00.	MACAddress	Readonly
spoofguard_vlan_id	VLAN id matched in the whitelist in spoofguard This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard.	VlanID	Readonly
svc_nh_mac	MAC address of nexthop MAC address of nexthop for service insertion(SI) in service VM(SVM) where the traceflow packet was received.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
translated_dst_ip	The translated destination IP address of VNP/NAT	IPAddress	Readonly
translated_src_ip	The translated source IP address of VPN/NAT	IPAddress	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
vlan	VLAN for the logical network on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded by a VLAN logical network.	VlanID	Readonly
vni	VNI for the logical network on which the traceflow packet was forwarded. This field is specified when the traceflow packet was forwarded by an overlay logical network.	int	Readonly

TraceflowObservationIpsecVpn (schema)

IPSec VPN traceflow observation

IPSec VPN traceflow observation.

Name	Description	Type	Notes
inner_dst_ip	Inner destination IP Inner destination IP Address.	IPAddress	Readonly
inner_src_ip	Inner source IP Inner source IP Address.	IPAddress	Readonly
local_ip	Local VPN endpoint IP Local VPN endpoint IP Address.	IPAddress	Readonly
policy_id	IPSec tunnel interface UUID in case of Policy-based IPSec VPN IPSec tunnel interface universally unique identifier in case of Policy-based IPSec VPN.	string	Readonly
remote_ip	Peer VPN endpoint IP Peer VPN endpoint IP Address.	IPAddress	Readonly
session_id	VPN session UUID IPSec VPN session universally unique identifier.	string	Readonly
spi	Security Parameter Index Security Parameter Index is used to uniquely identify a particular IPSec Security Association.	integer	Readonly Minimum: 1 Maximum: 4294967295
vti_id	Virtual tunnel interface UUID in case of Route-based IPSec VPN Virtual tunnel interface universally unique identifier in case of Route-based IPSec VPN.	string	Readonly

TraceflowObservationListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	TraceflowObservation list results	array of TraceflowObservation (Abstract type: pass one of the following concrete types) PolicyTraceflowObservationDelivered PolicyTraceflowObservationDropped PolicyTraceflowObservationDroppedLogical PolicyTraceflowObservationForwardedLogical PolicyTraceflowObservationReceivedLogical PolicyTraceflowObservationRelayedLogical TraceflowObservationDelivered TraceflowObservationDropped TraceflowObservationDroppedLogical TraceflowObservationForwarded TraceflowObservationForwardedLogical TraceflowObservationProtected TraceflowObservationReceived TraceflowObservationReceivedLogical TraceflowObservationRelayedLogical TraceflowObservationReplicationLogical
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

TraceflowObservationProtected (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
original_type	Type of observation before converted to protected. Holding the type of observation before converted to protected type.	TraceflowObservationType	Required
resource_type	Must be set to the value TraceflowObservationProtected	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

TraceflowObservationReceived (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
local_ip_address	IP address of the destination end of the tunnel	IPAddress
remote_ip_address	IP address of the source end of the tunnel	IPAddress
resource_type	Must be set to the value TraceflowObservationReceived	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
uplink_name	The name of the uplink the traceflow packet is received on	string
vtep_label	The virtual tunnel endpoint label	integer

TraceflowObservationReceivedLogical (schema)

Name	Description	Type	Notes
component_id	The id of the component that received the traceflow packet.	string	Readonly
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
ipsec_vpn	IPSec VPN on which the traceflow packet was received. This field is specified when the traceflow packet was received on IPSec VPN.	TraceflowObservationIpsecVpn	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
lport_id	The id of the logical port at which the traceflow packet was received	string	Readonly
lport_name	The name of the logical port at which the traceflow packet was received	string	Readonly
resource_type	Must be set to the value TraceflowObservationReceivedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
src_component_id	The id of the source component from which the traceflow packet was received.	string	Readonly
src_component_name	The name of source component from which the traceflow packet was received.	string	Readonly
src_component_type	The type of the source component from which the traceflow packet was received.	TraceflowComponentType	Readonly
svc_mac	MAC address of SAN volume controller MAC address of SAN volume controller for service insertion(SI) in service VM(SVM) where the traceflow packet was received.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
vlan	VLAN for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by a VLAN logical network.	VlanID	Readonly
vni	VNI for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by an overlay logical network.	int	Readonly

TraceflowObservationRelayedLogical (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
dst_server_address	The IP address of the destination This field specified the IP address of the destination which the packet will be relayed.	IPAddress	Required Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
logical_comp_uuid	The id of the component which relay service located This field specified the logical component that relay service located.	string	Readonly
message_type	The type of the relay service This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client	string	Required Readonly Enum: REQUEST, REPLY Default: "REQUEST"
relay_server_address	The IP address of relay service This field specified the IP address of the relay service.	IPAddress	Required Readonly
resource_type	Must be set to the value TraceflowObservationRelayedLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly

TraceflowObservationReplicationLogical (schema)

Name	Description	Type	Notes
component_name	The name of the component that issued the observation.	string	Readonly
component_sub_type	The sub type of the component that issued the observation.	TraceflowComponentSubType	Readonly
component_type	The type of the component that issued the observation.	TraceflowComponentType	Readonly
is_ens	Flag to indicate whether the observation is reported from ENS fastpath. This flag is to indicate whether the observation is reported from ENS fastpath or slowpath. This field is only applicable for livetrace observations.	boolean	Readonly
local_ip_address	Local IP address of the component that replicates the packet.	IPAddress	Readonly
replication_type	The replication type of the message This field specifies the type of replication message TX_VTEP - Transmit replication to all VTEPs TX_MTEP - Transmit replication to all MTEPs RX - Receive replication	string	Readonly Enum: TX_VTEP, TX_MTEP, RX
resource_type	Must be set to the value TraceflowObservationReplicationLogical	TraceflowObservationType	Required Default: "TraceflowObservationReceived"
sequence_no	the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation.	integer	Required Readonly
site_path	Policy path of the federated site This field contains the site path where this observation was generated.	string	Readonly
timestamp	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch)	EpochMsTimestamp	Readonly
timestamp_micro	Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch)	integer	Readonly
transport_node_id	id of the transport node that observed a traceflow packet	string	Readonly
transport_node_name	name of the transport node that observed a traceflow packet	string	Readonly
transport_node_type	type of the transport node that observed a traceflow packet	TransportNodeType	Readonly
uplink_name	The name of uplink	string	Readonly
vtep_label	The label of VTEP	integer	Readonly

TraceflowObservationType (schema)

Name	Description	Type	Notes
TraceflowObservationType		string	Enum: TraceflowObservationForwarded, TraceflowObservationDropped, TraceflowObservationDelivered, TraceflowObservationReceived, TraceflowObservationForwardedLogical, TraceflowObservationDroppedLogical, TraceflowObservationReceivedLogical, TraceflowObservationReplicationLogical, TraceflowObservationRelayedLogical, TraceflowObservationProtected

TraceflowRequestParameter (schema)

Traceflow request parameter, used in hierarchical API.

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path of enforcement point on which traceflow session was created.	string	Required
resource_type	Must be set to the value TraceflowRequestParameter	string	Required

TraceflowStatusRequest (schema)

Traceflow request status

Name	Description	Type	Notes
enforcement_point_path	Enforcement point path Policy path of enforcement point on which traceflow session was created.	string

TrafficRateLimits (schema)

Rate limiting configuration

Activates traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to deactivate rate limiting for a specific traffic type

Name	Description	Type	Notes
rx_broadcast	Broadcast receive limit Incoming broadcast traffic limit in packets per second	int	Minimum: 0 Default: "0"
rx_multicast	Multicast receive limit Incoming multicast traffic limit in packets per second	int	Minimum: 0 Default: "0"
tx_broadcast	Broadcast transmit limit Outgoing broadcast traffic limit in packets per second	int	Minimum: 0 Default: "0"
tx_multicast	Multicast transmit limit Outgoing multicast traffic limit in packets per second	int	Minimum: 0 Default: "0"

TransitGateway (schema)

Policy VPC transit gateway

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Default transit gateway indicator default transit gateway indicator. If true, then this is the default Transit Gateway. Users can modify it but cannot delete it.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TransitGateway	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transit_subnets	IPv4 transit subnets Array of IPV4 CIDRs for internal VPC attachment networks.	array of IPv4CIDRBlock	Minimum items: 0 Maximum items: 5
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TransitGatewayAttachment (schema)

Transit Gateway Attachment

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
connection_path	Connection path. Policy path of connectivity profile.	string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TransitGatewayAttachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TransitGatewayAttachmentStatistics (schema)

Transit gateway attachment port counters

Name	Description	Type	Notes
rx	Receiving traffic stats.	ServiceGatewayCounter	Readonly
tx	Sending traffic stats.	ServiceGatewayCounter	Readonly

TransitGatewayNat (schema)

Represents a NAT section for a given VPC transit gateway

Represents a NAT section for a given VPC transit gateway. This object is created by default when the corresponding VPC transit gateway is created. Under a transit gateway there will be 4 different NATs (sections) -- (INTERNAL, USER, DEFAULT and NAT64).

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
nat_type	NAT section under tier-0/tier-1 Represents a NAT section under tier-0/tier-1.	string	Enum: INTERNAL, USER, DEFAULT, NAT64
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TransitGatewayNat	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TransitGatewayNatRule (schema)

Represents a NAT rule between source and destination for a given VPC transit gateway

Represents a NAT rule between source and destination at for a given VPC transit gateway.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
action	Represents action of NAT Rule SNAT, DNAT, REFLEXIVE Source NAT(SNAT) - translates a source IP address into an outbound packet so that the packet appears to originate from a different network. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. Reflexive NAT(REFLEXIVE) - one-to-one mapping of source and destination IP addresses. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported.	string	Required Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
destination_network	Represents the destination network This supports single IP address and it does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. In case of DNAT NATRule, destination network address should be IPv4 address allocated from External Block associated with VPC.	IPElementList
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Policy NAT Rule enabled flag The flag, which suggests whether the NAT rule is enabled or disabled. The default is True.	boolean	Default: "True"
firewall_match	Represents the firewall match flag It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned	string	Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS Default: "MATCH_INTERNAL_ADDRESS"
id	Unique identifier of this resource	string	Sortable
logging	Policy NAT Rule logging flag The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False.	boolean	Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value TransitGatewayNatRule	string
sequence_number	Sequence number of the Nat Rule The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023	int	Default: "0"
service_entry	Service Entry	NatServiceEntry
source_network	Represents the source network address This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network.	IPElementList
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
translated_network	Represents the translated network address This supports single IP address or comma separated list of single IP addresses or CIDR. If user specify the CIDR, this value is actually used as an IP pool that includes both the subnet and broadcast addresses as valid for NAT translations. This does not support IP range or IP sets. For SNAT, DNAT and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. In case of SNAT and Refelexive NATRule, translated network address should be single IPv4 address allocated from External Block associated with VPC.	IPElementList
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TransitGatewayPortExternalCounters (schema)

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated.	EpochMsTimestamp	Readonly Sortable
rx		ServiceGatewayCounter	Readonly
tx		ServiceGatewayCounterCommon	Readonly

TransitGatewayPortInternalCounters (schema)

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated.	EpochMsTimestamp	Readonly Sortable
rx		ServiceGatewayCounterCommon	Readonly
tx		ServiceGatewayCounterCommon	Readonly

TransitGatewayState (schema)

Transit gateway state

Name	Description	Type	Notes
last_update_timestamp	Timestamp when the data was last updated; unset if data source has never updated the data.	EpochMsTimestamp	Readonly
logical_gateway_id	The TGW logical gateway Id The Id of the TGW logical gateway.	string	Readonly
per_node_status	TGW state node status TGW per node status.	array of TransitGatewayStateNodeStatus	Readonly

TransitGatewayStateNodeStatus (schema)

Transit gateway state node status

Name	Description	Type	Notes
edge_path	Policy path of edge node Policy path of edge node where the node status is retrieved. Edge should be member of enforcement point.	string	Readonly
high_availability_status	Node high availability status A service router's HA status on an edge node.	string	Readonly Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN, ADMIN_DOWN
is_default_sub_cluster	Is edge transport node in default sub cluster True if the edge transport node is a member of default sub cluster.	boolean	Readonly Default: "False"
service_gateway_id	Service gateway Id The Id of the service gateway where the status is retrieved.	string	Readonly

TransitGatewayStateRequestParameters (schema)

Name	Description	Type	Notes
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType

TransitGatewayStatistics (schema)

Transit gateway port counters

Name	Description	Type	Notes
external_traffic	External traffic stats. Traffic stats outside the transit gateway.	TransitGatewayPortExternalCounters	Readonly Sortable
internal_traffic	Internal traffic stats. Traffic stats within the transit gateway.	TransitGatewayPortInternalCounters	Readonly Sortable

TransportInfo (schema)

Name	Description	Type	Notes
dst_port	Destination port	integer	Minimum: 0 Maximum: 65535
protocol	Protocol type over IP layer	string	Enum: TCP, UDP, ICMPv4, ICMPv6, ESP
spi	Security Parameter Index Security Parameter Index is to uniquely identify a particular IPSec Security Association	integer	Minimum: 1 Maximum: 4294967295
src_port	Source port	integer	Minimum: 0 Maximum: 65535

TransportNodeIdParameters (schema)

Name	Description	Type	Notes
source	The data source, either realtime or cached. If not provided, cached data is returned.	DataSourceType
transport_node_id	TransportNode Id	string

TransportNodeSpanEnforcedStatus (schema)

Enforced Realized Status across Transport Nodes

Detailed Realized Status of an Intent on a span of Transport Nodes.

Name	Description	Type	Notes
enforced_status_per_transport_node	List of Enforced Realized Status per Transport Node List of Detailed Realized Status per Transport Node.	array of EnforcedStatusPerTransportNode	Readonly
resource_type	Must be set to the value TransportNodeSpanEnforcedStatus	string	Required Readonly Enum: TransportNodeSpanEnforcedStatus

TransportNodeType (schema)

Name	Description	Type	Notes
TransportNodeType		string	Enum: ESX, RHELKVM, UBUNTUKVM, CENTOSKVM, RHELCONTAINER, CENTOSCONTAINER, RHELSERVER, UBUNTUSERVER, CENTOSSERVER, SLESKVM, SLESSERVER, WINDOWSSERVER, RHELSMARTNIC, OELSERVER, UBUNTUSMARTNIC, EDGE, PUBLIC_CLOUD_GATEWAY_NODE, OTHERS, HYPERV

TransportProtocolHeader (schema)

Name	Description	Type
dhcp_header	DHCP header	DhcpHeader
dhcpv6_header	DHCP v6 header	Dhcpv6Header
dns_header	DNS header	DnsHeader
icmp_echo_request_header	ICMP echo request header	IcmpEchoRequestHeader
ndp_header	Neighbor discovery protocol header	NdpHeader
tcp_header	TCP header	TcpHeader
udp_header	UDP header	UdpHeader

TriggerUcUpgradeParameters (schema)

Name	Description	Type	Notes
product_version	Target upgrade coordinator version. Target upgrade coordinator version.	string	Pattern: "^[a-zA-Z0-9-.]+$"

TrustManagementData (schema)

Name	Description	Type	Notes
approved_ec_curves	List of approved EC curves.	array of CryptoEntity	Readonly
supported_algorithms	List of supported algorithms.	array of CryptoAlgorithm	Readonly
supported_signature_algorithms	List of supported signature algorithms.	array of CryptoEntity	Readonly

TrustObjectData (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
key_algo	Key algorithm contained in this certificate.	string
passphrase	Password for private key encryption.	secure_string
pem_encoded	PEM encoded certificate data.	string	Required
private_key	Private key data.	secure_string
purpose	Purpose of this certificate. Can be empty or set to "signing-ca".	string	Enum: signing-ca
resource_type	Must be set to the value TrustObjectData	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

Tunnel (schema)

Tunnel

polymorphic resource type and support resource types - GreTunnel

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Enable/Disable Tunnel	boolean	Default: "True"
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
mtu	Maximum transmission unit Maximum transmission unit(MTU) in bytes specifies the size of the largest packet that a tunnel can transmit.	int	Minimum: 64 Default: "1476"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Tunnel	string	Required Enum: GreTunnel
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tunnel_address	Tunnel Address object parameter Specify list of IP address per every edge node for tunnel interface. Supports both IPv4 and IPv6 address.	array of TunnelAddress	Required Minimum items: 1 Maximum items: 8
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

TunnelAddress (schema)

Tunnel Address request parameters

Name	Description	Type	Notes
edge_path	Policy edge node path policy path of edge node where tunnel will be realized with the subnet specified.	string	Required
source_address	IPv4 source address Specify IPv4 source addresses as the tunnel local end point addresses.	IPv4Address	Required
tunnel_interface_subnet	Interface Subnet object parameter IP addresses in CIDR format for both IP4 and IPv6 assigned to tunnel interface on a given edge node	array of InterfaceSubnet	Required Minimum items: 1 Maximum items: 2

TunnelInterfaceIPSubnet (schema)

Name	Description	Type	Notes
ip_addresses	IPv4 or IPv6 Addresses	array of IPAddress	Required Minimum items: 1 Maximum items: 1
prefix_length	Subnet Prefix Length maximum prefixlen for IPv4 address - 31, IPv6 address - 127.	integer	Required Minimum: 1 Maximum: 127

TunnelKeepAlive (schema)

Tunnel Keep Alive

Name	Description	Type	Notes
dead_time_multiplier	Dead time multiplier	int	Minimum: 3 Maximum: 5 Default: "3"
enable_keepalive_ack	Enable tunnel keep alive acknowledge	boolean	Default: "True"
enabled	Enable/Disable tunnel keep alive	boolean	Default: "False"
keepalive_interval	Keep alive interval	int	Minimum: 2 Maximum: 120 Default: "10"

TunnelSubnet (schema) (Deprecated)

Name	Description	Type	Notes
ip_addresses	Subnet ip addresses	array of IPv4Address	Required Minimum items: 1 Maximum items: 1
prefix_length	Subnet Prefix Length	integer	Required Minimum: 1 Maximum: 31

UcBundleMetadata (schema)

Uc Bundle Metadata for last uploaded bundle.

Provides the information about previous uploaded bundle.

Name	Description	Type	Notes
upgrade_bundle_file_name	Uc bundle file name	string	Readonly
upgrade_bundle_type	upgrade bundle type	string	Readonly Enum: MUB, PUB
upgrade_bundle_upload_type	upgrade bundle upload type	string	Readonly Enum: LOCAL_BUNDLE, DOWNLOAD_URL, DOWNLOAD_SITE
upgrade_bundle_url	Uc bundle url	string	Readonly
upgrade_bundle_version	upgrade bundle version	string	Readonly
upload_start_time	Uc bundle start time epoch	string	Readonly

UcFunctionalState (schema)

Uc Functional State

Upgrade coordinator Uc functional State.

Name	Description	Type	Notes
error_message	error message error message that explains why UC is on standby mode.	string	Readonly
state	State of UC UI function state of the upgrade coordinator	string	Required Readonly Enum: RUNNING, STANDBY

UcStateProperties (schema)

Upgrade Coordinator state properties

Name	Description	Type	Notes
update_uc_state_properties	Flag for updating upgrade-coodinator state properties to database	boolean	Default: "True"

UcUpgradeMetadata (schema)

UC Upgrade status

Provides the information about previous Uc upgrade operation.

Name	Description	Type	Notes
uc_upgrade_time	Uc upgrade time epoch	string	Readonly
upgrade_bundle_name	upgrade bundle name	string	Readonly
upgrade_bundle_type	upgrade bundle type	string	Readonly
upgrade_bundle_version	upgrade bundle version	string	Readonly

UcUpgradeStatus (schema)

UC Upgrade status

Upgrade status of upgrade-coordinator

Name	Description	Type	Notes
errors	List of failure messages List of failure messages.	array of string	Readonly
progress_messages	Progress messages List of progress messages.	array of string	Readonly
progress_percentage	Upgrade Coordinator Upgrade Progress Percentage	int	Readonly
state	State of UC upgrade Current state of UC upgrade	string	Readonly Enum: NOT_STARTED, IN_PROGRESS, SUCCESS, FAILED
status	Status of UC upgrade Status of UC upgrade.	string	Readonly

UdpHeader (schema)

Name	Description	Type	Notes
dst_port	Destination port of udp header	integer	Minimum: 0 Maximum: 65535 Default: "0"
src_port	Source port of udp header	integer	Minimum: 0 Maximum: 65535 Default: "0"

UnaryOperation (schema)

Unary Operation

Unary Operation.

Name	Description	Type	Notes
operand	Operand Represents an argument of the operation pointing to a specific field value.	ResourceFieldPointer	Required
operator	Operator Logical Operator describing the operation to apply to the operand.	string	Required Enum: APPEND, SUBTRACT

UnaryOperationBasedInjectionValue (schema)

Operation based Injection Value

Operation based Injection Value.

Name	Description	Type	Notes
initial_value	Intitial value Resource field pointer representing the initial value for the injection value. If an operation is supplied, the value is handed to the operation function to produce a final result.	ResourceFieldPointer	Required
operation	Operation Function Represents an optional operation to be done on the initial value.	UnaryOperation
resource_type	Must be set to the value UnaryOperationBasedInjectionValue	string	Required Enum: UnaryOperationBasedInjectionValue

UnboundedKeyValuePair (schema)

A key-value pair with no limitations on size

Name	Description	Type	Notes
key	Key	string	Required
value	Value	string	Required

UnsupportedFeature (schema)

Unsupported features

List of unsupported features for configuration onboarding on global manager.

Name	Description	Type	Notes
UnsupportedFeature	Unsupported features List of unsupported features for configuration onboarding on global manager.	string	Enum: LB

UpdateIdsSiteVersionMappingQueryParameters (schema)

Query parameters to be provided with the PatchIdsSiteVersionMapping and
CreateOrUpdateIdsSiteVersionMapping API.

Name	Description	Type	Notes
force	Force update Trigger an update for the IdsSiteVersionMapping even if there is no change in the IdsSiteVersionMapping. This is needed to recover from error conditions wherein the bundle download fails on the LM.	boolean	Default: "False"

UpdateOidcEndPointThumbprintRequest (schema)

Request to update the thumbprint of an OpenId Connect end-point

Request to update the thumbprint of an OpenID Connect end-point with a new thumbprint.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
oidc_uri	OpenID Connect end-point URI URI where to download the meta-data of the OIDC end-point.	string	Required Maximum length: 255
resource_type	Must be set to the value UpdateOidcEndPointThumbprintRequest	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
thumbprint	Thumbprint Thumbprint of the OIDC URI to make an SSL connection.	string

UpdatePrincipalIdentityCertificateRequest (schema)

Request to update the certificate of a principal identity

Request to update the certificate of a principal identity with a new
certificate.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
certificate_id	Id of the stored certificate Id of the stored certificate.	string	Required Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
principal_identity_id	Principal Identity ID Unique ID of the principal.	string	Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$"
resource_type	Must be set to the value UpdatePrincipalIdentityCertificateRequest	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

UpgradeBanner (schema)

Name	Description	Type	Notes
message	Banner message Banner message to be show on upgrade UI.	string	Readonly
severity	Banner severity Severity to determine the background colour for the banner.	string	Readonly

UpgradeBanners (schema)

Name	Description	Type	Notes
banners	List of upgrade banners List of upgrade banners to be shown in UI.	array of UpgradeBanner	Readonly

UpgradeBundle (schema)

Name	Description	Type	Notes
file	Upgrade bundle file	multipart_file	Required
install	Hint to install bundle after upload	boolean

UpgradeBundleFetchRequest (schema)

Fetch request for fetching upgrade bundle

URL and other fetch requests of upgrade bundle

Name	Description	Type	Notes
bundle_type	Bundle type i.e. pre-upgrade bundle or main upgrade bundle. Bundle type i.e. pre-upgrade bundle or main upgrade bundle.	string	Enum: PRE-UPGRADE, UPGRADE
password	Password for VMware Download Site. Password for Username provided in this request for VMware Download site.	secure_string
url	URL of upgrade bundle URL for uploading upgrade bundle	string
username	Username for VMware Download Site. Username representing user on VMware Download site.	string
version	version to be downloaded Version available on the VMware Download site, targeted for upgrade.	string

UpgradeBundleId (schema)

Bundle id of upgrade bundle

Identifier of the upgrade bundle

Name	Description	Type	Notes
bundle_id	Bundle Id of upgrade bundle uploaded Identifier of bundle upload	string	Readonly

UpgradeBundleInfo (schema)

Information about upgrade bundle

Information about the upgrade bundle

Name	Description	Type	Notes
bundle_size	size of upgrade bundle	string	Readonly
url	URL of the upgrade bundle URL for uploading upgrade bundle	string	Readonly

UpgradeBundleStatus (schema)

Name	Description	Type	Notes
error_messages	List of failure messages List of failure messages.	array of string	Readonly
operation	Current operation Current running operation	string	Readonly Enum: UPLOAD, INSTALL
percentage	Progress percentage of the Upgrade Bundle Operations Progress percentage of the Upgrade Bundle Operations	int	Readonly
progress_messages	Progress messages List of progress messages.	array of string	Readonly
status	State of Upgrade Bundle State of Upgrade Bundle	string	Readonly Enum: NOT_STARTED, IN_PROGRESS, SUCCESS, FAILED
step	current step in the process. Current state of UC upgrade	string	Readonly Enum: START_UPLOAD_BUNDLE, UPLOAD_BUNDLE, EXTRACT_OUTER_BUNDLE, VERIFY, CHECK_COMPATIBILITY, MOVE_BUNDLE, CLEAN, UPLOAD_CANCELLED, UPLOAD_COMPLETE, START_UC_UPGRADE, EXTRACT, LOAD_METADATA, RESTART, REPO_SYNC, UPGRADE_OTHER_NODES, UPGRADE_COMPLETE, UNKNOWN
upgradeBundleType	Type of upgrade bundle Type of upgrade bundle uploaded. \n MUB type represents upgrade bundle,\n PUB type represents pre-check bundle, \n UNKNOWN type represents the default type, \n COMPATIBILITY_MATRIX type represents the compatibility bundle.	string	Readonly Enum: MUB, PUB, COMPATIBILITY_MATRIX, UNKNOWN

UpgradeBundleStatusQueryParameters (schema)

Name	Description	Type	Notes
operation	Target operation Target operation	string	Readonly Enum: UPLOAD, INSTALL

UpgradeBundleUploadParameters (schema)

Parameters for uploading upgrade bundle

Upload request Parameters of upgrade bundle

Name	Description	Type	Notes
install	Hint to install the bundle after upload. URL for uploading upgrade bundle	boolean

UpgradeBundleUploadStatus (schema)

Upload status of upgrade bundle

Upload status of upgrade bundle uploaded from url

Name	Description	Type	Notes
detailed_status	Detailed status of bundle upload Detailed status of upgrade bundle upload	string	Readonly
percent	Percent of upload completed Percent of bundle uploaded from URL	number	Readonly
status	Status of upgrade bundle upload Current status of upgrade bundle upload	string	Readonly Enum: UPLOADING, VERIFYING, SUCCESS, FAILED
upgradeBundleType	Type of upgrade bundle Type of upgrade bundle uploaded. \n MUB type represents upgrade bundle,\n PUB type represents pre-check bundle, \n UNKNOWN type represents the default type, \n COMPATIBILITY_MATRIX type represents the compatibility bundle.	string	Readonly Enum: MUB, PUB, COMPATIBILITY_MATRIX, UNKNOWN
url	URL from which the bundle was uploaded URL for uploading upgrade bundle	string	Readonly

UpgradeCheck (schema)

Pre/post-upgrade check

Check to identify potential pre/post-upgrade issues

Name	Description	Type	Notes
component_type	Component type	string	Required
display_name	Name of the pre/post-upgrade check	string
failures	List of failures	array of UpgradeCheckFailureMessage	Readonly
status	Status of pre/post-upgrade check	string	Required Readonly Enum: SUCCESS, FAILURE, WARNING
failure_messages	List of failure messages List of failure messages. This field is deprecated now. Please use failures instead.	array of string	Deprecated Readonly

UpgradeCheckCsvListResult (schema)

Name	Description	Type	Notes
file_name	File name File name set by HTTP server if API returns CSV result as a file.	string
results		array of UpgradeCheckCsvRecord

UpgradeCheckCsvRecord (schema)

CSV record for an upgrade-check

CSV record for a pre/post-upgrade check

Name	Description	Type	Notes
check_description	Description of the upgrade check Description of the pre/post-upgrade check	string
check_name	Name of the upgrade check Display name of the pre/post-upgrade check	string	Required
failure_messages	Failure messages Space-separated list of failure messages	string	Readonly
status	Status of the upgrade check Status of the pre/post-upgrade check	string	Required Readonly Enum: SUCCESS, FAILURE, WARNING
upgrade_unit_id	UUID of the upgrade unit Identifier of the upgrade unit	string	Required Readonly
upgrade_unit_metadata	Meta-data of the upgrade-unit Meta-data of the upgrade-unit	string	Readonly
upgrade_unit_type	Component type Component type of the upgrade unit	string	Required

UpgradeCheckFailure (schema)

Upgrade check failure

Pre/post-upgrade check failure

Name	Description	Type	Notes
acked	Flag which tells if the precheck is acknowledged Flag which tells if the precheck is acknowledged	boolean	Readonly
component_type	Component type Component type of the origin of failure	string	Required Readonly
group_name	Name of upgrade group Name of the upgrade group of the origin of failure. Only applicable when origin_type is UPGRADE_UNIT.	string
id	precheck id of the check Precheckid of the pre upgrade check	string	Readonly
message	Upgrade check failure message Pre/post-upgrade check failure message	UpgradeCheckFailureMessage	Required Readonly
needs_ack	Flag which identifies if acknowledgement is required for the precheck Flag which identifies if acknowledgement is required for the precheck	boolean	Readonly
needs_resolve	Flag which identifies if resolution is required for the precheck Flag which identifies if resolution is required for the precheck	boolean	Readonly
origin_id	Unique id of origin of failure Unique id of origin of pre/post-upgrade check failure	string	Required Readonly
origin_name	Name of origin of failure Name of origin of pre/post-upgrade check failure	string	Required Readonly
origin_type	Type of origin of failure Type of origin of pre/post-upgrade check failure	string	Required Readonly Enum: COMPONENT, UPGRADE_UNIT
resolution_error	Error occured while resolving Error occured while resolving precheck	string	Readonly
resolution_status	Type of Resolution status Type of resolution status of precheck	string	Readonly Enum: UNRESOLVED, RESOLVING, RESOLVED, FAILURE
type	Type of failure Type of the pre/post-upgrade check failure	string	Required Readonly Enum: FAILURE, WARNING

UpgradeCheckFailureListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type Component type on which upgrade check failures are to be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
filter_text	Filter text Text to filter the results on. The filter text is matched with origin name and failure message. String matching for the filter is case-insensitive.	string
group_id	Filter on the group id Group id for filter to be applied.	string
group_name	Filter on the group name Group name for filter to be applied.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
needs_ack	Filter based on acknowledgement required Filter based on if acknowledgement is required.	boolean
origin_type	Type of origin of failure Type of origin of pre/post-upgrade check failure	string	Enum: COMPONENT, UPGRADE_UNIT
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
type	Status of the upgrade check Status of the pre/post-upgrade check to filter the results on	string	Enum: FAILURE, WARNING
unit_id	Filter on the unit id Unit id for filter to be applied.	string
unit_name	Filter on the unit name Unit name for filter to be applied.	string

UpgradeCheckFailureListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Collection of pre/post-upgrade check failures	array of UpgradeCheckFailure	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeCheckFailureMessage (schema)

Upgrade check failure message

Pre/post-upgrade check failure message

Name	Description	Type	Notes
error_code	Error code Error code for the error/warning	integer	Required Readonly
message	Error/warning message Error/warning message	string	Required Readonly

UpgradeCheckInfo (schema)

Meta-data of a pre/post-upgrade check

Name	Description	Type	Notes
component_type	Component type Component type of the pre/post-upgrade check	string	Required
description	Description Description of the pre/post-upgrade check	string	Readonly
id	Unique identifier of the upgrade check Unique identifier of the pre/post-upgrade check	string	Readonly
name	Name of the upgrade check Display name of the pre/post-upgrade check	string	Required Readonly

UpgradeCheckInfoListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade checks are to be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

UpgradeCheckListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
checks	Paged Collection of pre/post-upgrade checks	array of UpgradeCheck	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeCheckListResults (schema)

Name	Type	Notes
checks_with_warnings	UpgradeCheckListResult	Readonly
failed_checks	UpgradeCheckListResult	Readonly
successful_checks	UpgradeCheckListResult	Readonly

UpgradeCheckSuccess (schema)

Upgrade check success

Pre/post-upgrade check success

Name	Description	Type	Notes
acked	Flag which tells if the precheck is acknowledged Flag which tells if the precheck is acknowledged	boolean	Readonly
component_type	Component type Component type of the origin of success	string	Required Readonly
group_name	Name of upgrade group Name of the upgrade group of the origin of success. Only applicable when origin_type is UPGRADE_UNIT.	string
id	Precheck id of the check Precheck id of the upgrade check	string	Readonly
message	Upgrade check failure message Pre/post-upgrade check failure message	UpgradeCheckSuccessMessage	Required Readonly
needs_ack	Flag which identifies if acknowledgement is required for the precheck Flag which identifies if acknowledgement is required for the precheck	boolean	Readonly
needs_resolve	Flag which identifies if resolution is required for the precheck Flag which identifies if resolution is required for the precheck	boolean	Readonly
origin_id	Unique id of origin of sucess Unique id of origin of pre/post-upgrade check success	string	Required Readonly
origin_name	Name of origin of success Name of origin of pre/post-upgrade check success	string	Required Readonly
origin_type	Type of origin of success Type of origin of pre/post-upgrade check success	string	Required Readonly Enum: COMPONENT, UPGRADE_UNIT
resolution_error	Error occured while resolving Error occured while resolving precheck	string	Readonly
resolution_status	Type of Resolution status Type of resolution status of precheck	string	Readonly Enum: UNRESOLVED, RESOLVING, RESOLVED, FAILURE
type	Type of success Type of the pre/post-upgrade check success	string	Required Readonly Enum: SUCCESS

UpgradeCheckSuccessListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type Component type on which upgrade check successes are to be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
filter_text	Filter text Text to filter the results on. The filter text is matched with origin name and success message. String matching for the filter is case-insensitive.	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
origin_type	Type of origin of success Type of origin of pre/post-upgrade check success	string	Enum: COMPONENT, UPGRADE_UNIT
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
type	Status of the upgrade check Status of the pre/post-upgrade check to filter the results on	string	Enum: SUCCESS

UpgradeCheckSuccessListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Collection of pre/post-upgrade check success	array of UpgradeCheckSuccess	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeCheckSuccessMessage (schema)

Upgrade check success message

Pre/post-upgrade check success message

Name	Description	Type	Notes
message	success message success message	string	Required Readonly

UpgradeChecksExecutionStatus (schema)

Execution status of pre/post-upgrade checks

Name	Description	Type	Notes
details	Details about current execution of pre/post-upgrade checks	string	Readonly
end_time	Time (in milliseconds since epoch) when the execution of pre/post-upgrade checks completed	EpochMsTimestamp
error_count	Failure count Total count of generated Failures in last execution of pre/post upgrade checks	int	Readonly
failure_count	Failure count Total count of generated failures or warnings in last execution of pre/post-upgrade checks	int	Readonly
start_time	Time (in milliseconds since epoch) when the execution of pre/post-upgrade checks started	EpochMsTimestamp
status	Status of execution of pre/post-upgrade checks	string	Required Readonly Enum: NOT_STARTED, IN_PROGRESS, ABORTING, ABORTED, COMPLETED
warning_count	Warning count Total count of generated warnings in last execution of pre/post upgrade checks.	int	Readonly
node_with_issues_count	Number of nodes with failures/warnings Number of nodes which generated failures or warnings in last execution of pre/post-upgrade checks. This field has been deprecated. Please use failure_count instead.	int	Deprecated Readonly

UpgradeComponentType (schema)

Name	Description	Type	Notes
component_type	Type of the component	string	Readonly

UpgradeHistory (schema)

Name	Description	Type	Notes
initial_version	Initial Version Version before the upgrade started	string	Required
target_version	Target Version Version being upgraded to	string	Required
timestamp	Timestamp (in milliseconds since epoch) when the upgrade was performed	EpochMsTimestamp	Required
upgrade_status	Status of the upgrade	string	Required Enum: STARTED, SUCCESS, FAILED

UpgradeHistoryList (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Upgrade history list	array of UpgradeHistory	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradePlanResetRequest (schema)

Name	Description	Type	Notes
component_type	Component type	string	Required

UpgradePlanSettings (schema)

Name	Description	Type	Notes
parallel	Upgrade Method to specify whether the upgrade is to be performed serially or in parallel	boolean	Default: "True"
pause_after_each_group	Flag to indicate whether to pause the upgrade after upgrade of each group is completed	boolean	Default: "False"
pause_on_error	Flag to indicate whether to pause the upgrade plan execution when an error occurs	boolean	Default: "False"

UpgradeProgressStatus (schema)

Upgrade progress status

Name	Description	Type
last_upgrade_step_status	Status of last upgrade step	object
upgrade_bundle_present	True if upgrade bundle is present	boolean
upgrade_metadata	Meta info of upgrade	object

UpgradeResourceFilter (schema)

Name	Description	Type	Notes
field_name	Resource type Resource type. It is mandatory field.	string	Required Enum: id, name, enabled, mode, status, ip, host-os, host-os-version, version, vlcm-sah
values	array of exact value / wildcard patterns to be searched Values to be searched. For searching exact string use simple string e.g. Cluster-1 , for wildcard , use Cluster1*. This values are Or'ed while filtering i.e. if resource matches any of the value in array (case-insensitive) then it will be returned.	array of string	Required

UpgradeResourceFilters (schema)

Name	Description	Type	Notes
filters	filter query filter query	array of UpgradeResourceFilter	Required
resource_type	Resource type Resource type. It is mandatory field. The valid values are ""	string	Required Enum: UPGRADE_GROUP, UPGRADE_UNIT

UpgradeResourcesFilterListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type The component_type the resource belongs to. This is mandatory parameter.	string	Required
query	Upgrade Resource filters Upgrade Resource filters	array of UpgradeResourceFilters	Readonly
sync	Hint to whether perform sync before operation or not If the flag is true , sync operation will be performed before executing the request. If flag is false ,sync is skipped. Please note, sync operation is sometimes expensive and will increase the response time. Any error occurred during sync is ignored.	boolean	Default: "False"

UpgradeStatus (schema)

Name	Description	Type	Notes
ccp_status	CCP upgrade status	CCPUpgradeStatus	Readonly
component_status	List of component statuses	array of ComponentUpgradeStatus	Required Readonly
edge_status	Edge upgrade status	EdgeUpgradeStatus	Readonly
host_status	Host upgrade status	HostUpgradeStatus	Readonly
overall_upgrade_status	Status of upgrade	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

UpgradeStatusSummary (schema)

Upgrade status summry

Name	Description	Type
upgrade_bundle_present	True if upgrade bundle is present	boolean
upgrade_metadata	Meta info of upgrade	object
upgrade_steps	List of all upgrade steps performed	array of object

UpgradeSummary (schema)

Name	Description	Type	Notes
component_target_versions		array of ComponentTargetVersion	Readonly
pre_upgrade_bundle_version	Current version of pre-upgrade bundle	string	Required Readonly
system_version	Current system version	string	Required Readonly
target_version	Target system version	string	Required Readonly
upgrade_bundle_file_name	Name of the last successfully uploaded upgrade bundle file	string	Readonly
upgrade_coordinator_updated	Has upgrade coordinator been updated after upload of upgrade bundle file	boolean	Readonly
upgrade_coordinator_version	Current version of upgrade coordinator	string	Required Readonly
upgrade_status	Status of upgrade	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

UpgradeTaskActionParameters (schema)

Name	Description	Type	Notes
action	Upgrade task The upgrade task to perform.	string	Pattern: "^[^/]+$"

UpgradeTaskProperties (schema)

Task properties

Name	Description	Type	Notes
bundle_name	Name of Bundle	string	Required
parameters	Bundle arguments	object	Readonly
step	Step name	string

UpgradeTaskStatusQueryParameters (schema)

Name	Description	Type	Notes
bundle_name	Bundle Name Provide a bundle name	string	Pattern: "^[a-zA-Z0-9-.]+$"
upgrade_task_id	Upgrade Task ID Provide a task id	string	Pattern: "^[a-z0-9-]+$"

UpgradeUIPreferences (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
preferences	Hints for UI in key-value format. Hints for the upgrade UI.	array of KeyValuePair	Readonly
product	Product name The preferences specified in 'preferences' sections is only applicable for the product name specified here. This hints are only for UI and are product specific. The keys are contract between UI and backend.	string	Readonly
resource_type	Must be set to the value UpgradeUIPreferences	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

UpgradeUnit (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
current_version	Current version of upgrade unit This is component version e.g. if upgrade unit is of type edge, then this is edge version.	string	Readonly
display_name	Name of the upgrade unit	string
group	Info of the group to which this upgrade unit belongs	UpgradeUnitGroupInfo	Readonly
id	UUID of the upgrade unit Identifier of the upgrade unit	string	Required Readonly
metadata	Metadata about upgrade unit	array of KeyValuePair	Readonly
type	Upgrade unit type	string
warnings	List of warnings indicating issues with the upgrade unit that may result in upgrade failure	array of string	Readonly

UpgradeUnitAggregateInfo (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
current_version	Current version of upgrade unit This is component version e.g. if upgrade unit is of type edge, then this is edge version.	string	Readonly
display_name	Name of the upgrade unit	string
error_details	List of detailed errors with error code that occurred during upgrade of this upgrade unit	array of ErrorClass	Readonly
errors	List of errors occurred during upgrade of this upgrade unit	array of string	Readonly
group	Info of the group to which this upgrade unit belongs	UpgradeUnitGroupInfo	Readonly
id	Identifier of the upgrade unit Identifier of the upgrade unit	string	Required Readonly
metadata	Metadata about upgrade unit	array of KeyValuePair	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
post_check_status	Status of upgrade unit	string	Readonly Enum: NOT_STARTED, IN_PROGRESS, COMPLETED
post_upgrade_checks		UpgradeCheckListResults	Readonly
pre_upgrade_checks		UpgradeCheckListResults	Readonly
status	Status of upgrade unit	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
type	Upgrade unit type	string
warnings	List of warnings indicating issues with the upgrade unit that may result in upgrade failure	array of string	Readonly

UpgradeUnitAggregateInfoListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade units to be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
group_id	Identifier of group based on which upgrade units to be filtered	string
has_errors	Flag to indicate whether to return only upgrade units with errors	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
metadata	Metadata about upgrade unit to filter on	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
selection_status	Flag to indicate whether to return only selected, only deselected or both type of upgrade units	string	Enum: SELECTED, DESELECTED, ALL Default: "ALL"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
upgrade_unit_display_name	Display name of upgrade unit Display name of upgrade unit to filter the results on. String matching for the filter is case-insensitive.	string

UpgradeUnitAggregateInfoListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of UpgradeUnit AggregateInfo	array of UpgradeUnitAggregateInfo	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitFilterListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade units to be filtered	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
group_id	Identifier of group based on which upgrade units to be filtered	string
group_name	Group name to be filtered	string
hypervisor	Hypervisor to be filtered for the upgrade unit	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
status	Status of the upgrade unit to filtered	string
unit_ip	IP of the upgrade unit to be filtered	string
unit_name	Unit name to be filtered for the group	string

UpgradeUnitGroup (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Flag to indicate whether upgrade of this group is enabled or not	boolean	Default: "True"
extended_configuration	Extended configuration for the group Extended configuration for the group. Following extended_configuration is supported: Key: upgrade_mode Supported values: maintenance_mode, in_place, stage_in_vlcm Key: maintenance_mode_config_vsan_mode Supported values: evacuate_all_data, ensure_object_accessibility, no_action Key: maintenance_mode_config_evacuate_powered_off_vms Supported values: true, false Key: rebootless_upgrade Supported values: true, false	array of KeyValuePair	Maximum items: 100
id	Unique identifier of this resource	string	Sortable
parallel	Upgrade method to specify whether the upgrade is to be performed in parallel or serially	boolean	Default: "True"
pause_after_each_upgrade_unit	Flag to indicate whether upgrade should be paused after upgrade of each upgrade-unit	boolean	Default: "False"
resource_type	Must be set to the value UpgradeUnitGroup	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
type	Component type	string	Required
upgrade_unit_count	Count of upgrade units in the group Number of upgrade units in the group	int	Readonly
upgrade_units	List of upgrade units in the group	array of UpgradeUnit	Maximum items: 512

UpgradeUnitGroupAggregateInfo (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
enabled	Flag to indicate whether upgrade of this group is enabled or not	boolean	Default: "True"
extended_configuration	Extended configuration for the group	array of KeyValuePair	Maximum items: 100
failed_count	Number of nodes in the upgrade unit group that failed upgrade	int	Readonly
group_level_failure	Reports failures that occured at the group or cluster level.	array of string	Readonly
id	Unique identifier of this resource	string	Sortable
parallel	Upgrade method to specify whether the upgrade is to be performed in parallel or serially	boolean	Default: "True"
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
post_upgrade_status	Post-upgrade status of group	UpgradeChecksExecutionStatus	Readonly
resource_type	Must be set to the value UpgradeUnitGroupAggregateInfo	string
status	Upgrade status of upgrade unit group	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
type	Component type	string	Required
upgrade_unit_count	Count of upgrade units in the group Number of upgrade units in the group	int	Readonly
upgrade_units	List of upgrade units in the group	array of UpgradeUnit	Maximum items: 512
warnings	List of warnings indicating issues with the upgrade units in this group that may result in upgrade failure	array of string	Readonly

UpgradeUnitGroupAggregateInfoListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of upgrade status for upgrade unit groups	array of UpgradeUnitGroupAggregateInfo	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitGroupFilterListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade unit groups to be filtered	string	Required
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enabled	Status of the group to apply filter	string
group_id	Identifier of group based on which upgrade unit groups to be filtered	string
group_name	Group name to be filtered	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
status	Status of the group to apply filter	string
unit_ip	IP of upgrade units to be filtered	string
unit_name	Unit name to be filtered for the group	string

UpgradeUnitGroupInfo (schema)

Name	Description	Type	Notes
display_name	Name of the group	string	Required Readonly
id	UUID of group Identifier of group	string	Required Readonly

UpgradeUnitGroupListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade unit groups to be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
summary	Flag indicating whether to return summary	boolean	Default: "False"
sync	Synchronize before returning upgrade unit groups If true, synchronize with the management plane before returning upgrade unit groups	boolean	Default: "False"

UpgradeUnitGroupListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of Upgrade unit groups	array of UpgradeUnitGroup	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitGroupStatus (schema)

Name	Description	Type	Notes
failed_count	Number of nodes in the upgrade unit group that failed upgrade	int	Readonly
group_id	UUID of upgrade unit group Identifier for upgrade unit group	string	Required Readonly
group_name	Upgrade unit group Name Name of the upgrade unit group	string	Required Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
status	Upgrade status of upgrade unit group	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED
upgrade_unit_count	Number of upgrade units in the group	int	Required Readonly

UpgradeUnitGroupStatusListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged collection of upgrade status for upgrade unit groups	array of UpgradeUnitGroupStatus	Required Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitList (schema)

Name	Description	Type	Notes
list	Collection of Upgrade units	array of UpgradeUnit	Required

UpgradeUnitListRequestParameters (schema)

Name	Description	Type	Notes
component_type	Component type based on which upgrade units to be filtered	string
current_version	Current version of upgrade unit based on which upgrade units to be filtered	string
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
group_id	UUID of group based on which upgrade units to be filtered	string
has_warnings	Flag to indicate whether to return only upgrade units with warnings	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
metadata	Metadata about upgrade unit to filter on	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
sync	Flag to indicate whether to perform sync before operation or not	boolean	Default: "False"
upgrade_unit_type	Upgrade unit type based on which upgrade units to be filtered	string

UpgradeUnitListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of Upgrade units	array of UpgradeUnit	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitStatus (schema)

Name	Description	Type	Notes
display_name	Name of upgrade unit	string	Required Readonly
error_details	List of detailed errors with error code that occurred during upgrade of this upgrade unit	array of ErrorClass	Readonly
errors	List of errors occurred during upgrade of this upgrade unit	array of string	Readonly
id	UUID of upgrade unit Identifier of upgrade unit	string	Required Readonly
metadata	Metadata about upgrade unit	array of KeyValuePair	Readonly
percent_complete	Indicator of upgrade progress in percentage	number	Required Readonly
status	Status of upgrade unit	string	Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED

UpgradeUnitStatusListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	Paged Collection of upgrade units status	array of UpgradeUnitStatus	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitTypeStats (schema)

Name	Description	Type	Notes
node_count	Number of nodes	int	Required Readonly
node_with_issues_count	Number of nodes with issues that may cause upgrade failure	int	Readonly
type	Type of upgrade unit	string	Required Readonly
upgrade_unit_subtype	UpgradeUnit sub type	string	Readonly Enum: RESOURCE, ACTION
version	Version of the upgrade unit	string	Required Readonly

UpgradeUnitTypeStatsList (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List of upgrade unit type stats	array of UpgradeUnitTypeStats	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

UpgradeUnitsStatsRequestParameters (schema)

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
sync	Synchronize before returning upgrade unit stats If true, synchronize with the management plane before returning upgrade unit stats	boolean	Default: "False"

UploadFileRequestParameters (schema)

Import file request parameters

This holds the requests parameters required to multipart-upload a file.

Name	Description	Type	Notes
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
file	File to be uploaded	multipart_file	Required

UploadTlsCrlRequestParameters (schema)

Upload TlsCrl request parameters

Holds the requests parameters required to multipart-upload a TlsCrl objecta

Name	Description	Type	Notes
crl_type	Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default).	string	Enum: OneCRL, X509 Default: "X509"
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
file	File to be uploaded	multipart_file	Required

UrlAlias (schema)

Url Alias

Short name or alias of a url. It is used to represent the url.

Name	Description	Type	Notes
alias	Url Alias Name Short name or alias of url, if any. If not specified, the url can be referenced by its index in the array of urls of the datasource instance as $ (for example, $0).	string	Maximum length: 255
keystore_info	Key Store Info for the URLAlias Key Store information for the URLAlias.Use this property if key store information is different for each url alias.	KeyStoreInfo
query	Search query of the search api, if any Search query to be applied, if any. If query string is not provided, it will be ignored.	string	Maximum length: 1024
request_body	A raw request body in the form json format for a given url. This request body will be submitted along with request while giving a post api call.	object
request_headers	A raw request header in the form json format for a given url. This request header will be submitted along with request while giving a api call.	object
request_method	Type of http method Type of the http method (Get, Post) to be used while invoking the given url through dashboard datasource framework.	string	Enum: Get, Post Default: "Get"
url	Url Url to fetch data from.	string	Required Maximum length: 1024

UserInfo (schema)

Authenticated User Info

Name	Description	Type	Notes
roles	Permissions	array of NsxRole	Required Readonly
roles_for_paths	Roles for Paths The roles that are associated with the user, limiting them to a path. In case the path is null, the roles apply everywhere i.e. it is same as the deprecated property roles.	array of RolesForPath
user_name	User Name	string	Required Readonly

UserRequestParameters (schema)

Request parameters for user APIs.

Request parameters for user APIs like the /aaa/user-info/* APIs

Name	Description	Type	Notes
provide_flat_listing	Whether the output provides flat listing of all roles at each level or not	boolean	Default: "False"
root_path	Prefix path of the context	string

UsernamePasswordLoginCredential (schema) (Deprecated)

A login credential specifying a username and password

Name	Description	Type	Notes
credential_type	Must be set to the value UsernamePasswordLoginCredential	string	Required
password	The authentication password for login	secure_string
thumbprint	Thumbprint of the login server	string
username	The username for login	string

VIFGroupAssociationRequestParams (schema)

List request parameters containing virtual network interface external ID and enforcement point path

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
vif_external_id	Virtual network interface external ID	string	Required

VMDeploymentProgressState (schema)

Deployment progress of node VM

Deployment progress state of node VM. This Object contains name of current deployment step and overall progress percentage.

Name	Description	Type	Notes
current_step_title	Name of the current step Name of the current running step of deployment	string	Readonly
progress	Progress percentage Overall progress percentage of deployment completed	integer	Readonly

VMGroupAssociationRequestParams (schema)

List request parameters containing virtual machine external ID and enforcement point path

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
enforcement_point_path	String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string
vm_external_id	Virtual machine external ID	string	Required

VMTagReplicationPolicy (schema)

A policy to replicate tags from once site to other

A policy to replicate tags from once site to other sites.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
groups	Paths of groups Paths of groups (VM tag-based, VM name-based, etc.) that translates into VMs to be replicated from protected site to recovery sites. If no group is specified, none of the VM tag will be replicated from protected site to recovery sites.	array of string
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
protected_site	A path of protected site A path of protected site, from where tags of selected VMs will be replicated to recovery sites.	string	Required
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
recovery_sites	Paths of recovery sites Paths of recovery sites, where tags of selected VMs will be replicated to, from protected site.	array of string	Required Minimum items: 1 Maximum items: 1
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
replication_type	Replication type used in DR failover Specifies type of replication used in DR (Disaster Recovery) failover.	string	Enum: VSPHERE_REPLICATION, STORAGE_ARRAY_REPLICATION, OTHER Default: "OTHER"
resource_type	Must be set to the value VMTagReplicationPolicy	string
tag_delay_delete_time	Specifies delay time to be used for tags of virtual machine This specifies delay in minutes which is used for deletion of tags of virtual machines on recovery site. If a VM is deleted on protected site and has not appeared on recovery site (e.g. this can happen primarily when array based storage replication is used with SRM and DR failover is run while protected site is reachable), the tags will be retained for this much amount of time on recovery site. VM appears within this much time on recovery site, then tags will get applied on recovery site. If replication type is VSPHERE_REPLICATION or OTHER, then its default value is 0 minutes. If replication type is STORAGE_ARRAY_REPLICATION, then its default value is 30 minutes. If this value is not specified, then default value according to replication type will be applicable. The time for virtual machines to appear on recovery site after those are deleted from primary site in case of storage replication depends on count of virtual machines configured to failover, storage array performance and ESXi host.	integer	Minimum: 0 Maximum: 4320
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vm_match_criteria	Matching criteria used for associating VMs Matching criteria used for associating VMs from protected site to VMs on recovery sites. - MATCH_NSX_ATTACHMENT_ID : Associate VMs from the protected site and recovery sites based on NSX attachment ID. - MATCH_BIOS_UUID_NAME : Associate VMs from the protected site and recovery sites based on (VM BIOS UUID + VM Name).	string	Enum: MATCH_NSX_ATTACHMENT_ID, MATCH_BIOS_UUID_NAME Default: "MATCH_NSX_ATTACHMENT_ID"

VMTagReplicationPolicyListRequestParameters (schema)

VM tag replication policy list request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
include_mark_for_delete_objects	Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included.	boolean	Default: "False"
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
sort_ascending		boolean
sort_by	Field by which records are sorted	string

VMTagReplicationPolicyListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of the VM tag replication policies in the results array	integer	Readonly
results	Collection of VM tag replication policies	array of VMTagReplicationPolicy	Readonly
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

ValidateCertificateParameters (schema)

Name	Description	Type	Notes
usage	Certificate Usage Type Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER	CertificateUsageType

ValueConstraintExpression (schema)

Represents the leaf level value constraint.

Represents the leaf level value constraint to constrain specified attribute
value to the set of values to be allowed/not-allowed.
Example - sourceGroups allowed to have only with list of groups.
{
"operator":"INCLUDES",
"values":["/infra/services/HTTP", "/infra/services/HTTPS"]
}

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
operator	Operation to check for value list for resource attribute of constraint.	string	Required Enum: INCLUDES, EXCLUDES, EQUALS
resource_type	Must be set to the value ValueConstraintExpression	string	Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
values_with_type	Array of values to perform operation. List of values.	ConstraintValue (Abstract type: pass one of the following concrete types) CidrArrayConstraintValue IntegerArrayConstraintValue StringArrayConstraintValue
values	Array of values to perform operation. List of values.	array of string	Deprecated

Vdl2Counters (schema)

Name	Description	Type	Notes
arp_proxy_req_fail_drops	Count of ARPs failed to send on uplinks for CCP unaware bindings	integer	Readonly
arp_proxy_req_suppress	Count of ARPs suppression attempted at Leaf Input IOChain	integer	Readonly
arp_proxy_resp	Count of successful IP-MAC binding message from CCP for ARP suppression	integer	Readonly
arp_proxy_resp_drops	Count of ARP response failed for each ARP suppressed packets	integer	Readonly
arp_proxy_resp_filtered	Count of ARP responses skipped for each successful IP-MAC response from CCP	integer	Readonly
arp_proxy_resp_unknown	Count of unknown IP-MAC binding message from CCP for ARP suppression	integer	Readonly
leaf_rx	Count of packets received at VDL2LeafInput IOChain of a switchport	integer	Readonly
leaf_rx_drops	Total drops at VDL2LeafInput IOChain of a switchport	integer	Readonly
leaf_rx_ref_port_not_found_drops	VDL2LeafInput drops as trunk port is not in logical switch	integer	Readonly
leaf_rx_system_err_drops	VDL2LeafInput drops on an LS due to system errors	integer	Readonly
leaf_tx	Count of packets processed at VDL2LeafOutput IOChain of a switchport	integer	Readonly
leaf_tx_drops	Total drops at VDL2LeafOutput IOChain of a switchport	integer	Readonly
mac_tbl_lookup_flood	Count of unicast packets flooded onto remote VTEPs due to MAC table full	integer	Readonly
mac_tbl_lookup_full	Number of VM MAC query to CCP failure due to MAC table full	integer	Readonly
mac_tbl_update_full	Number of packet's SMAC learning failed at uplink due to MAC table full	integer	Readonly
mcast_proxy_rx_drops	Count of BUM replicated packets dropped at MTEP TN at uplink input IOChain	integer	Readonly
mcast_proxy_tx_drops	Count of BUM packets dropped at uplink output IOChain	integer	Readonly
nd_proxy_req_fail_drops	Count of ND packets failed to send on uplinks for CCP unaware bindings	integer	Readonly
nd_proxy_req_suppress	Count of NDs suppression attempted at Leaf Input IOChain	integer	Readonly
nd_proxy_resp	Count of successful IP-MAC binding message from CCP for ND suppression	integer	Readonly
nd_proxy_resp_drops	Count of ND response failed for each ND suppressed packets	integer	Readonly
nd_proxy_resp_filtered	Count of ND responses skipped for each successful IP-MAC response from CCP	integer	Readonly
nd_proxy_resp_unknown	Count of unknown IP-MAC binding message from CCP for ND suppression	integer	Readonly
nested_tn_mcast_proxy_diff_vlan_tx_drops	Count of BUM replicated packet drops destined to nested TN	integer	Readonly
nested_tn_mcast_proxy_same_vlan_tx_drops	Count of BUM replicated packet drops destined to nested TN	integer	Readonly
uplink_rx	Count of packets received at uplink port from underlay network	integer	Readonly
uplink_rx_drops	Count of packets from underlay that are dropped at uplink input IOChain	integer	Readonly
uplink_rx_filtered	Packets received at uplink filtered at uplink IOChain	integer	Readonly
uplink_rx_guest_vlan_drops	Drop at uplink input IOChain due to failure to remove guest VLAN tag	integer	Readonly
uplink_rx_invalid_encap_drops	Count of packets dropped at uplink input IOChain due to incorrect Encap	integer	Readonly
uplink_rx_mcast_invalid_dr_uplink_drops	Count of IP multicast packets dropped at unexpected DR uplink	integer	Readonly
uplink_rx_skip_mac_learn	Count of packets for which MAC learn was skipped at uplink input IOChain	integer	Readonly
uplink_rx_system_err_drops	Drop at uplink input IOChain due to system errors	integer	Readonly
uplink_rx_wrong_dest_drops	Drop at uplink port input IOChain due to incorrect destination VTEP IP	integer	Readonly
uplink_tx	Count of packets transmitted through uplink port towards underlay network	integer	Readonly
uplink_tx_drops	Total DVS sent packet drops at uplink output IOChain	integer	Readonly
uplink_tx_flood_rate_limit	Count of rate limited unknown unicast packets at uplink output IOChain	integer	Readonly
uplink_tx_ignore	Count of DVS sent packets ignored at uplink output IOChain	integer	Readonly
uplink_tx_invalid_frame_drops	Count of invalid packets dropped at uplink IOChain	integer	Readonly
uplink_tx_invalid_state_drops	Packet drops at uplink IOChain due to incorrect uplink VLAN configuration	integer	Readonly
uplink_tx_nested_tn_repl_drops	Count of packets to nested TN dropped at uplink output IOChain	integer	Readonly
uplink_tx_non_unicast	Count of broadcast,multicast packets replicated to remote VTEPs	integer	Readonly
uplink_tx_teaming_drops	Count of packets dropped at uplink IOChain due to uplink teaming failure	integer	Readonly
uplink_tx_ucast_flood	Count of unknown unicast packets at uplink output IOChain	integer	Readonly

VdrbCounters (schema)

Name	Description	Type	Notes
arp_hold_pkt_drops	The drops of packet(IPv4) pending on ARP resolution	integer	Readonly
consumed_icmpv4	ICMP packets(IPv4) destinated to VDR and consumed by VDR	integer	Readonly
consumed_icmpv6	ICMP packets(IPv6) destinated to VDR and consumed by VDR	integer	Readonly
drop_route_ipv4_drops	Packet(IPv4) matching drop routes	integer	Readonly
drop_route_ipv6_drops	Packet(IPv6) matching drop routes	integer	Readonly
no_nbr_ipv4	No IPv4 ARP entry found	integer	Readonly
no_nbr_ipv6	No IPv6 Neighbor entry found	integer	Readonly
no_route_ipv4_drops	No IPv4 routes	integer	Readonly
no_route_ipv6_drops	No IPv6 routes	integer	Readonly
ns_hold_pkt_drops	The drops of packet(IPv6) pending on neighbor resolution	integer	Readonly
pkt_attr_error_drops	Packets which failed attribute operation	integer	Readonly
relayed_dhcpv4_req	Relayed DHCPv4 requests	integer	Readonly
relayed_dhcpv4_rsp	Relayed DHCPv4 responses	integer	Readonly
relayed_dhcpv6_req	Relayed DHCPv6 requests	integer	Readonly
relayed_dhcpv6_rsp	Relayed DHCPv6 responses	integer	Readonly
rpf_ipv4_drops	Reverse path forwarding drops of packet(IPv4)	integer	Readonly
rpf_ipv6_drops	Reverse path forwarding drops of packet(IPv6)	integer	Readonly
rx_arp_req	Arp Reqests received	integer	Readonly
rx_ipv4	Packets(IPv4) received on VDR	integer	Readonly
rx_ipv6	Packets(IPv6) received on VDR	integer	Readonly
rx_pkt_parsing_error_drops	Packets failed to be parsed	integer	Readonly
ttl_ipv4_drops	Packet(IPv4) drops due to low TTL	integer	Readonly
ttl_ipv6_drops	Packet(IPv6) drops due to low TTL	integer	Readonly
tx_arp_rsp	Arp Responses sent	integer	Readonly
tx_dispatch_queue_too_long_drops	Packets being tail dropped in the txDispatchQueue	integer	Readonly
tx_ipv4	Packets(IPv4) sent from VDR	integer	Readonly
tx_ipv6	Packets(IPv6) sent from VDR	integer	Readonly

VerifiableAsymmetricLoginCredential (schema)

Name	Description	Type	Notes
asymmetric_credential	Asymmetric login credential	secure_string
credential_key	Credential key	secure_string
credential_type	Must be set to the value VerifiableAsymmetricLoginCredential	string	Required
credential_verifier	Credential verifier	secure_string

VerifyScimUserOrGroupExistsResult (schema)

Verify user/group exists result

Name	Description	Type	Notes
exists	True if the user/group exists	boolean

VerifyScimUserOrGroupParameters (schema)

SCIM user/group existence query parameters

Name	Description	Type	Notes
name	User or group name to search for	string	Required

VersionList (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
acceptable_versions	List of component versions	array of string	Required
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
resource_type	Must be set to the value VersionList	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30

VidbOidcEndpointCreateRequest (schema)

Configuration to enable VIDB

Configuration data needed for NSX to configure itself to authenticate to VMware Identity Broker (VIDB). Either api_token, or username + password is required.

Name	Description	Type	Notes
certificate_chain	The certificate chain for VIDB The public certificate chain for the VIDB, in PEM format.	string	Required
client_id	Client ID for authenticating to VIDB The client identifier to use when authenticating to VMware Identity Broker (VIDB).	string	Required
client_secret	The certificate chain for VC/WS1B The public certificate chain for the VIDB, in PEM format.	secure_string	Required
name	Name for the VIDB endpoint A display name for the VIDB endpoint. This is displayed on login screens to allow users to decide which endpoint to use when authenticating.	string	Required
vidb_uri	VIDB OpenID Connect URI URI of the VIDB OpenID Connect end-point.	string	Required

VidbOidcEndpointCreateResponse (schema)

Name	Description	Type	Notes
oidc_endpoint_id	OIDC endpoint ID The identifier of the OIDC endpoint that was created.	string

VidmInfo (schema)

Vidm Info

Name	Description	Type	Notes
display_name	User's Full Name Or User Group's Display Name	string	Required Readonly
name	Username Or Groupname	string	Required Readonly
type	Type	string	Required Readonly Enum: remote_user, remote_group

VidmInfoListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	List results	array of VidmInfo	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

VidmInfoSearchRequestParameters (schema)

Vidm information search request parameters

Name	Description	Type	Notes
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string
included_fields	Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs.	string
page_size	Maximum number of results to return in this page (server may return fewer)	integer	Minimum: 0 Maximum: 1000 Default: "1000"
search_string	Search string to search for. This is a substring search that is case insensitive.	string	Required
sort_ascending		boolean
sort_by	Field by which records are sorted	string

View (schema)

Dashboard View

Describes the configuration of a view to be displayed on the dashboard.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget.	string	Required Maximum length: 255
exclude_roles	Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified.	string	Maximum length: 1024
id	Unique identifier of this resource	string	Sortable
include_roles	Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles.	string	Maximum length: 1024
resource_type	Must be set to the value View	string
shared	Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users.	boolean	Default: "False"
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
weight	Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widgets	Widgets Array of widgets that are part of the view.	array of WidgetItem	Required Minimum items: 0

ViewList (schema)

List of Views

Represents a list of views.

Name	Description	Type	Notes
views	Array of views Array of views	array of View	Required Readonly

ViewQueryParameters (schema)

Parameters for querying views

Name	Description	Type	Notes
tag	The tag for which associated views to be queried. The tag for which associated views to be queried. For tags specified on views, scope is automatically set to 'nsx-dashboard' and hence scope is ignored for searching views based on tag.	string	Readonly
view_ids	Ids of the Views Comma separated ids of views to be queried.	string	Readonly Maximum length: 8192
widget_id	Id of widget configuration Id of widget to be queried for all the views it is part of.	string	Readonly Maximum length: 255

VirtualEndpoint (schema)

This endpoint is strictly of the type Virtual

A VirtualEndpoint represents an IP (or nexthop) which is outside
SDDC. It represents a redirection target for RedirectionPolicy.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VirtualEndpoint	string	Required Enum: VirtualEndpoint, ServiceInstanceEndpoint
service_names	Services for which this endpoint to be created One VirtualEndpoint will be created per service name.	array of string	Required Minimum items: 1 Maximum items: 1
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
target_ips	IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected.	array of IPInfo	Required Minimum items: 1 Maximum items: 1
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VirtualNetworkInterface (schema)

Name	Description	Type	Notes
_last_sync_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
description	Description of this resource	string	Maximum length: 1024 Sortable
device_key	Device key of the virtual network interface.	string	Required
device_name	Device name of the virtual network interface.	string
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_id	External Id of the virtual network inferface.	string	Required
host_id	Id of the host on which the vm exists.	string	Required
ip_address_info	IP Addresses of the the virtual network interface, from various sources.	array of IpAddressInfo
lport_attachment_id	LPort Attachment Id of the virtual network interface.	string
mac_address	MAC address of the virtual network interface.	string	Required
owner_vm_id	Id of the vm to which this virtual network interface belongs.	string	Required
owner_vm_type	Owner virtual machine type; Edge, Service VM or other.	string	Readonly Enum: EDGE, SERVICE, REGULAR
resource_type	Must be set to the value VirtualNetworkInterface	string	Required
scope	List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC.	array of DiscoveredResourceScope
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
uptv2_enabled	Flag to indicate if UPT is enabled Specifies if UPTv2 (Universal Pass-through version 2) compatibility is enabled for the virtual network interface or not.	boolean	Readonly
vm_local_id_on_host	Id of the vm unique within the host.	string	Required

VirtualNetworkInterfaceListResult (schema)

Name	Description	Type	Notes
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
cursor	Opaque cursor to be used for getting next page of records (supplied by current result page)	string	Readonly
result_count	Count of results found (across all pages), set only on first page	integer	Readonly
results	VirtualNetworkInterface list results	array of VirtualNetworkInterface	Required
sort_ascending	If true, results are sorted in ascending order	boolean	Readonly
sort_by	Field by which records are sorted	string	Readonly

VlanID (schema)

Virtual Local Area Network Identifier

Name	Description	Type	Notes
VlanID	Virtual Local Area Network Identifier	integer	Minimum: 0 Maximum: 4094

VlanVniRangePair (schema)

Vlan Vni pair resource

Vlan-Vni mapping pair resource in EvpnTenantConfig for ROUTE-SERVER Evpn mode

Name	Description	Type	Notes
vlans	List of VLAN ids List of VLAN ids and VLAN ranges (specified with '-').	string	Required
vnis	List of VNI ids List of VNI ids and VNI ranges (specified with '-'). The vni id is used for VXLAN transmission for a given tenant Vlan ID in ROUTE-SERVER Evpn.	string	Required

VniPoolConfig (schema)

Vni Pool Config

Vni Pool Configuration.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
end	End value of VNI Pool range	int	Required Minimum: 75001 Maximum: 16777215
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VniPoolConfig	string
start	Start value of VNI Pool range	int	Required Minimum: 75001 Maximum: 16777215
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

Vpc (schema)

Policy VPC

'Vpc' provides self-service and allows the application users to configure subnets and other services.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_address_type	IP address type This defines the IP address type that will be allocated for subnets. In the case of IPv4, all the subnets will be allocated IP addresses from the IpV4 private/external pool.	string	Required Enum: IPV4 Default: "IPV4"
limits	PolicyPath of limits applied on the VPC Limits are used to add constraints within a VPC. This field lists the quotas that are applied to a particular VPC by the project admin.	array of string
load_balancer_vpc_endpoint		LoadBalancerVPCEndpoint
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
private_ips	IPv4 CIDRs for the VPC private subnets The user is expected to use this field to manage private IPv4 subnets. This field is expected to be used with vpc_connectivity_profile and vpc_service_profile fields. For each IPv4 CIDR specified in the private_ips field, a private IP block will be created and managed by the system.	array of IPv4CIDRBlock	Maximum items: 5
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value Vpc	string
short_id	Identifier to use when displaying vpc context in logs Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set.	string	Maximum length: 8
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vpc_service_profile	Service Configuration Profile Path for the VPC The path of the configuration profile of the VPC services. This will be a collection of default dhcp and subnet profiles. The default service profile will be created as part of the Project creation workflow. That will be used as the default for all VPCs created under that project. The default value will be project specific default VPC profile.	string
activate_default_dfw_rules	Activate the default DFW rules for the VPC By default, VPC is created with default distributed firewall rules, this flag allows to deactivate those default rules . If not set, the default rules are enabled. The system will expect the API user to pass this flag as "false" when the system is not entitled to distributed firewall. For VPCs that use default_gateway_path, this flag controls the activation of default DFW rules (enabled by default if a valid vDefend license exists).	boolean	Deprecated
default_gateway_path	PolicyPath of Tier0 or Tier0 VRF gateway or label path referencing to Tier0 or Tier0 VRF. This represents the path of a Tier0 or Tier0 VRF or label. This must be a subset of Tier0s/VRFs defined at the project level. It serves as default gateway for VPC. In case of Label, it should have reference of Tier0 or Tier0 VRF path. This field is not allowed with vpc_service_profile in place.	string	Deprecated
dhcp_config	DHCP configs DHCP configuration to be applied on all connected subnets if the IP address type is IPv4. This field is not allowed with vpc_service_profile in place.	DhcpConfig	Deprecated
external_ipv4_blocks	PolicyPath of external IPv4 block IP block used for allocating CIDR blocks for public subnets. IP block must be subset of Project IPv4 blocks. This field is not allowed with vpc_service_profile in place.	array of string	Deprecated Maximum items: 5
ipv6_profile_paths	IPv6 NDRA and DAD profiles configuration Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured. If not specified, default profiles will be applied.	array of string	Deprecated Maximum items: 2
private_ipv4_blocks	PolicyPath of private ip block The user is not expected to use this field to manage private IPv4 subnets. This field does not support use with vpc_service_profile fields. The provided IP blocks must be defined by the Project admin.	array of string	Deprecated Maximum items: 5
service_gateway	Service Gateway of a VPC This field is not allowed with vpc_service_profile in place.	ServiceGateway	Deprecated
site_infos	Collection of Site information. Information related to sites applicable for given VPC. The edge cluster path must belong to the same site. This will be a subset of the span of connected Tier0/VRF. Only 1 Edge cluster can be configured in site_infos. This field is not allowed with vpc_service_profile in place.	array of SiteInfo	Deprecated Maximum items: 1
subnet_profiles	Subnet profiles Subnet profiles will be used to create subnet profile binding and it will be applied to subnets. Subnet profiles need to be pre-created at the project level. If not specified, default profiles will be used. This field is not allowed with vpc_service_profile in place.	SubnetProfiles	Deprecated

VpcAttachment (schema)

VPC Configuration which holds VPC Connectivity Profile information

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcAttachment	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
vpc_connectivity_profile	VPC Connectivity Profile policy path VPC Connectivity Profile policy path	string	Required

VpcConnectivityProfile (schema)

VPC Connectivity Profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_ip_blocks	PolicyPath of External IP block PolicyPath of External IP block	array of string	Maximum items: 5
id	Unique identifier of this resource	string	Sortable
is_default	Flag to indicate that the VPC Connectivity Profile is a default profile If true, then this VPC Connectivity Profile is the default system created profile. Default profiles can be modified by users but cannot be deleted.	boolean	Readonly
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
private_tgw_ip_blocks	PolicyPath of Private IP block PolicyPath of Private IP block	array of string	Maximum items: 5
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcConnectivityProfile	string
service_gateway	VPC Service Gateway Configuration VPC service gateway configuration	VpcServiceGatewayConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
transit_gateway_path	Transit Gateway Path Transit Gateway path.	string	Required
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcDhcpAdvancedConfig (schema)

VPC DHCP Advance Configuration

Name	Description	Type	Notes
is_distributed_dhcp	Flag to indicate DHCP mode DHCP server’s IP allocation model based on workloads subnet port id. It is applicable when DHCP mode is DHCP_SERVER. Value of this field can be False only when Edge cluster is available. If value is False, edge cluster in vpc connectivity profile must be configured for this mode. This is the traditional DHCP server that dynamically allocates IP per VM's MAC. If value is true, edge cluster will not be required for this mode. This is a DHCP server that dynamically assigns IP per VM port. The default value will be true.	boolean	Default: "True"

VpcDhcpRelayConfig (schema)

VPC DHCP Relay Configuration

Name	Description	Type	Notes
server_addresses	DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported.	array of IPAddress	Required

VpcDhcpServerConfig (schema)

DHCP server configuration

DHCP server configuration includes IP address leasing, DNS servers, NTP servers,etc.

Name	Description	Type	Notes
advanced_config	VPC DHCP advance configuration VPC DHCP advance configuration	VpcDhcpAdvancedConfig
dns_client_config	Dns client configuration Dns client configuration includes the DNS servers that DHCP clients uses to resolve domain names into IP addresses. DNS servers must be defined using this property instead of using DHCP option code 6 directly.	DnsClientConfig
lease_time	Subnet DHCP lease time. This property specifies the duration (in seconds) for which an IP address lease is valid before the client must renew it. Lease time must be configured using this property rather than using DHCP option code 51 directly.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
ntp_servers	NTP Servers This property specifies the Network Time Protocol servers that clients use to synchronize their system clock. The NTP servers must be configured using this property rather than using DHCP option code 42 directly. This approach ensures consistency and centralized management if NTP settings.	array of IPAddress	Maximum items: 2

VpcIntentRealizationStatus (schema)

VPC Status and Status of children for a given VPC

Name	Description	Type	Notes
parent_path	Policy parent path of the resource.	string
path	Policy path of the object	string
realization_id	Realization id of this object	string
realized_entity_path	Path that is used to fetch the Realization details of the entity.	string
status	Status of this object	string	Enum: SUCCESS, ERROR, UNINITIALIZED, IN_PROGRESS, UNKNOWN

VpcIpAddressAllocation (schema)

Parameters for IP allocation

Allocation parameters for the IP address (e.g. specific IP
address) can be specified. VPC IP allocation object is used for associating IP/CIDR to VPC manually.
External VPC allocation IP will be used in NAT and subnet port's manual external address binding.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
allocation_ip	IP address allocated from ip block. Single IP Address that is allocated from external ip block or IPv6 block based on IP address type. If not specified, any available IP will be allocated from respective IP block. If specified, it has to be within range of respective IP blocks. If IP is already in use then validation error will be thrown. This field will be replaced with allocation_ips.	IPAddress
allocation_ips	Allocated IP addresses The customer needs to pass allocation_ips or allocation_size and ip_address_block_visibility. If allocation_size is used, the system will allocate IP addresses from unused IP addresses. Range or comma separated ip string is not supported in VPC IP allocation.	IPElement
allocation_size	Allocation IP address size The system will allocate IP addresses from unused IP addresses based on allocation size.	int
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_address_block_visibility	IP Address Block Visibility Represents visibility of IP address block. This field is not applicable if IPAddressType at VPC is IPv6.	string	Enum: EXTERNAL, PRIVATE, PRIVATE_TGW Default: "EXTERNAL"
ip_address_type	IP address type This defines the type of IP address block that will be used to allocate IP. This field is applicable only if IP addressType at VPC is DUAL. In case of IPv4, external blocks will be used, and in case of IPv6, IPv6 blocks will be used.	string	Enum: IPV4, IPV6 Default: "IPV4"
ip_block	IP block IP block path for subnet IP allocation.	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcIpAddressAllocation	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcNatConfig (schema)

NAT Configuration

Name	Description	Type	Notes
enable_default_snat	Activate or Deactivate default SNAT Auto configured SNAT for private subnet.	boolean	Default: "False"

VpcProfileDhcpConfig (schema)

VPC Profile DHCP Config

Common DHCP config for VPC subnet

Name	Description	Type	Notes
dhcp_relay_config	DHCP relay configuration DHCP relay configuration includes the DHCP server address. The DHCP server address should be routeable with NAT for DHCP to work correctly. DHCP relay configuration cannot be removed while the subnet is using it.	VpcDhcpRelayConfig
dhcp_server_config	DHCP server configuration DHCP server configuration for VPC subnet. This property must be specified when a subnet is configured with a DHCP server. DHCP server configuration cannot be removed while the subnet is using it.	VpcDhcpServerConfig

VpcSecurityProfile (schema)

VPC Security Profile

Security profile helps configure security settings for the VPC.
All VPCs within a project are implicitly associated with the pre-created default profile defined at the project level.
Note: Currently, users are not allowed to create new security profiles.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Flag to indicate that the Security Profile is a default profile or not. This flag indicates whether this security profile is a default system created profile. All VPCs within a project are implicitly associated with the pre-created default profile defined at the project level. Default profiles can be modified by users but cannot be deleted.	boolean	Readonly Default: "False"
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
north_south_firewall	North-south firewall (Gateway Firewall) configurations. North south firewall (Gateway Firewall) configurations.	NorthSouthFirewall	Required
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcSecurityProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcServiceGatewayConfig (schema)

VPC Service Gateway Configuration

Name	Description	Type	Notes
edge_cluster_paths	Edge Cluster paths Array of edge cluster paths for VPC attachment SR realization. Edge cluster specified must be associated with the Project. Changing edge cluster is allowed after configuring but this may cause service disruption.	array of string	Minimum items: 0 Maximum items: 1
enable	Activate or Deactivate VPC SR attachment services Status of the VPC attachment SR.	boolean	Default: "True"
nat_config	NAT Configuration VPC will be created with SNAT rule for private and project subnets.	VpcNatConfig
qos_config	QOS Configuration QoS Profile configuration for VPC connected to the gateway.	GatewayQosProfileConfig

VpcServiceProfile (schema)

VPC Service Profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
dhcp_config	DHCP Configuration Common DHCP config for VPC subnet.	VpcProfileDhcpConfig	Required
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_discovery_profile	IP Discovery Profile Using this profile to configure different options of IP Discovery	string
is_default	Flag to indicate that the VPC Service Profile is a default profile If true, then this VPC Service Profile is the default system created profile. Default profiles can be modified by users but cannot be deleted.	boolean	Readonly
mac_discovery_profile	Mac Discovery Profile Mac Discovery Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
qos_profile	Subnet Qos Profile Subnet Qos Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcServiceProfile	string
security_profile	Security Profile Security features are extended by policy operations for securing logical segments.	string
spoof_guard_profile	SpoofGuard Profile SpoofGuard is a tool that is designed to prevent virtual machines in your environment from sending traffic with IP addresses which are not authorized to send traffic from. A SpoofGuard policy profile once enabled blocks the traffic determined to be spoofed.	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcStatusAdditionalDetails (schema)

Object to hold additional error details, in case of a realization failure.

Name	Description	Type
code	Reason code for the realization of the object.	integer
description	Brief description of the reason of success/failure/warning.	string
message	Detailed messages/suggestions about error and remediation.	array of string

VpcStatusReason (schema)

Reason for a given status of the VPC Subnet

Name	Description	Type	Notes
additional_details	Additional error details that would help understand the reason of failure.	array of VpcStatusAdditionalDetails
code	Reason code for the realization of the object.	integer
description	Brief description of the reason of success/failure/warning.	string
message	Detailed messages/suggestions about error and remediation.	array of string
results	Reason for success/failure of realization of the intent	string	Enum: SUCCESS, FAILED, WARNING

VpcSubnet (schema)

Policy VPC Subnet

VPC Subnet provides self-service and allows the application users to create networks within the VPC and attach workloads to them.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
access_mode	The access type for an VPC Subnet. There are four kinds of Access Types supported for an Application. Private - VPC Subnet is accessible only within the application and its IPs are allocated from private IP address pool from VPC configuration unless specified explicitly by user. Public - VPC Subnet is accessible from external networks and its IPs are allocated from public IP address pool from VPC configuration unless specified explicitly by user. Isolated - VPC Subnet is not accessible from other VPC Subnets within the same VPC. Please make use of Private, Private_TGW or Public Subnets with connectivity_state as DISCONNECTED to have a disconnected Subnet. This value is deprecated. Private_TGW - VPC Subnet is accessible from using connected TGW.	string	Enum: Private, Public, Isolated, Private_TGW Default: "Private"
advanced_config	VPC Subnet advanced configuration VPC Subnet advanced configuration. This field is supported only for VPC Subnets on NSX local manager.	SubnetAdvancedConfig
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_addresses	CIDR VPC Subnet IP addresses. If not provided, IP assignment will be done based on VPC CIDRs This represents the VPC Subnet that is associated with tier. If IPv4 CIDR is given, ipv4_subnet_size property is ignored. For IPv6 CIDR, supported prefix length is /64.	array of string	Maximum items: 2
ip_blocks	VPC IP Blocks For Subnet IP Allocation IP block path for subnet IP allocation. IP block is supported for only one IP address family, either IPv4 or IPv6. IP block should be part of: 1) VPC's Private IP block path or 2) VPC Connectivity Profile's attachment's External IP block path or 3) VPC Connectivity Profile's attachment's Project IP block path.	array of string	Maximum items: 1
ipv4_subnet_size	Size of the VPC Subnet based upon estimated workload count. If IP Addresses are not provided, this field will be used to carve out the ips from respective ip block defined in the parent VPC. The default is 64. If ip_addresses field is provided then ipv4_subnet_size field is ignored. This field cannot be modified after creating a VPC Subnet.	int	Minimum: 16 Maximum: 65536
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcSubnet	string
subnet_dhcp_config	DHCP configuration for subnet DHCP configurations for a specific subnet, including DHCP mode, DHCP server options, and reserved IPs.	SubnetDhcpConfig
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly
dhcp_config	DHCP config DHCP configuration for IPv4 subnets. VPC DHCP configuration is applied if this configuration is missing. This configuration when provided always takes precedence over VPC DHCP configuration.	VpcSubnetDhcpConfig	Deprecated

VpcSubnetBridgeProfile (schema)

Policy VPC Subnet Bridge Profile

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
bridge_profiles	Bridge Profile Configuration Multiple distinct L2 bridge profiles can be configured.	array of BridgeProfileConfig	Required Minimum items: 1
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcSubnetBridgeProfile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcSubnetDhcpConfig (schema)

VPC Subnet DHCP configuration

VPC Subnet DHCP config

Name	Description	Type	Notes
dns_client_config	Dns client configuration Specifies the Network Time Protocol servers that clients will use to synchronize their system clock. The NTP servers must be configured within this property rather than using DHCP option code 42 directly. This approach ensures consistency and centralized management if NTP settings.	DnsClientConfig
enable_dhcp	Activate or Deactivate DHCP This is used to enable or disable DHCP at VPC Subnet. True: to override DHCP config at VPC/VPC Service Profile. False: to disable DHCP, other DHCP configurations are not allowed to be configured.	boolean
lease_time	DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config. The default lease time is 86,400 seconds. In DHCP_RELAY mode, any specified lease time will be ignored.	integer	Minimum: 60 Maximum: 4294967295 Default: "86400"
static_pool_config	Static IP pool configuration Static IP pool configuration.	StaticPoolConfig
dhcp_relay_config_path	DHCP relay config path If configured then subnet will be configured with the DHCP Relay. Configure dhcp_relay_config is a recommended option to configure DHCP relay on subnet.	string	Deprecated

VpcSubnetPort (schema)

Policy port object for VPC Subnet

VPC Subnet port will create LogicalPort on LogicalSwitch corresponding to the Subnet.
Address bindings cannot be removed after realization.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
address_bindings	Address bindings for the port Static address binding used for the port.	array of PortAddressBindingEntry	Maximum items: 512
admin_state	Represents desired state of the segment port	string	Enum: UP, DOWN Default: "UP"
attachment	VIF attachment Only VIF attachment is supported	PortAttachment
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
external_address_binding	External Address Binding External address binding will not be supported if subnet port belongs to public subnet.	ExternalAddressBinding
extra_configs	Extra configs on segment port This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port.	array of SegmentExtraConfig
id	Unique identifier of this resource	string	Sortable
ignored_address_bindings	Address bindings to be ignored by IP Discovery module IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported.	array of PortAddressBindingEntry	Minimum items: 0 Maximum items: 16
init_state	Initial state of this logical ports Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host.	string	Enum: UNBLOCKED_VLAN, RESTORE_VIF
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_id	ID of the distributed virtual port and the distributed virtual switch in the source vCenter ID populated by NSX when NSX on DVPG is used to indicate the source Distributed Virtual Port and the corresponding Distributed Virtual Switch. This ID is populated only for ports attached to discovered segments.	string	Readonly
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcSubnetPort	string
source_site_id	source site(LM) id. This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM.	string	Readonly
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tofu_version	Version of Trust On First Use (TOFU) paradigm. This is an experimental field. The TOFU workflow will be triggered upon modification of this value to a different non-zero positive value.	integer	Minimum: 0 Maximum: 4294967295
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcSubnetPortProfileBindingMap (schema)

Vpc Subnet Port Profile binding map

This entity will be used to establish association between profiles and Vpc Subnet Port.
Using this entity, user can specify intent for applying different profiles to particular Vpc Subnet Port.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
children	Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only.	array of ChildPolicyConfigResource Children are not allowed for this type
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
ip_discovery_profile_path	IP Discovery Profile Path PolicyPath of associated IP Discovery Profile	string
mac_discovery_profile_path	Mac Discovery Profile Path PolicyPath of associated Mac Discovery Profile	string
marked_for_delete	Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object get deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects.	boolean	Readonly Default: "False"
origin_site_id	A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in NSX+.	string	Readonly
overridden	Indicates whether this object is the overridden intent object Global intent objects cannot be modified locally by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties.	boolean	Readonly Default: "False"
owner_id	A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing who owns this object. This is used in NSX+.	string	Readonly
parent_path	Path of its parent Path of its parent	string	Readonly
path	Absolute path of this object Absolute path of this object	string	Readonly
qos_profile_path	Subnet Qos Profile Path PolicyPath of Subnet Qos Profile	string
realization_id	A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated their unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent.	string	Readonly
relative_path	Relative path of this object Path relative from its parent	string	Readonly
remote_path	Path of the object on the remote end. This path is populated only in case of multi-site scenario. Currently it is supported only for LM objects. When LM is onboarded to multi-site platform like NAPP or GM, remote_path will be set to the globally unique path across multi-site topology . It is generated based on local site-name and uses /org tree namespace. Note: It is populated only for LM objects. Not supported on the GM.	string	Readonly
resource_type	Must be set to the value VpcSubnetPortProfileBindingMap	string
security_profile_path	Security Profile Path PolicyPath of Security Profile	string
spoof_guard_profile_path	SpoofGuard Profile Path PolicyPath of SpoofGuard Profile	string
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
unique_id	A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entities in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites.	string	Readonly

VpcTransitGatewayStatusResult (schema)

Collection of VPC TransitGateway Status

Name	Description	Type	Notes
attachments		array of RealizationEntity
path	Policy path of the object	string
realization_entities		array of RealizationEntity
realization_id	Realization id of this object	string
status	Realization state of this object	string	Required Enum: SUCCESS, ERROR, UNINITIALIZED, IN_PROGRESS, UNKNOWN

VrfEvpnL2VniConfig (schema)

Name	Description	Type	Notes
enable_vtep_groups	Flag to enable or disable the creation of vtep groups This is used to enable or disable the creation of vtep groups. Each vtep group is used to group vteps with the same MAC for L2 ECMP usage.	boolean	Default: "False"
l2_vni_configs	L2 VNI configurations associated with the VRF Define L2 VNI and its related route distinguiser and route targets.	array of VrfL2VniConfig	Required Minimum items: 1 Maximum items: 1

VrfL2VniConfig (schema)

Name	Description	Type	Notes
l2_vni	L2 VNI associated with the VRF L2 VNI associated with the VRF. It must be unique and available from the VNI pool defined for EVPN service.	int	Required
route_distinguisher	The unique route distinguisher for the virtual routing and forwarding instance This is a 64 bit number which disambiguates overlapping logical networks, with format in IPAddress: or ASN:.	string	Required
route_targets	Route targets Route targets.	array of VrfRouteTargets	Required Minimum items: 1 Maximum items: 1

VrfRouteTargets (schema)

Vrf Route Targets

Vrf Route Targets for import/export.

Name	Description	Type	Notes
address_family	Address family Address family.	string	Enum: L2VPN_EVPN Default: "L2VPN_EVPN"
export_route_targets	Export route targets Export route targets with format in ASN:.	array of string
import_route_targets	Import route targets Import route targets with format in ASN:.	array of string

VrniGlobalCollector (schema)

NSX global configs for VRNI global collector

vRNI collector collects the system metrics to
Vmware vRNI (vRealize Network Insight) platform
for network monitoring and analytics.

Name	Description	Type	Notes
collector_ip	IP address for the global collector collector IP address for the global collector.	IPAddress	Required
collector_port	Port for the global collector Port for the global collector.	int	Required Minimum: 1 Maximum: 65535
collector_type	Must be set to the value VrniGlobalCollector	GlobalCollectorType	Required
report_interval	Report interval for operation data in seconds Report interval for operation data in seconds.	int	Required Minimum: 1 Maximum: 1800 Default: "30"

VrniStreamingGlobalCollector (schema)

NSX global configs for VRNI_STREAMING global collector

vRNI streaming collector collects the system metrics to
Vmware vRNI Streaming platform for network monitoring and analytics.

Name	Description	Type	Notes
collector_ip	IP address for the global collector collector IP address for the global collector.	IPAddress	Required
collector_port	Port for the global collector Port for the global collector.	int	Required Minimum: 1 Maximum: 65535
collector_type	Must be set to the value VrniStreamingGlobalCollector	GlobalCollectorType	Required
password	The password of global collector The password of global collector, The value can be upper and lower case letters and numbers only. The max length is 20.	secure_string	Required Maximum length: 20
root_certificate	The root certificate of global collector The root certificate of global collector.	string	Required
username	The username of global collector The username of global collector. The value contains only non-whitespace characters. The max length is 20.	string	Required Maximum length: 20 Pattern: "^\S+$"

VsipCounters (schema)

Name	Description	Type	Notes
alg_handler_drops	alg handler error.	integer	Readonly
bad_offset_drops	bad-offset.	integer	Readonly
bad_timestamp_drops	bad-timestamp.	integer	Readonly
congestion_drops	congestion.	integer	Readonly
fragment_drops	fragment.	integer	Readonly
handshake_error_drops	3wh error.	integer	Readonly
icmp_err_pkt_drops	icmp errpkt drop.	integer	Readonly
icmp_error_drops	icmp error.	integer	Readonly
icmp_flood_overlimit_drops	ICMP flood overlimit.	integer	Readonly
ignored_offloaded_fpdrops	Ignored offloaded FP.	integer	Readonly
ignored_offloaded_spdrops	Ignored offloaded SP	integer	Readonly
ip_option_drops	ip-option.	integer	Readonly
l7_alert_drops	L7 alert.	integer	Readonly
l7_attr_error_drops	L7 attr error.	integer	Readonly
l7_pending_misc	L7 pending.	integer	Readonly
lb_reject_drops	LB Reject.	integer	Readonly
match_drop_rule_rx_drops	Rx pkts dropped by hitting drop/reject rule.	integer	Readonly
match_drop_rule_tx_drops	Tx pkts dropped by hitting drop/reject rule.	integer	Readonly
memory_drops	memory.	integer	Readonly
normalize_drops	normalize.	integer	Readonly
other_flood_overlimit_drops	OTHER flood overlimit.	integer	Readonly
pkts_frag_queued_v4_misc	pkts-frag-queued-v4.	integer	Readonly
pkts_frag_queued_v6_misc	pkts-frag-queued-v6.	integer	Readonly
proto_cksum_drops	proto-cksum.	integer	Readonly
rx_ipv4_drop_pkts	Received IPv4 drop packets	integer	Readonly
rx_ipv4_pass_pkts	Received IPv4 pass packets	integer	Readonly
rx_ipv4_reject_pkts	Received IPv4 reject packets.	integer	Readonly
rx_ipv6_drop_pkts	Received IPv6 drop packets.	integer	Readonly
rx_ipv6_pass_pkts	Received IPv6 pass packets	integer	Readonly
rx_ipv6_reject_pkts	Received IPv6 reject packets.	integer	Readonly
rx_l2_drop_pkts	Received layer 2 drop packets.	integer	Readonly
seqno_bad_ack_drops	seqno bad ack	integer	Readonly
seqno_gt_max_ack_drops	seqno gt maxack	integer	Readonly
seqno_lt_minack_drops	seqno lt minack	integer	Readonly
seqno_old_ack_drops	seqno old ack	integer	Readonly
seqno_old_retrans_drops	seqno old retrans.	integer	Readonly
seqno_outside_window_drops	seqno outside window.	integer	Readonly
short_drops	short.	integer	Readonly
spoof_guard_drops	spoofguard.	integer	Readonly
src_limit_misc	src-limit.	integer	Readonly
state_insert_drops	state-insert.	integer	Readonly
state_limit_drops	state-limit.	integer	Readonly
state_mismatch_drops	state-mismatch.	integer	Readonly
strict_no_syn_drops	strict no syn.	integer	Readonly
syn_expected_drops	SYN Expected.	integer	Readonly
syn_proxy_drops	synproxy.	integer	Readonly
tcp_flood_overlimit_drops	TCP flood overlimit.	integer	Readonly
tx_ipv4_drop_pkts	Sent IPv4 drop packets	integer	Readonly
tx_ipv4_pass_pkts	Sent IPv4 pass packets	integer	Readonly
tx_ipv4_reject_pkts	Sent IPv4 reject packets.	integer	Readonly
tx_ipv6_drop_pkts	Sent IPv6 drop packets.	integer	Readonly
tx_ipv6_pass_pkts	Sent IPv6 pass packets	integer	Readonly
tx_ipv6_reject_pkts	Sent IPv6 reject packets.	integer	Readonly
tx_l2_drop_pkts	Sent layer 2 drop packets.	integer	Readonly
udp_flood_overlimit_drops	UDP flood overlimit.	integer	Readonly

VsphereClusterNodeVMDeploymentConfig (schema)

Deployment config on the Vsphere platform

The Vsphere deployment configuration determines where to deploy the
cluster node VM through a vCenter server. It contains settings that are
applied during install time.
If using DHCP, the following fields must be left unset - dns_servers,
management_port_subnets, and default_gateway_addresses

Name	Description	Type	Notes
allow_ssh_root_login	Allow root SSH logins If true, the root user will be allowed to log into the VM. Allowing root SSH logins is not recommended for security reasons.	boolean	Default: "False"
compute_id	Cluster identifier or resourcepool identifier The cluster node VM will be deployed on the specified cluster or resourcepool for specified VC server.	string	Required
default_gateway_addresses	Default IPv4 gateway for the VM The default IPv4 gateway for the VM to be deployed must be specified if all the other VMs it communicates with are not in the same subnet. Do not specify this field and management_port_subnets to use only IPv6. Note: only single IPv4 default gateway address is supported and it must belong to management network. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv4.	array of IPv4Address	Minimum items: 1 Maximum items: 1
default_ipv6_gateway_addresses	Default IPv6 gateway for the VM The default IPv6 gateway for the VM to be deployed must be specified if all the other VMs it communicates with are not in the same subnet. Do not specify this field and management_port_ipv6_subnets to use only IPv4. Note: only single IPv6 default gateway address is supported and it must belong to management network. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv6.	array of IPv6Address	Minimum items: 1 Maximum items: 1
disk_provisioning	Disk provitioning type Specifies the disk provisioning type of the VM.	DiskProvisioning	Default: "THIN"
dns_servers	DNS servers List of DNS servers. If DHCP is used, the default DNS servers associated with the DHCP server will be used instead. Required if using static IP.	array of IPAddress	Minimum items: 1
enable_ssh	Enable SSH If true, the SSH service will automatically be started on the VM. Enabling SSH service is not recommended for security reasons.	boolean	Default: "False"
folder_id	Folder identifier Specifies the folder in which the VM should be placed.	string
host_id	Host identifier The cluster node VM will be deployed on the specified host in the specified VC server within the cluster if host_id is specified. Note: User must ensure that storage and specified networks are accessible by this host.	string
hostname	Host name or FQDN for the VM Desired host name/FQDN for the VM to be deployed	string	Required Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]\|-){0,61}[0-9A-Za-z])?)*?$"
management_network_id	Portgroup identifier or segment path for management network connectivity Distributed portgroup identifier or segment path to which the management vnic of cluster node VM will be connected.	string	Required
management_port_ipv6_subnets	IPv6 port subnets for management port IPv6 Address and subnet configuration for the management port. Do not specify this field and default_ipv6_gateway_addresses to use only IPv4. Note: only one IPv6 address is supported for the management port. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv6.	array of IPSubnet	Minimum items: 1 Maximum items: 1
management_port_subnets	IPv4 port subnets for management port IPv4 Address and subnet configuration for the management port. Do not specify this field and default_gateway_addresses to use only IPv6. Note: only one IPv4 address is supported for the management port. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv4.	array of IPSubnet	Minimum items: 1 Maximum items: 1
ntp_servers	NTP servers List of NTP servers. To use hostnames, a DNS server must be defined. If not using DHCP, a DNS server should be specified under dns_servers.	array of HostnameOrIPAddress
placement_type	Must be set to the value VsphereClusterNodeVMDeploymentConfig	string	Required Enum: VsphereClusterNodeVMDeploymentConfig
search_domains	DNS search domain names List of domain names that are used to complete unqualified host names.	array of string
storage_id	Storage/datastore identifier The cluster node VM will be deployed on the specified datastore in the specified VC server. User must ensure that storage is accessible by the specified cluster/host.	string	Required
vc_id	Vsphere compute identifier for identifying VC server The VC-specific identifiers will be resolved on this VC, so all other identifiers specified in the config must belong to this vCenter server.	string	Required

VswitchCounters (schema)

Name	Description	Type	Notes
forged_transmit_rx_drops	Drops due to forged transmits disabled.	integer
unknown_unicast_rx_uplink_pkts	Unknown unicast flooded packets received from uplink.	integer	Readonly
unknown_unicast_tx_uplink_pkts	Unknown unicast flooded packets sent on the uplink.	integer	Readonly
vlan_tag_mismatch_rx	Drops due to VLAN tag mismatch of packets received by vswitch.	integer	Readonly
vlan_tag_mismatch_rx_mcast	Drops due to VLAN tag mismatch of packets received by vswitch.	integer	Readonly
vlan_tag_mismatch_tx	Drops due to VLAN tag mismatch of packets forwarded by vswitch.	integer	Readonly
vlan_tag_mismatch_tx_mcast	Drops due to VLAN tag mismatch of packets forwarded by vswitch.	integer	Readonly
vni_tag_mismatch_tx	Drops due to VNI tag mismatch of packets forwarded by vswitch.	integer	Readonly
vni_tag_mismatch_tx_mcast	Drops due to VNI tag mismatch of packets forwarded by vswitch.	integer	Readonly

WaveFrontGlobalCollector (schema)

NSX global configs for WAVE_FRONT global collector

Wavefront collector is defined to export the real-time
metrics to Vmware Warfront platform for monitoring and streaming analysis.
It is only applicable on VMC mode.

Name	Description	Type	Notes
collector_ip	IP address for the global collector collector IP address for the global collector.	IPAddress	Required
collector_port	Port for the global collector Port for the global collector.	int	Required Minimum: 1 Maximum: 65535
collector_type	Must be set to the value WaveFrontGlobalCollector	GlobalCollectorType	Required
tracing_port	Port for the Wavefront tracing Port for the Wavefront tracing.	int	Minimum: 0 Maximum: 65535 Default: "30001"

WeeklyBackupSchedule (schema)

Schedule to specify day of the week and time to take automated backup

Name	Description	Type	Notes
days_of_week	Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ...	array of integer	Required Minimum items: 1 Maximum items: 7
hour_of_day	Time of day when backup is taken	integer	Required Minimum: 0 Maximum: 23
minute_of_day	Time of day when backup is taken	integer	Required Minimum: 0 Maximum: 59
resource_type	Must be set to the value WeeklyBackupSchedule	string	Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule

WidgetConfiguration (schema)

Dashboard Widget Configuration

Describes the configuration of a widget to be displayed on the dashboard. WidgetConfiguration is a base type that provides attributes of a widget in-general.

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
condition	Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally.	string	Maximum length: 1024
datasources	Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API.	array of Datasource	Minimum items: 0
default_filter_value	Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values.	array of DefaultFilterValue
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title.	string	Maximum length: 255
drilldown_id	Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget.	string	Maximum length: 255
feature_set	Features required to view the widget Features required to view the widget.	FeatureSet
filter_value_required	Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory.	boolean	Default: "True"
filters	A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget.	array of string
footer		Footer
icons	Icons Icons to be applied at dashboard for widgets and UI elements.	array of Icon
id	Unique identifier of this resource	string	Sortable
is_drilldown	Set as a drilldown widget Set to true if this widget should be used as a drilldown.	boolean	Default: "False"
legend	Legend for the widget Legend to be displayed. If legend is not needed, do not include it.	Legend
plot_configs	List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here.	array of WidgetPlotConfiguration
resource_type	Must be set to the value WidgetConfiguration	string	Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255
rowspan	Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px.	int	Minimum: 1
show_header	This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header.	boolean
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
filter	Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property.	string	Deprecated
shared	Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users.	boolean	Deprecated
weight	Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details.	int	Deprecated

WidgetConfigurationList (schema)

List of Widget Configurations

Represents a list of widget configurations.

Name	Description	Type	Notes
widgetconfigurations	Array of widget configurations Array of widget configurations	array of WidgetConfiguration (Abstract type: pass one of the following concrete types) ContainerConfiguration CustomFilterWidgetConfiguration CustomWidgetConfiguration DonutConfiguration DropdownFilterWidgetConfiguration FilterWidgetConfiguration GraphConfiguration GridConfiguration LabelValueConfiguration LegendWidgetConfiguration MultiWidgetConfiguration SpacerWidgetConfiguration StatsConfiguration TimeRangeDropdownFilterWidgetConfiguration WidgetConfiguration	Required Readonly

WidgetItem (schema)

Widget held by MultiWidgetConfiguration or Container or a View

Represents a reference to a widget that is held by a container or a multi-widget or a View.

Name	Description	Type	Notes
alignment	Alignment of widget inside container Aligns widget either left or right.	string	Enum: LEFT, RIGHT Default: "LEFT"
label	Label of the the report Applicable for 'DonutConfiguration' and 'StatsConfiguration' reports only. If label is not specified, then it defaults to the label of the donut or stats report.	Label
rowspan	Vertical span Represents the vertical span of the widget / container	int	Minimum: 1
separator	A separator after this widget If true, separates this widget in a container.	boolean	Default: "False"
span	Horizontal span Represents the horizontal span of the widget / container.	int	Minimum: 1 Maximum: 12
weight	Weightage or placement of the widget or container Determines placement of widget or container relative to other widgets and containers. The lower the weight, the higher it is in the placement order.	int	Default: "10000"
widget_id	Id of the widget configuration Id of the widget configuration that is held by a multi-widget or a container or a view.	string	Required Maximum length: 255

WidgetPlotConfiguration (schema)

Base type for widget plot config

Base type for widget plot config.

Name	Description	Type	Notes
allow_maximize	Allow maximize capability for this widget Allow maximize capability for this widget	boolean
condition	Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration.	string	Maximum length: 1024

WidgetQueryParameters (schema)

Parameters for querying widget configurations

Name	Description	Type	Notes
container	Id of the container Id of the container whose widget configurations are to be queried.	string	Readonly Maximum length: 255
widget_ids	Ids of the WidgetConfigurations Comma separated ids of WidgetConfigurations to be queried.	string	Readonly Maximum length: 8192

Ws1bOidcEndpointCreateRequest (schema)

Configuration to enable VIDB

Configuration data needed for NSX to configure itself to authenticate to VMware Identity Broker (VIDB). Either api_token, or username + password is required.

Name	Description	Type	Notes
additional_fqdns	Additional FQDNs for NSX Manager Nodes An optional list of additional fully qualified domains names for the NSX manager nodes. Redirect URLs will be confiigured in VIDB for each FQDN provided.	array of string
api_token	API token for VIDB A JWT token with sufficient privileges to create an OAuth app on VMware Identity Broker (VIDB). Not required if username and password are provided.	secure_string
certificate_chain	The certificate chain for VC/WS1B The public certificate chain for the VIDB, in PEM format.	string	Required
nsx_fqdn	FQDN of NSX Manager The fully qualified domain name of the NSX Manager. This is used when redirecting UI users after authenticating.	string
oidc_uri	The VC/WS1B OIDC discovery endpoint URL The OIDC discovery endpoint URL. Information such as the expected issuer and signing keys will be retrieved from this URL.	string	Required
password	Password to use when authenticating to VIDB The password to use when authenticating to VMware Identity Broker (VIDB). Not required if api_token is provided.	secure_string
username	Username to use when authenticating to VIDB A username to use when authenticating to VMware Identity Broker (VIDB). This user must have privileges that allow it to create an OAuth app. Not required if api_token is provided.	string

Ws1bOidcEndpointRemovalRequest (schema)

Name	Description	Type	Notes
api_token	API token for VC/WS1B A JWT token with sufficient privileges to delete an OAuth app on VC/WS1B.	secure_string	Required
force	Force removal of NSX OIDC config By default, if cleanup of the OAuth app on VC/WS1B fails, the operation halts and the OIDC configuration for VC/WS1B on NSX is left in place. If true is passed for the force property, then the NSX OIDC configuration is removed regardless of whether the OAuth app was was successfully removed from VC/WS1B.	boolean	Default: "False"

Ws1bOidcEndpointRemovalResponse (schema)

Name	Description	Type	Notes
oauth_client_removal_succeeded	Result of OAuth client cleanup True if the OAuth client on WS1B was successfully removed.	boolean	Readonly

X509Certificate (schema)

Name	Description	Type	Notes
dsa_public_key_g	One of the DSA cryptogaphic algorithm's strength parameters, base.	string	Readonly
dsa_public_key_p	One of the DSA cryptogaphic algorithm's strength parameters, prime.	string	Readonly
dsa_public_key_q	One of the DSA cryptogaphic algorithm's strength parameters, sub-prime.	string	Readonly
dsa_public_key_y	One of the DSA cryptogaphic algorithm's strength parameters.	string	Readonly
ecdsa_curve_name	ECDSA Curve Name The Curve name for the ECDSA certificate.	string	Readonly
ecdsa_ec_field	ECDSA Elliptic Curve Finite Field Represents an elliptic curve (EC) finite field in ECDSA.	string	Readonly Enum: F2M, FP
ecdsa_ec_field_f2mks	ECDSA Elliptic Curve F2MKS The order of the middle term(s) of the reduction polynomial in elliptic curve (EC) \| characteristic 2 finite field.\| Contents of this array are copied to protect against subsequent modification in ECDSA.	array of integer	Readonly
ecdsa_ec_field_f2mm	ECDSA Elliptic Curve F2MM The first coefficient of this elliptic curve in elliptic curve (EC) \| characteristic 2 finite field for ECDSA.	integer	Readonly
ecdsa_ec_field_f2mrp	ECDSA Elliptic Curve F2MRP The value whose i-th bit corresponds to the i-th coefficient of the reduction polynomial \| in elliptic curve (EC) characteristic 2 finite field for ECDSA.	string	Readonly
ecdsa_ec_field_f2pp	ECDSA Elliptic Curve F2PP The specified prime for the elliptic curve prime finite field in ECDSA.	string	Readonly
ecdsa_pub	ECDSA Public key information The public key information in ECDSA.	string	Readonly
ecdsa_pub_key	ECDSA Public Key The public key for the EC certificate.	string	Readonly
ecdsa_public_key_a	ECDSA Elliptic Curve Public Key A The first coefficient of this elliptic curve in ECDSA.	string	Readonly
ecdsa_public_key_b	ECDSA Elliptic Curve Public Key B The second coefficient of this elliptic curve in ECDSA.	string	Readonly
ecdsa_public_key_cofactor	ECDSA Elliptic Curve Public Key Cofactor The co-factor in ECDSA.	integer	Readonly
ecdsa_public_key_generator_x	ECDSA Elliptic Curve Public Key X X co-ordinate of G (the generator which is also known as the base point) in ECDSA.	string	Readonly
ecdsa_public_key_generator_y	ECDSA Elliptic Curve Public Key Y Y co-ordinate of G (the generator which is also known as the base point) in ECDSA.	string	Readonly
ecdsa_public_key_order	ECDSA Elliptic Curve Public Key Order The order of generator G in ECDSA.	string	Readonly
ecdsa_public_key_seed	ECDSA Elliptic Curve Public Key Seed The bytes used during curve generation for later validation in ECDSA.\| Contents of this array are copied to protect against subsequent modification.	array of string	Readonly
is_ca	True if this is a CA certificate.	boolean	Required Readonly
is_valid	True if this certificate is valid.	boolean	Required Readonly
issuer	The certificate issuers complete distinguished name.	string	Required Readonly
issuer_cn	The certificate issuer's common name.	string	Readonly
not_after	The time in epoch milliseconds at which the certificate becomes invalid.	EpochMsTimestamp	Required Readonly
not_before	The time in epoch milliseconds at which the certificate becomes valid.	EpochMsTimestamp	Required Readonly
parsed_pem_encoding	PEM encoding after parsing the PEM. This is the PEM encoding after parsing out any extraneous characters, ensuring any library will accept it.	string	Readonly
public_key_algo	Public Key Algorithm Cryptographic algorithm used by the public key for data encryption.	string	Required Readonly
public_key_length	Size measured in bits of the public/private keys used in a cryptographic algorithm.	integer	Readonly
rsa_public_key_exponent	An RSA public key is made up of the modulus and the public exponent. Exponent is a power number.	string	Readonly
rsa_public_key_modulus	An RSA public key is made up of the modulus and the public exponent. Modulus is wrap around number.	string	Readonly
serial_number	Certificate's serial number.	string	Required Readonly
sha_256_thumbprint	SHA256 thumbprint, in hex The SHA256 thumbprint of the certificate, in hexadecimal notation.	string	Readonly
signature	The signature value(the raw signature bits) used for signing and validate the cert.	string	Required Readonly
signature_algorithm	The algorithm used by the Certificate Authority to sign the certificate.	string	Required Readonly
subject	The certificate owners complete distinguished name.	string	Required Readonly
subject_alt_names	Subject Alternative Names A list of Subject Alternative Names of the certificate	SubjectAltNames	Readonly
subject_cn	The certificate owner's common name.	string	Readonly
version	Certificate version (default v1).	string	Required Readonly

X509Crl (schema)

A CRL is a time-stamped list identifying revoked certificates.

Name	Description	Type	Notes
crl_entries	List of X509CrlEntry.	array of X509CrlEntry	Readonly
issuer	Issuer's distinguished name. (DN)	string	Readonly
next_update	Next update time for the CRL.	string	Readonly
version	CRL's version number either 1 or 2.	string	Readonly

X509CrlEntry (schema)

Each revoked certificate is identified in a CRL by its certificate serial number.

Name	Description	Type	Notes
revocation_date	Revocation date.	string	Readonly
serial_number	The revoked certificate's serial number.	string	Readonly